Data protection

The protection of the privacy and personal data of customers and visitors to this website is an important concern.

Personal data within the meaning of Article 4 No. 1 GDPR is any information relating to an identified or identifiable natural person – e.g.: name, address, telephone number, email address or IP address.

Data that cannot be linked to a specific individual, such as completely anonymized information, is not considered personal data.

The processing of personal data (e.g., collection, storage, use, transmission, or deletion) is carried out exclusively on the basis of legal permission or freely given consent (Art. 6 para. 1 GDPR). Personal data will be deleted as soon as the purpose of the processing ceases to exist and no legal retention obligations remain.

This privacy policy applies exclusively to the website www.cyberdoll.de. We cannot assume any responsibility for the data protection practices of external websites that may be linked to from this site. We recommend that you consult the privacy policies of those websites.

Company: Cyberdoll

Woman: Genevieve Gross

Address: Grosswaldstrasse 4F, 66126 Saarbruecken, Germany

Contact: Mobile: +49(0)178 32 047 68, Email: info@cyberdoll.de

You can reach us by phone only with a prior appointment.

Further information can be found in our legal notice .

a) Type and scope of data processing

When you access this website, certain information is automatically transmitted to the server and stored in so-called server log files. This information is technically necessary to display the website correctly and to ensure system security. The following data is collected:

- IP address of the requesting device

- Date and time of access

- Name and URL of the retrieved file

- Website from which access is made (referrer URL)

- Browser used and, if applicable, the operating system of the end device

- Name of the Internet service provider

b) Purpose of processing

The processing of this data is based on Art. 6 para. 1 lit. f GDPR to ensure a smooth connection to the website, to guarantee comfortable use, to evaluate system security and stability, and for administrative purposes.

c) Legal basis

The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR. The legitimate interest lies in the purposes mentioned above.

Unless a more specific storage period is stated within this privacy policy, we only store personal data for as long as is necessary for the respective purposes for which it was collected.

Server log files are usually automatically deleted after 7 days, unless longer storage is required to investigate security-related incidents.

As soon as the purpose of processing ceases to exist or consent is withdrawn, we delete the relevant data – unless statutory retention periods or other compelling legal reasons prevent this. In this case, the data will be deleted after these periods have expired or the legal basis for processing no longer applies.

This website uses so-called "cookies". These are small text files that are stored on the user's device via the browser.

Cookies may be technically necessary to provide basic website functions (e.g., shopping cart, language settings), or they may serve statistical, functional, or marketing purposes.

Some cookies are automatically deleted after the browser is closed (so-called session cookies), others remain on the device and allow recognition on a later visit (so-called permanent cookies).

Cookies can either originate from this website itself (first-party cookies) or be set by third-party providers (third-party cookies), for example for payment services or embedded content such as videos.

Technically necessary cookies are processed on the basis of Article 6(1)(f) GDPR. The legitimate interest lies in the error-free and secure provision of the website.

All other cookies – in particular those for analysis, tracking or marketing purposes – are set exclusively on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. Consent can be withdrawn at any time.

b) Cookie settings

You can configure your browser settings to allow, block, or automatically delete cookies at any time. Disabling cookies may prevent you from fully using certain website features.

Information on the specific cookies and services used can be found in the relevant sections of this privacy policy.

You have the right to:

- Information about the origin, recipients and purpose of your stored personal data.

- Correction of inaccurate data or deletion of your data.

- Revocation of consent given with effect for the future.

- Restriction of processing under certain conditions.

- Data portability, where applicable.

- You can lodge a complaint with the relevant supervisory authority if you believe that the processing of your data violates applicable data protection law.

Please feel free to contact us if you have any questions about your rights or the processing of your data.

To continuously improve our website for you, we analyze how it is used – anonymously and in compliance with data protection regulations. This involves the use of third-party analytics programs and services.

You can find all the details below in our privacy policy.

Our website is powered by Shopify – a professional e-commerce platform based in Ireland: Shopify International Ltd., Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.

When you visit our site, Shopify automatically collects some technical information, e.g.:

- your IP address

- the browser and device type you are using

- which pages you look at and how long you stay

If you order something from us, Shopify also stores:

- your name, email address and phone number

- Billing and delivery address

- Payment information and order details

This information helps to process your purchase safely and smoothly – and to continuously improve the site. Shopify also uses cookies (small files in your browser) for this purpose, which, for example, anonymously analyze your user behavior.

Data processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure, user-friendly website).

If you have given your consent, it is based on Article 6 Paragraph 1 Letter a GDPR in conjunction with Section 25 Paragraph 1 TDDDG – for example, when cookies or tracking technologies are used. You can withdraw your consent at any time.

Important:

We have a contract with Shopify that ensures your data is processed only according to our specifications and in compliance with the GDPR.

You can find more information directly from Shopify here: https://www.shopify.de/legal/datenschutz

If you have given us permission to use certain personal data (e.g., for newsletters), you can revoke this consent at any time – without giving reasons. The revocation takes effect from the moment you declare it – processing that has already taken place remains lawful.

