Kostenlose Lieferung ab 50 € 🇩🇪 Versand aus Fehmarn 💬 Mo–Fr 8–16 Uhr persönlich erreichbar
EN 71 zertifiziert
Sichere Zahlung
30 Tage Rückgabe
Made in Germany
Kauf auf Rechnung für Kitas

Privacy Policy

Privacy Policy

Version: May 2026

Protecting your personal data is of utmost importance to us. We process your data exclusively in accordance with applicable legal provisions (GDPR, BDSG, TTDSG). In this privacy policy, we inform you of the key aspects of data processing as part of our website and online shop.

Section 1: Data Controller

The data controller responsible for data processing on this website is:

Kiki-Ena (brand of TFB Beyond UG)
Blieschendorfer Weg 24
23769 Fehmarn
Germany
Telephone: 0160 97016864 (also WhatsApp)
Email: hallo@kiki-ena.de

If you have any questions about data protection, you can contact us at any time via the email address above. A Data Protection Officer is not required by law, as the conditions for appointment are not currently met. [Data Protection Officer if required: name + contact details to be inserted.]

Section 2: Collection of General Information during Website Visits (Server Log Files)

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser used, the operating system, your internet service provider’s domain name, your IP address, the previously visited page (referrer), the pages accessed on our website, the date and time of access, and the amount of data transferred.

This data is used exclusively for statistical analysis to ensure secure and smooth operation of the website and to improve our offering. The legal basis is Article 6(1)(f) GDPR (legitimate interest in the security and stability of our systems). Log files are deleted after a maximum of 30 days, unless longer retention is required in individual cases to investigate a security incident.

Section 3: Cookies

Our website uses cookies. Cookies are small text files stored on your device that your browser sends to us each time you visit the website.

Technically necessary cookies: These cookies are essential for the operation of the website. These include session cookies (e.g. for storing your shopping basket, login status and language selection). Legal basis: Article 6(1)(f) GDPR and Section 25(2) No. 2 TTDSG.

Functional and convenience cookies: These cookies make it easier to use the website (e.g. remembering filter settings). They are only set if you have previously consented. Legal basis: Article 6(1)(a) GDPR and Section 25(1) TTDSG. You can revoke your consent at any time via the cookie banner.

You can disable the setting of cookies in your browser. Please note that in this case some functions of our shop may no longer be available.

Section 4: SSL Encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us as the operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Section 5: Contact Form and Email Contact

If you submit enquiries to us via contact form or email, your information from the enquiry form including the contact details you provide (name, email address, telephone number if applicable) will be stored for the purpose of processing your enquiry and for any follow-up questions.

The legal basis is Article 6(1)(b) GDPR (initiation or performance of a contract) or Article 6(1)(f) GDPR (legitimate interest in answering enquiries). We do not pass this data to third parties without your consent. The data will be deleted once it is no longer required for the purpose of its collection. Mandatory legal retention periods (in particular under commercial and tax law) remain unaffected.

Section 6: Newsletter (Double Opt-In)

You have the option to subscribe to our newsletter via our website. For this, we require your email address and your consent to receive the newsletter.

We use the double opt-in procedure. After registration, you will receive an email with a confirmation link. Your email address will only be added to our distribution list after you click on this link. This allows us to ensure that the registration actually comes from you.

The legal basis is Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. A simple notification by email or a click on the unsubscribe link in each newsletter email is sufficient. The lawfulness of the data processing operations already carried out is not affected by the revocation.

We keep a record of the registration (date, time, IP address, confirmation) to be able to document the registration in the event of any abuse claims.

Section 7: Customer Account and Order Processing

To complete a contract through our online shop, you must provide personal data that we need to process your order. Required information for the fulfilment of contracts is marked as such separately; further information is optional.

We process the data you provide to fulfil your order. To do this, we may pass your payment details to our bank or an engaged payment service provider and the data necessary for dispatch to the shipping company we have engaged.

Specifically, we use Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Dublin 2, Ireland) as payment service provider for credit card payments and Klarna Bank AB (publ) (Sveavaegen 46, 111 34 Stockholm, Sweden) for Klarna Pay Now / Pay Later. The data required for payment processing is transmitted to the respective selected provider. Their data protection provisions apply in addition.

The legal basis is Article 6(1)(b) GDPR (performance of contract). If you have created a customer account, your data will be stored until it is deleted. Otherwise, data is deleted once it is no longer required to fulfil the purpose. Statutory retention obligations (e.g. under the German Commercial Code, German Tax Code: generally 6 to 10 years) remain unaffected.

