Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

en blanc e.K.
Michael-Herr-Str. 13
72555 Metzingen
Germany
info@enblanc.com
https://enblanc.com/

General Information on Data Processing

On this page, we inform you about the processing of your personal data on our website.

How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data if we have a legitimate purpose and a valid legal basis for doing so.

1. General Information and Mandatory Disclosures

Data Protection

The protection of personal data is of particular importance to the operators of this website. Personal data is processed confidentially and in accordance with applicable data protection regulations and this privacy policy.

When using this website, various types of personal data are collected. Personal data refers to information that can be used to identify an individual. This privacy policy explains which data is collected, for what purpose it is processed, and how this processing takes place.

Please note that data transmission over the internet (e.g. communication by email) may involve security vulnerabilities. Complete protection of data against access by third parties cannot be guaranteed.

2. Legal Bases for Data Processing

We process personal data exclusively on the basis of one of the following legal grounds:

  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – Legal obligation
  • Art. 6(1)(f) GDPR – Legitimate interest

Our legitimate interest lies in particular in the secure, economical, and user-friendly provision of our website.

3. Your Rights as a Data Subject

You have the right at any time to:

  • obtain information about your stored personal data (Art. 15 GDPR)
  • request correction of inaccurate or incomplete data (Art. 16 GDPR)
  • request deletion of your data (Art. 17 GDPR)
  • request restriction of processing (Art. 18 GDPR)
  • request data portability (Art. 20 GDPR)
  • object to the processing of your data (Art. 21 GDPR)
  • withdraw consent at any time
  • lodge a complaint with a data protection supervisory authority

4. Data Collection When Visiting Our Website

When you access our website, the following data is automatically collected:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing device

This data is required in order to ensure proper display of the website, guarantee system security, and detect misuse or attacks. This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR.

5. Hosting und Content Delivery Networks (CDN)

Our website is hosted by an external service provider, Shopify. The hosting provider processes personal data only on our instructions and within the scope of data processing in accordance with Art. 28 GDPR.

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about your device and browser. Shopify also analyzes visitor numbers, traffic sources, customer behavior, and generates user statistics.

If you make a purchase on our website, Shopify additionally collects your name, email address, billing and shipping addresses, payment data, and other information related to the purchase (e.g. telephone number, order value). Shopify stores cookies in your browser for analysis purposes.

For details, please refer to Shopify’s privacy policy: https://www.shopify.com/legal/privacy

Shopify is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website. Where consent is required, processing is based exclusively on Art. 6(1)(a) GDPR and Section 25(1) TTDSG. Consent may be revoked at any time.

6. Cookies and Consent Management

Our website uses so-called cookies. Cookies are small text files that are stored on your device and do not cause any harm. Cookies may either be stored for the duration of a session (session cookies) or remain on your device for a longer period of time (persistent cookies). Session cookies are automatically deleted once you leave the website. Persistent cookies remain stored until they are deleted by you or automatically removed by your browser.

Cookies may be set either by us (first-party cookies) or by external service providers (third-party cookies). The latter enable, for example, the integration of certain functions or services provided by third parties, such as payment processing.

Cookies serve different purposes. Some cookies are technically necessary, as certain website functions cannot be provided without them, such as the shopping cart or the display of content. Other cookies are used to analyze user behavior or for marketing and advertising purposes.

Cookies that are required for electronic communication, for providing expressly requested functions, or for the technical optimization of the website (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in using these cookies to ensure the technically flawless and user-friendly provision of the website. Where consent is required for certain cookies, processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). Any consent granted may be withdrawn at any time.

You can configure your browser settings to inform you about the use of cookies, allow cookies only in individual cases, reject certain cookies, or generally disable the acceptance of cookies. You may also set your browser to automatically delete cookies when closing it. Please note that restricting or disabling cookies may impair the functionality of this website.

The en blanc website uses cookies to track which items you have added to your cart or whether you have abandoned your cart. Based on this information, it is determined when you will receive a text message reminder about your cart. 

The information above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.


Details on the cookies and services used on our website can be found in the relevant sections of this privacy policy.

CookieFirst

Our website uses CookieFirst to obtain your consent for the storage of certain cookies on your device or for the use of specific technologies and to document this consent in compliance with data protection regulations. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter referred to as “CookieFirst”).

When you access our website, a connection is established to CookieFirst’s servers in order to obtain your consent and other declarations regarding the use of cookies. CookieFirst then stores a cookie in your browser to associate the consents granted or withdrawn with you. In this process, the IP address (anonymized), the user agent of the browser and operating system, as well as the URL from which consent was granted are processed and stored within CookieFirst. The data collected in this way is stored until you request its deletion, delete the CookieFirst cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.

