Privacy policy

Privacy policy

The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

L'ERMITE OÜ

Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia

Phone: +383 437 584 87

E-mail: info@l-ermite.com

Status: 29.08.2025

1) Data collection when visiting our website

During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2) Cookies and hosting

Shopify

For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc.

All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

In the case of a data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In part, the cookies serve to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer:https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https:
//help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

3) Contacting

When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. Legal basis for the processing of this data the processing Art. 6 para. 1 lit. b GDPR (necessary for the implementation of pre-contractual measures). Your data will be deleted 3 years after final processing of your request.

4) Data processing for contract execution

Contract processing

Pursuant to Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the performance of a contract. Which data is collected can be seen from the respective order form. We store and use the data provided by you for the execution of the contract. After complete execution of the contract or deletion of your customer account, your data will be deleted with regard to tax and commercial retention periods (currently 7 years).

5) Use of your data for direct marketing

5.1 Subscription to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will send you information about our offers on a regular basis. Mandatory information for sending the newsletter is only your e-mail address.

With the registration you give us your consent for the use of your personal data according to Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending us a corresponding message. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately.

5.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you e-mail offers for similar goods or services to those you have already purchased from our range. In accordance with § 174 TKG, we do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR and § 174 TKG. If you have initially objected to the use of your e-mail address for this purpose, no e-mails will be sent by us. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying us.

5.3 MailerLite

Our e-mail newsletters are sent via this provider: UAB "MailerLite", J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when registering for the newsletter to this provider in accordance with Art. 6 Para. 1 lit. f GDPR so that they can take over the newsletter dispatch on our behalf.

Subject to your express consent pursuant to Art. 6 (1) lit. a GDPR, the provider also conducts a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In the process, end device information (e.g. time of call, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded an order processing contract with the provider.

6) Data processing for order processing

6.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

In order to process your order, we also work together with the following service provider(s), which support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

6.2 Austrian Post

We use the following provider as our transport service provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Wien, Austria

Data is only passed on insofar as this is necessary for the delivery of goods.

6.3 Use of payment service providers (payment services)

Apple Pay

If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device running iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. In order to release a payment, you must enter a code previously defined by you and verify it using the "Face ID" or "Touch ID" function of your end device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Apple retains anonymized transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. The anonymization completely eliminates any reference to individuals. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay", and uncheck "Allow payments on Mac".

Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027

EPS bank transfer

One or more online payment methods from the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Wien, Austria

If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be disclosed to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

Google Pay

If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than €25, the prior unlocking of your mobile end device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify a completed payment. This transaction number does not contain any information about the real payment data of your payment means deposited in Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.

Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Google reserves the right to collect, store and analyze certain transaction-specific information for each transaction made through Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason for the transaction, and the offer associated with the transaction, if applicable.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para.1 lit. f GDPR on the basis of the legitimate interest in proper billing, verification of transaction data and optimization and functional maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with further information that is collected and stored by Google when using other Google services.

The terms of use of Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
Paypal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method for which the provider makes an advance payment (such as purchase on account or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 Para. 1 lit. f GDPR. The provider checks on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Paypal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay Later" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal - PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

If you choose the PayPal payment method "purchase on account", your payment data will first be transmitted to PayPal in preparation for the payment, whereupon PayPal will forward them to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for the execution of the payment. The legal basis in each case is Art. 6 para. 1 lit. b GDPR. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency in accordance with the principle already mentioned above and passes on your payment data to credit agencies on the basis of the legitimate interest in determining solvency in accordance with Art. 6 (1) lit. f GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using the payment method of a local third party provider, your payment data will first be forwarded to PayPal for the preparation of the payment in accordance with Art. 6 (1) lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider in order to carry out the payment in accordance with Art. 6 (1) lit. b GDPR: -
Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Wien, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For more privacy information, please see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Shopify Payments

One or more online payment methods are available on this website from the following provider: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

7) Rights of the data subject

7 .1 The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

Right to information pursuant to Art. 15 GDPR: You have in particular the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period. the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 GDPR when your data is transferred to third countries;
Right to rectification pursuant to Art. 16 GDPR: You have a right to the immediate rectification of any incorrect data relating to you and/or completion of any incomplete data stored by us;
Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you require your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
Right to information pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
Right to revoke consent given in accordance with Art. 7 (3) GDPR: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in Austria the data protection authority

7.2 Right of objection

If your personal data is processed due to our overriding interest, you have the right to object to this processing at any time with effect for the future. However, we reserve the right to further processing if there are compelling reasons for further processing.

8) Duration of the storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under company and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a GDPR, this data is stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfillment of the contract or the initiation of the contract and/or there is no continued legitimate interest on our part in the continued storage.

When processing personal data for the purpose of direct marketing based on Art. 6 (1) lit. f GDPR, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

0 Products

Your cart is empty

Privacy policy

1) Data collection when visiting our website

2) Cookies and hosting

6) Data processing for order processing

8) Duration of the storage of personal data