Privacy Policy


1. Your personal data within the meaning of Art. 4 No. 1 GDPR (eg title, name, address, e-mail address,payment information ) shall only be processed by us in accordance with the provisions of German data protection law and in consideration of the European General Data Protection Regulation (GDPR ) processed. The following regulations inform you about the nature, scope and purpose of the collection, processing and use of personal data.

2. The processing within the meaning of Art. 4 No. 2 GDPR of personal data is legal according to Art. 6 GDPR, if one of the following conditions exists:

a) the data subject has given his consent to the processing of personal data concerning him for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of any pre-contractual action taken at the request of the data subject;

c) the processing is necessary to fulfill a legal obligation to which the controller is subject;

d) the processing is necessary to protect the vital interests of the data subject or any other natural person;

e) the processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority delegated to the controller;

f) the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail, in particular where the person concerned is a child.

3. The processing of special personal data (eg health data) within the meaning of Article 9 (1) of the GDPR is, in particular, lawful under Article 9 (2) of the GDPR if one of the following conditions applies :

- there is an express consent of the person;

– the processing is necessary for the assertion, exercise or defense of legal claims or for acts of the courts in the context of their judicial activity.

4. An automatic decision-making or profiling of personal data in the sense of Art. 22 GDPR does not take place.

5. The operator ensures the security of the data in accordance with Art. 32 GDPR by taking appropriate technical measures, taking into account the proportionality principle .

6. In the unlikely event that data protection is breached, the competent supervisory authority will be notified in accordance with Art. 33 GDPR and the data subject in accordance with Art. 34 GDPR.


This Privacy Policy applies only to our websites. If you are forwarded to other pages via links on our pages, please inform yourself there about the respective handling of your data.

Duration of data storage

The period of retention of the transferred data depends on the legal retention requirements. As far as commercial and tax retention periods are to be observed, the duration of the storage of certain data can be up to 10 years.

Transfer of data to third parties

A passing of information provided within the framework of the contract data and third parties (Art. 4 no. 10 GDPR), takes place only if you expressly have declared your consent (Art. 4 no. 11 GDPR) or it is required to fulfill the contract. The consent can be withdrawn informally at any time. Data collected by visiting the website are only collected by third parties, which are expressly mentioned below.

Responsible for the purposes of GDPR

The person responsible within the meaning of the General Data Protection Regulation (GDPR), as well as other data protection laws in the European Union and other provisions of a data protection nature is:

Luisa Schindler
Benesisstraße 29
50672 Cologne (Germany)

Email: office@ohhluilu.com

Service-Tel.: +49 (0) 221 / 801 886 09


We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (PC, laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. In the cookie information is stored each result in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page.

In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

These cookies allow us to automatically recognize that you have already been with us when you visit our site again. They are automatically deleted after a defined time. The data processed by cookies are the purposes mentioned in order to safeguard our legitimate interests as well as third parties pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO required. Most browsers accept cookies automatically. However, you can configure your browser to have no cookies stored on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.

Storage of access data in log files

You can visit our websites without giving any personal information.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser Type / Browser Version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request

These data can not be assigned to specific persons. There is no merge of this data with other data sources. We reserve the right to check this data retrospectively, if we become aware of specific indications for illigal use.

The purpose of the processing results from our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR.

An order processing contract has been signed with our hoster.


When using the function „Add to wishlist" the selected product will be saved in a wishlist. The wishlist only works if you are registered and logged in. Products can be removed from the list at any time in your account.

Registration / Login

To use some features, registration is required. The login data is stored encrypted on the server. A passing on to third does not take place, if this is not necessary for the execution of the contractual relationship. The data can be changed or deleted at any time. After deleting the data, the service can no longer be offered to you, unless you register again.

In addition to the data entered by you, the IP address as well as the date and time information of the login will be saved. The storage of IP data serves the prevention of misuse and the investigation of criminal offenses.

Google Webfonts

On these web pages external fonts, Google fonts are used. Google Fonts is a service of Google Inc. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. This will be transmitted to the server, which of our websites you have visited. Also, the IP address of the browser of the terminal of the visitor of this website is stored by Google.

The lawfulness of the use results from Art. 6 para. 1 sentence 1 lit. f) GDPR

For more information, see the Google Privacy Policy, which you can access here:



Font Awesome

This site uses so-called web fonts provided by Fonticons Inc. for consistent font representation . When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to the servers of Fonticons , Inc. or the provider Stackpath record, tape. This will give Fonticons , Inc. notice that our website has been accessed through your IP address. The use of web fonts is in the interest of a uniform and attractive presentation of our online offers.This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

If your browser does not support web fonts, a default font will be used by your computer.

More information about Font Awesome can be found at https://fontawesome.com/help and in the Fonticons , Inc. Privacy Policy :https://fontawesome.com/privacy.

An order processing contract has been signed.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software; However, please note that in this case you may not be able to use all the features of this website to the full extent.

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in available under the following link Download and install:http://tools.google.com/dlpage/gaoptout?hl=de .

An order processing contract has been signed with Google Inc.

Share Button - function

When using the share buttons for sharing content via the platforms Facebook and Instagram , an external page is called up. We do not collect any information from you when using these features. Also, no data will be transmitted to the social networks when you visit one of our pages, on which such a share button is maintained. In order to share a content, you must register with the respective provider. When calling the respective platform via the button, the respective platform is responsible for the privacy policy. Please read this through. These are generally available under "Privacy" or comparable on the respective page of the provider.


For payment via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" as well as installment payment via Paypal, we will transfer your payment information to PayPal (Europe) S.à as part of the payment process rl . et Cie , SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves itself for the payment methods credit card over PayPal, direct debit via PayPal or "purchase on account" via PayPal as well as the installment payment over Paypal the execution of a credit report. The result of the credit check on the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values (so-called score values). Insofar as score values are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, address data.