CookieFirst transfers personal data to third-party providers. These include content delivery networks (CDNs) located in Slovenia, IP geolocation services in Romania, and hosting services provided by OHV in Germany and France. CookieFirst is headquartered in Amsterdam, Netherlands.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this processing is Art. 6(1), sentence 1, lit. c GDPR.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Consent to the Use of Cookies

In order for our website to function properly, we use cookies. To obtain and properly document your valid consent to the use and storage of cookies in the browser you use to access our website, we use a consent management platform called CookieFirst. This technology is provided by Digital Data Solutions B.V., Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter referred to as “CookieFirst”). Website: https://cookiefirst.com.

When you access our website, a connection is established to CookieFirst’s servers to enable us to obtain your valid consent for the use of certain cookies. CookieFirst then stores a cookie in your browser in order to activate only those cookies to which you have consented and to properly document your consent. The processed data is stored until the specified retention period expires or until you request deletion of the data. Deviating from this, statutory retention obligations may apply.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this processing is Article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data Processing Contract

We have concluded a data processing contract with CookieFirst. This is a data protection–legally required agreement that ensures that the personal data of our website visitors is processed solely in accordance with our instructions and in compliance with the GDPR.

Server Log Files

Our website and CookieFirst automatically collect and store information in so-called server log files, which are automatically transmitted to us by your browser. The following data is collected:

  • Your consent status or the withdrawal of your consent
  • Your anonymized IP address
  • Information about your browser
  • Information about your device
  • The date and time of your visit to our website
  • The URL of the website on which you saved or updated your consent preferences
  • The approximate location of the user who saved their consent preferences
  • A universally unique identifier (UUID) of the website visitor who interacted with the cookie banner

Last updated: April 1, 2026, 15:52

What Are Cookies?

Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identifier. When you visit a website or use a mobile application, a computer requests permission from your computer or mobile device to store this file on your device and to access information. Information collected through cookies and similar technologies may include the date and time of the visit as well as the way in which you use a particular website or mobile application.

Why Do We Use Cookies?

Cookies ensure that you remain logged in during your visit to our online shop, that all items in your shopping cart are retained, that you can shop securely, and that the website continues to function smoothly. Cookies also enable us to understand how our website is used and how we can improve it. In addition, depending on your preferences, our own cookies may be used to present you with targeted advertising that matches your personal interests.

What Types of Cookies Do We Use?

Necessary Cookies

These cookies are required for the proper functioning of the website. Without them, certain essential features cannot be provided. The following actions may be carried out using these cookies:

  • Storing items in a shopping cart for online purchases
  • Saving your cookie preferences for this website
  • Storing language settings
  • Logging you into our portal and verifying that you are logged in

Performance Cookies

These cookies are used to collect statistical information about the use of our website and are also referred to as analytics cookies. We use this data to improve the performance of our website and to optimize its functionality.

Functional Cookies

These cookies enable enhanced functionality for visitors to our website. They may be set either by our own website or by external service providers. The following functionalities may be enabled if you choose to accept this category:

  • Live chat services
  • Viewing online videos
  • Social media sharing buttons
  • Logging in to our website using social media

Advertising / Tracking Cookies

These cookies are set by external advertising partners and are used to create user profiles and to track users across multiple websites. If you accept these cookies, we may display our advertising on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our advertisements in order to optimize advertising campaigns.

Unclassified Cookies

These cookies are currently in the process of being classified. They will be assigned to one of the following categories: necessary, performance, functional, or advertising.

How Can I Disable or Delete Cookies?

You may choose to accept all cookies except for necessary cookies. You can adjust your browser settings to block cookies. In most browsers, instructions on how to do this can be found in the browser’s help section. However, please note that blocking cookies may prevent you from using all technical features of our website and may negatively affect your user experience.

7. Newsletter

To subscribe to our newsletter, we require your email address. In addition, we collect information necessary to verify that you are the rightful owner of the provided email address and that you have expressly consented to receiving the newsletter. Further personal data is collected only if you voluntarily provide it. The information you submit is used exclusively for sending our newsletter and is not shared with third parties.

The processing of data collected as part of the newsletter registration is carried out exclusively on the basis of your prior consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link included in each newsletter email. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.

The data stored for newsletter purposes is processed for as long as you are subscribed to the newsletter or as long as the respective processing purpose exists. After you unsubscribe, your data will be removed from the mailing list, provided that no statutory retention obligations or other legitimate reasons for continued storage apply. Within the scope of our legitimate interests, we reserve the right to block or delete email addresses (Art. 6(1)(f) GDPR).

Personal data that has been stored for purposes other than the newsletter remains unaffected by this.

After you unsubscribe, your email address may be stored by us or by the newsletter service provider we use in an internal suppression list, provided this is necessary to prevent future newsletter mailings. This storage serves this purpose exclusively and is carried out separately from other personal data. This measure is taken both in your interest and in our legitimate interest in complying with legal requirements for newsletter distribution pursuant to Art. 6(1)(f) GDPR. Storage in this suppression list is not time-limited. You may object to this storage at any time if your interests outweigh ours.