In some cases, we process your data based on a "legitimate interest" (e.g., for website security or to improve our services). If you do not agree to this, you can object, especially if you have personal reasons that justify your objection.

We then carefully examine whether your interests outweigh ours – and adjust our processing accordingly.

If you receive advertising from us (e.g., by email or post), you can object to this at any time. You can also object to data-based analysis for advertising purposes. After your objection, you will no longer receive any further advertising messages from us – it's that simple.

You have the right at any time:

- to find out what personal data we have stored about you, where it comes from, to whom it is transmitted and what it is used for,

- to have incorrect data corrected,

- to have your data deleted – if there are no legal obligations to the contrary,

- to receive your data in a common, machine-readable format or – if technically possible – to have it transferred directly to another provider.

If you have any questions or concerns regarding your data: Feel free to contact us at any time.

You have the right, in certain cases, to request that we restrict the processing of your personal data. This means that we will continue to store the data, but will no longer actively use it.

You can do this in the following situations, for example:

- If you believe that the data we have stored is incorrect, processing may be restricted for the period during which we investigate this.

- If your data has been processed unlawfully, but you do not want it deleted.

- If we no longer need your data, but you still need it for legal claims.

- If you have objected pursuant to Article 21(1) GDPR, and it is still being examined whose interests prevail.

As long as the restriction is active, your data may only be processed in exceptional cases – for example with your consent or to protect important rights.

Protecting your data is our highest priority. That's why we use SSL encryption on our website to secure your personal information during transmission – for example, when you fill out a contact form or place an order.

SSL (Secure Sockets Layer) ensures that all data exchanged between your browser and our server is transmitted in encrypted form. This means that unauthorized third parties cannot easily read or manipulate this information.

You can recognize an encrypted connection by the fact that "https://" appears in your browser's address bar instead of "http://" – often accompanied by a small padlock icon. This shows you that your connection to our website is secure.

By using SSL, we ensure that your data not only remains confidential but is also protected from unauthorized access – whether it is contact details, payment information or other personal information.

When you visit our website, certain technical data is automatically collected by our hosting provider and stored in so-called server log files. Your browser transmits this information automatically – this includes, among other things:

- the browser used and its version

- your device's operating system

- the website from which you came to us (referrer URL)

- the name of your internet provider or the hostname of the accessing computer

- Time of page request

- your IP address

This data is used solely for technical monitoring and to ensure stable and secure website operation. It is not combined with other data or used for marketing purposes.

The legal basis for this data collection is Article 6(1)(f) GDPR. Our legitimate interest lies in the reliable provision, optimization, and security of our website.

When you contact us via the contact form, we store the data you enter – such as your name, email address, and message – in order to answer your inquiry and to be able to access it again if necessary for follow-up questions. Of course, this data will not be shared with third parties without your explicit consent.

Depending on the content of your request, your data will be processed either:

- on the basis of Art. 6 para. 1 lit. b GDPR, if it concerns an existing contractual relationship or pre-contractual measures,

- or based on our legitimate interest in responding to you quickly and reliably (Art. 6 para. 1 lit. f GDPR),

- or – if you have expressly consented – on the basis of Article 6(1)(a) GDPR. You can withdraw this consent at any time.

Your data will remain stored with us until the purpose for which it was stored no longer applies (e.g., after your request has been processed), you request its deletion, or you withdraw your consent. Statutory retention obligations remain unaffected.

When you contact us by email, phone or SMS, we store and process the personal data transmitted – such as your name, phone number, email address and the content of your message – solely for the purpose of handling your request.

Your data will be processed on the basis of Article 6(1)(b) GDPR if your request relates to an existing contract or a pre-contractual inquiry. In all other cases, we rely on our legitimate interest in fast and uncomplicated communication (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), provided you have given it to us. You can withdraw your consent at any time.

Your data will only be stored for as long as it is necessary to process your request or as required by law. Afterwards, it will be deleted. It will not be shared with third parties unless you have expressly consented to this.

When you use Instagram tools on our website, we collect data that is forwarded to Meta Platforms Ireland Limited (Facebook/Instagram). We are jointly responsible with Meta for this data processing – but only for collecting and forwarding the data. What Meta does with the data after that is entirely up to them.

We ensure that Instagram is integrated into our site in compliance with data protection regulations and will inform you accordingly. Meta itself is responsible for the security of the Instagram and Facebook services.

If you would like information about your data on Instagram or Facebook, or if you wish to exercise your rights, you can contact Meta directly or contact us – we will forward your request.

Your data will be transferred to the USA based on the EU Commission's standard contractual clauses. These clauses guarantee an adequate level of data protection during the data transfer. You can find further details here:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://privacycenter.instagram.com/policy/

https://de-de.facebook.com/help/566994660333381

Furthermore, Meta is certified under the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA ensures that European data protection standards are also upheld when processing data in the USA. With DPF certification, Meta commits to complying with these standards. You can find more information about the certification here:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Additional information about Instagram's data protection practices is available in their privacy policy.

If you decide to subscribe to our newsletter later, we will need a valid email address from you. We also need to verify that you are indeed the owner of this address and that you consent to receiving the newsletter. We only collect further information if you provide it voluntarily. We use your data exclusively to send you the newsletter – it will not be shared with third parties.