For further data protection information, among other things to the used credit reference agencies, please refer to the privacy policy of PayPal:https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Sofortüberweisung / Klarna

If you use "Sofortüberweisung" as a payment method, your access data for your online banking account (log-in and PIN) as well as your account data (BIC and IBAN) will be provided by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden collected and processed.

You can find out more about the data protection of the provider here:



On this website, the controller has integrated Klarna components. Klarna is an online payment service provider, which allows purchases on an account or a flexible installment payment. Klarna also offers other services, such as buyer protection and identity or creditworthiness checks. The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. If the data subject selects the "purchase on account" or "installment purchase" during the ordering process in our online shop as a payment option, the data of the data subject is automatically transmitted to Klarna.

By selecting one of these payment options, the data subject agrees to this transmission of personal data required for the processing of the invoice or installment purchase, or identity and creditworthiness checks. The personal data transmitted to Klarna is usually first name, surname, address, date of birth, sex, email address, IP address, telephone number, mobile phone number, as well as other data necessary for the processing of an invoice or installment purchase. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. In particular, the exchange of payment information such as bank details, card number, date of validity and CVC code, cumulative number, item number, data on goods and services, prices and taxes, information on the previous purchase behavior or other details of the financial situation of the data subject. The purpose of the transmission of the data is, in particular, the identification check, payment administration, andfraud prevention.

The controller shall provide Klarna with personal data, in particular, if a legitimate interest in the transmission exists. The personal data exchanged between Klarna and the data subject for the data processing shall be transmitted by Klarna to economic agencies. This transmission is intended for identity and creditworthiness checks. Klarna shall also pass on the personal data to affiliates (Klarna Group) and service providers or subcontractors as far as this is necessary to fulfill contractual obligations or to process the data in the order. Klarna collects and uses data and information on the previous payment behavior of the data subject as well as probability values for their behavior in the future (so-called scoring) in order to decide on the reasoning, implementation or termination of a contractual relationship.

The calculation of scoring is carried out on the basis of scientifically-recognized mathematical-statistical methods. The data subject is able to revoke the consent to the handling of personal data at any time from Klarna. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing. The applicable data protection provisions of Klarna may be retrieved under https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

Payment with credit card

When paying by credit card, you agree that your data will be transferred to the credit company (Visa, Master Card, American Express). It is pointed out that the respective credit company can obtain a credit rating from you. We have no influence on that. The collection of data is justified for the implementation of the contract according to Art. 6 GDPR.


Order processing takes place via the service provider "Billbee" (Billbee GmbH, Paulinenstrasse 54, 32756 Detmold). Name, address and, if applicable, further personal data will be provided in accordance with Art. 6 para. 1 lit. b DSGVO exclusively forwarded to Billbee for processing the online order. The transfer of your data takes place only insofar as this is actually necessary for the processing of the order.

Details on data protection at Billbee and the privacy policy are available at the following link:



We offer you the opportunity to subscribe to our newsletter. With this newsletter we inform you regularly about our offers. To receive our newsletter you need a valid e-mail address. We will check the e-mail address you entered to verify that you are the owner of the specified e-mail address or whose owner is authorized to receive the newsletter. By registering for our newsletter, we will save your IP address and the date and time of your registration. This is in the event, that a third party abuses your e-mail address and subscribes to our newsletter without your knowledge, as a hedge on our part. Further data will not be collected on our part. The data collected in this way will be used exclusively to obtain our newsletter. A passing on to third does not take place. A comparison of the data collected with data, which may be collected by other components of our site, is also not done. You can cancel the subscription to this newsletter at any time. Details can be found in the confirmation e-mail as well as in each individual newsletter.

Contact form

By using the contact form offered on these pages, we will transmit and store the information you have provided and attached files for the purpose of responding to your request. There is no disclosure of data to third parties.

The processing of the data entered in the contact form is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Security of your data / SSL encryption

In accordance with the statutory provisions of § 13 (7) TMG, this site uses SSL encryption, which can be recognized by a lock symbol in the address bar of your browser. Submitted data can not be read by third parties, if SSL encryption is activated.

In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we'll use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed representation of the key or lock symbol in the status bar of your browser.

We also take appropriate technical and organizational security measures (TOM) to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Rights of the user

You can request information about the personal data stored about you at any time and free of charge. Your rights also include the acknowledgment, correction, limitation, blocking and deletion of such data and the provision of a copy of the data in a form suitable for transmission, as well as the revocation of consent granted and the objection. Legal storage obligations remain unaffected .

Their rights arise in particular from the following standards of the GDPR :

Article 7 (3) - Right to revoke a data protection consent
Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject
Article 13 - Duty to provide information when collecting personal data from the data subject
Article 14 - Duty to provide information if the personal data have not been collected from the data subject
Article 15 - Right to information of the data subject, right to confirm and provide a copy of the personal data
Article 16 - Right to rectification
Article 17 - Right to cancellation ("Right to be forgotten")
Article 18 - Right to restriction of processing
Article 19 - Obligation to provide information in connection with the rectification or erasure of personal data or the restriction of processing
Article 20 - Right to data portability
Article 21 - Right of opposition
Article 22 - Right notto be subject to a decision based solely on automated processing, including profiling
Article 77 - Right to complain to a supervisory authority
For exercising your rights (with the exception of Art. 77 GDPR), please contact the office named under the item " Persons responsible for the purposes of the GDPR" (eg by e-mail to: office@ohhluilu.com).

Supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit NRW

Kavalleriestr. 2-4

40213 Düsseldorf

Telephone: 0211 / 38424-0

Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

Homepage: https://www.ldi.nrw.de

(It is asked to check the homepage before contacting if the data mentioned above is still up-to-date)