Section 8: Payment Providers

We offer the following payment methods in our shop:

  • Advance payment (bank transfer): If you select this payment method, you will receive our bank details by email. The data necessary for this is processed on the basis of Article 6(1)(b) GDPR. Data is not passed to payment service providers.
  • Invoice (especially for nursery and business customers): When purchasing on account, the invoice for your order will be enclosed or sent by email. We reserve the right to carry out a credit check in individual cases. Legal basis: Article 6(1)(b) and (f) GDPR.

If additional payment providers (e.g. PayPal, Klarna, credit card) are added in the future, this privacy policy will be updated accordingly.

Section 9: Shipping Service Provider (DHL)

To deliver your order, we transmit the data required for this (name, delivery address, telephone number if necessary for notification) to the shipping service provider we have engaged, typically Deutsche Post DHL Group (Charles-de-Gaulle-Strasse 20, 53113 Bonn).

The legal basis is Article 6(1)(b) GDPR. If we pass your email address or telephone number to DHL for the purpose of shipment notification, we will obtain your prior express consent (Article 6(1)(a) GDPR). For more information on data protection at DHL, please visit dhl.de/datenschutz.

Section 10: WooCommerce and WordPress

Our online shop is based on WordPress with the WooCommerce plugin. This software stores technically required data for the operation of the shop (orders, customer accounts, shopping basket sessions) in our own database on our hosting server within the European Union. These order data are not transmitted to Automattic Inc. or third parties.

Only server-side operated components are used. Insofar as WooCommerce offers any tracking or telemetry functions, these are disabled in our installation. The legal basis for use: Article 6(1)(b) and (f) GDPR.

Section 11: Google Fonts (Locally Hosted)

Our website uses Google Fonts for uniform font display. These fonts are delivered locally from our own server. When you visit our website, there is no connection to Google LLC servers. Therefore, no personal data (in particular no IP addresses) is transmitted to Google.

The legal basis for using the locally hosted fonts is Article 6(1)(f) GDPR (legitimate interest in uniform and fast display of our online presence).

Section 12: Reviews System (Product Reviews and Comments)

In our shop, you can leave product reviews. In addition to your rating, your name (pseudonym possible), your email address, the review text and, to prevent abuse, your IP address and the timestamp of submission will be stored.

The email address is not published and is used exclusively for the purpose of follow-up enquiries or any verification of the authenticity of the review. The IP address is recorded exclusively to prevent abuse (e.g. spam, multiple reviews, fake reviews).

The legal basis is Article 6(1)(a) GDPR (consent upon submission of the review) and Article 6(1)(f) GDPR (legitimate interest in authenticity and abuse prevention). You may request the deletion of your review at any time via the contact details stated in this policy.

Section 13: WhatsApp Enquiries

On our website you will find a way to contact us via WhatsApp (telephone number 0160 97016864). If you use this contact method, your mobile number and the message contents you transmit are processed via the servers of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland).

We expressly point out that WhatsApp processes metadata (e.g. telephone numbers, connection data) and may also transmit it to countries outside the EU. Use of WhatsApp is entirely at your own initiative.

The legal basis for processing the contents you send to us is Article 6(1)(b) or (f) GDPR. For more information on data protection at WhatsApp, please visit whatsapp.com/legal. If you do not wish your data to be processed via WhatsApp, please use an alternative contact method (email or telephone).

Section 14: Rights of Data Subjects

You have the right at any time to:

  • access the personal data we process about you (Article 15 GDPR),
  • correct inaccurate data (Article 16 GDPR),
  • delete your data (the “right to be forgotten”, Article 17 GDPR),
  • restrict processing (Article 18 GDPR),
  • data portability in a structured, commonly used and machine-readable format (Article 20 GDPR),
  • object to processing (Article 21 GDPR),
  • withdraw consent given with effect for the future (Article 7(3) GDPR).

A simple notification to the contact details provided in Section 1 is sufficient to exercise these rights.

Section 15: Right to Lodge a Complaint with the Supervisory Authority

If you believe that the processing of your personal data is in violation of applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). As a rule, you can contact the supervisory authority of the country of your habitual residence, your place of work or the place of the alleged violation.

A list of supervisory authorities and their contact details can be found at: bfdi.bund.de.

Amendments to this Privacy Policy

We reserve the right to amend this privacy policy from time to time to ensure it complies with current legal requirements or to reflect changes to our services in the privacy policy, for example when introducing new services. The new privacy policy will apply to your next visit.

Version of this policy: May 2026.