Data protection

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Grzegorz Rabiega, babyhafen, Rathausstr. 8, 12105 Berlin, Germany, E-mail: info@babyhafen.de. The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When merely using our website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. No disclosure or other use of the data takes place. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service allows us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing takes place to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is processed by individual cookies used by us, the processing is carried out either in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contact

5.1 eKomi

For review reminders, we use the services of the following provider: eKomi Ltd., Markgrafenstraße 11, 10969 Berlin, Germany

Exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, we transmit your e-mail address and, if applicable, other customer data to the provider so that they can contact you with a review reminder via e-mail.

You can revoke your consent at any time with effect for the future, either to us or to the provider.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

5.2 When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of using a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.

The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that no legal retention obligations conflict with this.

6) Web Analytics Services

6.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are stored as small text modules on your device and collect certain information. The scope of this information also includes your IP address, which Google shortens by the last digits to exclude direct personal identification.

The information is transmitted to Google servers and processed there. Transfers to Google LLC based in the USA are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. The data collected within the scope of using Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic Characteristics
Google Analytics 4 uses the special feature "demographic characteristics" and can create statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to any specific person and is deleted after storage for two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics pursuant to Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can disable the "Personalized advertising" function in your Google account settings. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website, and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

6.2 Google Tag Manager

This website uses the "Google Tag Manager", a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling, and linking them to conditions via a uniform user interface. Google Tag Manager itself does not store any information on user devices or read it out. The service also does not carry out any independent data analyses. However, when a page is accessed, your IP address is transmitted to Google via Google Tag Manager and may be stored there. A transfer to Google LLC servers in the USA is also possible.

This processing is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the Google Tag Manager will not be used during your visit to the site. You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

6.3 Microsoft Clarity

This website uses the web analysis service of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

With the help of cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading out end device and browser information), the service collects and stores pseudonymized visitor data, including information about the end device used such as the IP address and browser information, to evaluate it for statistical analyses of user behavior on our website and to create pseudonymized usage profiles. Among other things, this allows for the evaluation of movement patterns (so-called heatmaps) which show the duration of page visits and interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization generally excludes direct personal identifiability. A merging with otherwise collected clear data about you does not take place.

All processing described above, in particular the reading or storing of information on the end device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

6.4 PayPal Marketing Solutions

This website uses the web analytics service of the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

7) Site Functionality

7.1 Google Maps

This website uses an online map service from the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive (country) maps to visually present geographical information. By using this service, our location is displayed to you and any journey is facilitated.

As soon as you access the subpages that integrate the Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored on Google servers. This may also involve a transfer to Google LLC. servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data is directly associated with your account. If you do not wish for your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them.

The collection, storage, and evaluation are carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on Google's legitimate interest in displaying personalized advertising, market research, and/or designing Google websites to meet needs. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by turning off JavaScript in your browser. Google Maps and thus the map display on this website can then no longer be used.

To the extent legally required, we have obtained your consent for the aforementioned processing of your data in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future. To exercise your revocation, please follow the aforementioned possibility of objection.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

Further information on Google's data protection can be found here: https://business.safety.google/intl/de/privacy/

7.2 Google reCAPTCHA

On this website, we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA. For the visual design of the Captcha window, the provider uses "Google Fonts," i.e., fonts loaded from the internet by Google. No further information beyond that already transferred to Google via the reCAPTCHA functionality is processed in this context.

The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to the provider's servers for evaluation.

The legal basis is our legitimate interest in establishing individual accountability on the Internet and preventing abuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

7.3 Google Customer Reviews (formerly Google Certified Shops program)

We cooperate with Google within the framework of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program allows us to collect customer reviews from users of our website. After a purchase on our website, you will be asked if you would like to participate in an email survey from Google.

If you give your consent in accordance with Art. 6 Para. 1 lit. a GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The rating you submit will then be summarized with our other ratings and displayed in our Google Customer Reviews badge and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. In the course of using Google Customer Reviews, personal data may also be transferred to the servers of Google LLC. in the USA.

You can revoke your consent at any time by sending a message to the data controller or to Google.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

8) Rights of the data subject

8.1 The applicable data protection law grants you, in relation to the controller, the following data subject rights (rights of information and intervention) regarding the processing of your personal data, whereby the legal basis referred to is for the respective exercise conditions:

Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw granted consents according to Art. 7 Para. 3 GDPR;
Right to lodge a complaint according to Art. 77 GDPR.

8.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

9) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data based on an explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiry of the retention periods, provided they are no longer necessary for contract fulfillment or contract initiation and/or there is no longer a legitimate interest on our part in continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information of this declaration about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Status: 17.11.2025, 20:48:49

Item added to your cart

Data protection

1) Introduction and Contact Details of the Controller

2) Data Collection When Visiting Our Website

3) Hosting & Content Delivery Network

4) Cookies

5) Contact

6) Web Analytics Services

7) Site Functionality

8) Rights of the data subject

9) Duration of storage of personal data

Language

Country/region

Language

Data protection

1) Introduction and Contact Details of the Controller

2) Data Collection When Visiting Our Website

3) Hosting & Content Delivery Network

4) Cookies

5) Contact

6) Web Analytics Services

7) Site Functionality

8) Rights of the data subject

9) Duration of storage of personal data

Language