With your explicit consent, you may subscribe to our newsletter, through which we regularly inform you about current offers, products, and news. The goods and services advertised in each newsletter are part of the consent declaration.

We use the so-called double opt-in procedure for newsletter registration. After you register, we will send a confirmation email to the email address you provided, requesting you to confirm your subscription. If this confirmation is not received within 24 hours, your registration data will initially be blocked and automatically deleted after one month. In addition, we store the IP address used during registration and confirmation as well as the respective timestamps. These measures serve to document your consent and to prevent misuse of your personal data.

Only your email address is required for newsletter delivery. Additional information may be provided voluntarily to allow for more personalized communication. After successful confirmation, we store your email address for the purpose of sending the newsletter. Processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

You may withdraw your consent to receive the newsletter at any time. Withdrawal can be effected via the unsubscribe link included in each newsletter email, by sending an email to support@enblanc.com or by using the contact details provided in the legal notice.

Our newsletters are sent via the service Klaviyo, operated by Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA. In this context, the data collected during newsletter registration (e.g. email address, name, IP address, and time of registration) may also be processed on servers located in the United States. According to current case law of the Court of Justice of the European Union, the United States does not provide a level of data protection comparable to that of the European Union.

Klaviyo relies on the Standard Contractual Clauses approved by the European Commission pursuant to Art. 46(2) and (3) GDPR to safeguard the transfer and processing of personal data in third countries. These clauses obligate Klaviyo to comply with European data protection standards even when data is processed outside the EU. Further information can be found at:
Standard Contractual Clauses
Klaviyo Data Processing Agreement
Klaviyo Privacy Policy

You have the right at any time to object to the analysis of your user behavior. You may exercise this right via the corresponding link included in each newsletter email or by sending a message to support@enblanc.com. The data collected in connection with the newsletter is stored for as long as you remain subscribed to the newsletter. After you unsubscribe, the data will be stored exclusively in anonymized and statistical form.

Please note that tracking cannot take place if your email program blocks the display of images by default. In this case, the newsletter may not be displayed in full. The described tracking will only be activated once you manually enable the display of images.

8. Contact

If you contact us by email, contact form, or WhatsApp, we process the data you provide (e.g. name, email address, content of the message).

Purpose of processing:

  • Processing your inquiry
  • Communication

Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR

Contact Form

If you contact us via the contact form provided on our website, the information you submit, including your contact details, will be processed by us in order to handle your inquiry and, if necessary, to respond to follow-up questions. Your data will not be disclosed to third parties without your explicit consent.

The processing of data transmitted via the contact form is carried out in accordance with Art. 6(1)(b) GDPR if your inquiry is related to the initiation or performance of a contract. In all other cases, processing is based either on our legitimate interest in the efficient handling of incoming inquiries (Art. 6(1)(f) GDPR) or—where consent has been obtained—on your consent pursuant to Art. 6(1)(a) GDPR, which may be withdrawn at any time with effect for the future.

The data entered in the contact form will be stored by us for as long as this is necessary to process your request. Data will be deleted once you request deletion, withdraw your consent, or the purpose of data processing no longer applies, for example after your inquiry has been fully processed. Statutory retention obligations remain unaffected.

Communication via WhatsApp

For communication with customers, interested parties, and other third parties, we also use the messaging service WhatsApp. The service is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication via WhatsApp is protected by end-to-end encryption, which ensures that the content of messages cannot be accessed by WhatsApp or other unauthorized third parties. However, WhatsApp processes so-called metadata generated during the communication process (e.g. information about the sender, recipient, and time of communication).

Please note that, according to its own statements, WhatsApp shares personal data of its users with its parent company Meta Platforms Inc., which is based in the United States. Further information on data processing by WhatsApp can be found in the provider’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy

The use of WhatsApp is based on our legitimate interest in fast, direct, and efficient communication with customers, interested parties, as well as business and contractual partners (Art. 6(1)(f) GDPR). Where consent has been obtained in individual cases, processing is carried out exclusively on the basis of that consent, which may be withdrawn at any time with effect for the future.

Messages and content exchanged via WhatsApp are stored by us until you request deletion, withdraw your consent, or the purpose for storage no longer applies, for example after your request has been fully processed. Mandatory statutory retention obligations remain unaffected.

WhatsApp is certified under the EU–US Data Privacy Framework (DPF). This agreement between the European Union and the United States ensures that an adequate level of data protection is maintained for data processing activities in the United States. Further information on the certification is available at: Data Privacy Framework

We use WhatsApp in the “WhatsApp Business” version. The transfer of personal data to the United States is based on the Standard Contractual Clauses of the European Commission. Further details can be found at: https://www.whatsapp.com/legal/business-data-transfer-addendum

In addition, a data processing agreement (DPA) has been concluded with WhatsApp.