Your data will only be processed with your explicit consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time, for example via the "Unsubscribe" link in every newsletter. Data processing that has already taken place remains unaffected.

The data we store for the newsletter will remain with us (or our newsletter provider) until you unsubscribe or the purpose for receiving the newsletter no longer applies. After that, we will delete your data from the mailing list. We reserve the right to block or delete email addresses based on legitimate interest (Art. 6 para. 1 lit. f GDPR) if necessary.

Data that you have given us for other purposes will remain unaffected.

After you unsubscribe, we may store your email address on a blacklist to ensure you no longer receive newsletters. This data is used solely for this purpose and is not combined with other information. Storing your data serves both your protection and our legitimate interest in complying with legal regulations regarding newsletter distribution. Your data will be stored on the blacklist indefinitely, but you can object to this if your interests outweigh our legitimate interest.

When you place an order with us, we only share your personal data with partners who are necessary for delivery or payment processing. This includes, for example, the shipping company and the payment service provider. They only receive the information they need to fulfill their order.

The basis for this is Art. 6 para. 1 lit. b GDPR, which permits data processing for the performance of a contract or pre-contractual measures.

If you give us your consent (Art. 6 para. 1 lit. a GDPR), we will also transmit your email address to the shipping company. This allows you to be informed about the current shipping status of your order via email. You can withdraw this consent at any time.

On our website, we use third-party payment services to ensure a secure and seamless payment process. When you make a purchase with us, the respective payment service provider processes your payment data – such as name, amount, account details, or credit card number – solely for the purpose of payment processing.

The data protection and contractual provisions of the respective providers apply. Your data is processed on the basis of Article 6(1)(b) GDPR (contractual necessity) and our legitimate interest in a convenient and secure payment process (Article 6(1)(f) GDPR). If separate consent from you is required for individual steps, the processing is based on Article 6(1)(a) GDPR – you can withdraw this consent at any time.

We currently use the following payment service providers:

PayPal

The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. You can find details here:

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full .

You can find more information in PayPal's privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Apple Pay

The payment service provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple's privacy policy can be found here: https://www.apple.com/legal/privacy/de-ww/ .

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options, such as installment payments. If you choose to pay via Klarna (Klarna Checkout solution), Klarna collects various personal data from you. Klarna also uses cookies to optimize the use of the checkout solution. You can find details about the use of Klarna cookies here:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf .

Further information on data protection at Klarna can be found in the Klarna privacy policy: https://www.klarna.com/de/datenschutz/ .

Shopify Payment

The provider of this payment service within the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify Payment”).

Details regarding data protection can be found in the Shopify Payment privacy policy:

https://www.shopify.de/legal/datenschutz .

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).

Mastercard may transfer your data to its parent company in the USA. This data transfer is based on Mastercard's Binding Corporate Rules, which ensure adequate data protection. You can find more information here:

https://www.mastercard.de/de-de/datenschutz.html https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf .

Visa

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).

Great Britain is considered a safe third country in terms of data protection, meaning that it has a level of data protection equivalent to that of the European Union.

VISA may also transfer your data to its parent company in the USA. This data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. You can find more details here:

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html .

You can find more information in VISA's privacy policy:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html .

To best protect your payment details, the transmission is carried out via secure SSL encryption. This protects your data from unauthorized access.

Bank Transfer (Prepayment)

You transfer the amount to our bank account after placing your order.  
You’ll automatically receive our banking details via email.  
As soon as we receive your payment, we will forward the order to our manufacturer within 48 hours.  

Shipping will begin once your Cyberdoll is produced and ready for dispatch.  
This payment method is only available in: Germany & Austria.

Google Pay

Anbieter des Zahlungsdienstes ist Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Wenn du Google Pay nutzt, verarbeitet Google deine Zahlungsinformationen. Weitere Informationen findest du in der Datenschutzerklärung von Google:  
https://www.policies.google.com/privacy?hl=de .

American Express

Anbieter ist American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. Bei Zahlung mit American Express werden deine Zahlungsdaten direkt an American Express übermittelt. Weitere Informationen findest du in der Datenschutzerklärung von American Express:  
https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html .

We reserve the right to amend this privacy policy from time to time – for example, if legal requirements change or our services are expanded. You can always find the current version here on our website. So please check back regularly to stay up to date.

To protect minors and comply with legal requirements, age verification is required to access certain sensitive content and images on www.cyberdoll.de.

Procedure & processing instructions:
Age verification is performed by entering your date of birth. After successful entry, a unique activation code will be displayed, which must be entered to unlock all sensitive content. The code is valid for 24 hours or until the browser's cookies are deleted. No manual verification or additional data collection takes place. No personal data is stored or shared.

Legal basis:
The processing is carried out in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with § 4 para. 2 JMStV.

Data protection & deletion:
Since no personal data is stored, there is no separate obligation to delete it pursuant to Art. 17 GDPR.

By submitting the verification data, customers expressly agree to the described procedure and the associated data processing.