Registration on This Website

Our website offers the option to register in order to use certain additional features. The data collected during the registration process is used exclusively to provide the respective services or features for which you have registered.

All information marked as mandatory during registration must be provided in full. Otherwise, the registration process cannot be completed.

For important changes, such as functional adjustments or technically necessary updates, we use the email address provided during registration to inform you accordingly.

The processing of data collected during registration is carried out for the purpose of performing the user relationship and, where applicable, for initiating further contractual relationships (Art. 6(1)(b) GDPR). The stored registration data is retained for as long as your registration on our website remains active and is deleted thereafter. Statutory retention obligations remain unaffected.

9. Orders and Customer Account

In the course of placing an order, we process personal data such as:

  • First and last name
  • Billing and shipping address
  • Email address
  • Payment information
  • Order and shipping details

This data is required for the following purposes:

  • Processing the purchase contract
  • Delivery of goods
  • Issuing invoices

Legal basis: Art. 6(1)(b) GDPR

10. Payment Service Providers

We use external payment service providers to process payments. In this context, relevant payment data is transmitted to these providers. Possible providers include:

  • PayPal / PayPal Express
  • Klarna / Sofort
  • Apple Pay
  • Shopify Payments
  • Credit card providers (Visa, Mastercard)

Payment processing is carried out directly by the respective provider in accordance with their own privacy policies. Where data is transferred to third countries (e.g. the United States), such transfers are based on the Standard Contractual Clauses of the European Commission.

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). The transfer of data to the United States is based on the Standard Contractual Clauses of the European Commission. Further details can be found at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Additional information is available in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”). Klarna offers various payment options (e.g. installment payments). If you choose to pay using Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the Klarna Checkout solution. Details regarding the use of Klarna cookies can be found at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf. Further information can be found in Klarna’s privacy policy: https://www.klarna.com/de/datenschutz/.

Apple Pay

The provider of this payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy is available at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy is available at: https://policies.google.com/privacy.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”). Mastercard may transfer data to its parent company in the United States. Such data transfers are based on Mastercard’s Binding Corporate Rules (BCRs). Further details can be found at: https://www.mastercard.de/de-de/datenschutz.html and Mastercard BCRs.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”). The United Kingdom is considered a data protection–secure third country, meaning it provides a level of data protection equivalent to that of the European Union. VISA may transfer data to its parent company in the United States. Such transfers are based on the Standard Contractual Clauses of the European Commission. Further details can be found at: VISA Privacy Notice. Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify Payments”). Further details can be found in Shopify Payments’ privacy policy: https://www.shopify.de/legal/datenschutz.

11. Shipping Service Providers

For the delivery of your order, we transfer your name and delivery address to shipping service providers (e.g. DHL).

Purpose: Delivery of goods

Legal basis: Art. 6(1)(b) GDPR

Data Transfer Upon Contract Conclusion for Online Shops, Retailers, and Goods Shipping

In the course of placing an order in our online shop, we process personal data in order to conclude the contract, deliver the goods, and process payment. For this purpose, the necessary data is transferred to the shipping service provider responsible for delivery as well as to the payment service provider used in each case.

Only such personal data is disclosed that is strictly required to perform the respective service. Data processing is carried out on the basis of Art. 6(1)(b) GDPR, as it is necessary for the performance of a contract or for the implementation of pre-contractual measures.

If you have given us your consent in accordance with Art. 6(1)(a) GDPR, we will also provide your email address to the shipping service provider so that they can inform you about the current shipping status of your order by email. You may withdraw your consent at any time with effect for the future.

12. Social Media and External Links

Our website contains links to external platforms such as Instagram. When clicking on these links, the data protection provisions of the respective providers apply.

13. Analytics and Marketing Tools

If analytics or marketing tools (e.g. tracking pixels) are used, this will only take place with your consent.

Legal basis: Art. 6(1)(a) GDPR

14. Data Transfers to Third Countries

If personal data is processed outside the European Union (EU), this is carried out in compliance with the GDPR, in particular by using Standard Contractual Clauses approved by the European Commission.

15. Data Retention Period

Unless a different retention period is specified in this privacy policy, we store personal data only for as long as is necessary to fulfill the respective processing purposes.

If a data subject exercises their right to erasure or withdraws previously given consent, the affected data will be deleted, provided that no statutory retention obligations or other legally permissible reasons prevent deletion. In such cases, deletion will take place once the relevant reasons no longer apply.

16. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or manipulation.

Our website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock symbol displayed in your browser.

17. Currency and Amendments of This Privacy Policy

This privacy policy is currently valid. We reserve the right to amend it in the event of legal or technical changes.