Data Security

As a customer, after your purchase you will receive a review email, regardless of whether you have subscribed to a newsletter.
This email is sent from our service provider, Bazaarvoice, Inc. (ATTN: Legal Dept 10901 Stonelake Blvd Austin, TX 78759, USA).

For this purpose, the email address provided as well as the purchased products is passed on to Bazaarvoice. You can find more information on the processing of your data by Bazaarvoice in the data protection information at https://www.bazaarvoice.com/uk/legal/privacy-policy/.
You can object to the sending of this information at any time by clicking on the link to unsubscribe contained in every review email, or by contacting our customer service team.

Voucher offers of Sovendus GmbH: In order to select a currently interesting voucher offer for you, we will transmit your pseudonymised hash value of your e-mail address and your IP-address in encrypted form to Sovendus GmbH, Moltkestrasse 11, D-76133 Karlsruhe (Sovendus) (Art. 6 par. 1 f GDPR).

The pseudonymised hash value of your e-mail address is used to consider a possibly existing objection to receive offers from Sovendus (Art. 21 par.3, Art. 6 par. 1 c GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days (Art. 6 Abs.1 f DSGVO). Furthermore, we will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to Sovendus for billing purposes (Art. 6 Abs.1 f DSGVO).

If you are interested in a voucher offer of Sovendus, while there is no objection existing to receive such offers, and if you click on the voucher banner, we will transmit your form of address, your name and your e-mail address in encrypted form to Sovendus to prepare a voucher (Art. 6 par. 1 b, f GDPR). You will find further information about the processing of your data by Sovendus in their Online Data Protection Notice at www.sovendus.co.uk/privacy_policy.

Our website uses so-called social plugins ("plugins") of the social network Facebook operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

​​​​​The plugins are labeled with a Facebook logo or the addition "Facebook Social Plug-in" or "Facebook Social Plugin".
An overview of the Facebook plugins and their appearance can be found at: https://developers.facebook.com/docs/plugins

If you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook. The content of the plugin is directly sent from Facebook to your browser and integrated into the page.
Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook.

This information (including your IP address) is transmitted directly from your browser to a server of Facebook in the USA and stored there. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook profile.

If you interact with the plugins, for example by clicking the "I like" button or by submitting a comment, this information is also transmitted directly to a Facebook server and stored there.
The information is also published on your Facebook profile and signaled to your Facebook friends. The described data processing processes take place in accordance with Art. 6 (1) point f GDPR on the basis of Facebook's legitimate interests in the insertion of personalized advertising for the purpose of informing other users of the social network about your activities on our website and for the purpose of demand-oriented design of the service.

If you do not want Facebook to associate the information collected through our website directly with your Facebook profile, you must log out of Facebook before you visit our website.
You can also prevent the loading of the Facebook plugins and thus the data processing procedures described above with add-ons for your browser for the future, e.g. with the script blocker "NoScript" ( http://noscript.net/ ). Facebook Inc., based in the United States, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the Facebook data protection information at: http://www.facebook.com/policy.php.

This website uses the "Facebook Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

If the user has given us his explicit consent, his behavior can be tracked after he has seen or clicked on a Facebook advertisement.
This process is designed to evaluate the impact of Facebook ads for statistical and market research purposes and may help to optimize future advertising efforts.
Data collected shall remain anonymous and cannot be used to draw any conclusion about the identity of the user.

However, those data are stored and processed by Facebook to enable a connection to the respective user profile and to allow Facebook to use those data for its own advertising purposes in accordance with the Facebook Privacy Policy ( https://www.facebook.com/about/privacy/ ).

You may allow Facebook and its partners to place ads on and outside of Facebook. A cookie may also be stored on your computer for these purposes.
These processing operations only take place if express consent is given in accordance with Art. 6 (1) point a GDPR. Consent to the use of the Facebook pixel may only be given by users who are older than 13 years of age.
If you are younger, please ask your legal guardian for permission. Facebook Inc., based in the United States, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

If you want to disable the use of cookies on your computer, you can set your Internet browser so that cookies can no longer be stored on your computer in the future and/or cookies that have already been stored will be deleted.
However, when disabling all cookies, some functions of our internet pages may no longer be able to be executed.

On our website, within the framework of a shared responsibility in the sense of Art. 26 GDPR we use the services of Criteo SA, 32 Rue Blanche, 75009 Paris.

The purpose of this processing is retargeting. This means that if you have viewed particular offers on our website, we can display advertising for similar offers that we have on other third-party websites or platforms.

Within the framework of the contract with Criteo, we determine the scope of the respective marketing campaign.

The implementation of this marketing campaign, including the decision over which advertisements are delivered where, is then the responsibility of Criteo.

For this, a code from Criteo is exported directly by Criteo to our website and so-called (re-)marketing tags (invisible graphics or code, also known as “web beacons” are integrated.

With the help of these tags, an individual cookie, i. e. a small file, is saved on your device (instead of cookies other comparable technologies may also be used).

The web pages visited by the user, the content they are interested in, the offers they clicked on as well as technical information on browser and operating system, referring web sites, duration of the visit and other information regarding the usage of the online services are stored in this file.

Criteo can also connect the above information to such information from other sources. If the user subsequently visits other web pages, ads which are adjusted to their interests can be displayed.

You can find more information as well as objection options on the collection of data by Criteo in the Criteo's Privacy Policy conditions: https://www.criteo.com/privacy/. Within the framework of the shared responsibility for the processing described in the “cookies” section, you can assert your rights in terms of GDPR with and to us as well as with and to Criteo.
The legal basis for this is a legitimate interest in accordance with Art. 6(1) Line 1 f GDPR, namely the fulfilment of our business purposes.

If you subscribe to our newsletter, we will use your email address to send you regular information about our fashion offers and promotion.

To ensure proper registration to the newsletter and prevent unauthorised registration from third parties, we will send you a one-time e-mail in which we will ask you to confirm your subscription.

The legal basis for this is your consent in accordance with Art. 6 (para.1) GDPR. You can unsubscribe from the newsletter at any time by clicking the corresponding link in the e-mail or via our customer service team listed above." In connection with your subscription to receive the newsletter, we will also store your IP address, the date and the time of your subscription and the confirmation so that we can retrace and prove your subscription at a later date.

The legal basis for this storing of data is a legitimate interest in the sense of Art. 6 (para.1) f GDPR, where the legitimate interest is being able to prove the subscription.
E-mails sent by us contain so-called tracking pixels which enable statistical evaluation. This is a miniature graphic embedded in the email with the help of which we can recognise whether and when an email was opened and which links contained in the email were clicked on.

Here, your IP address is also communicated to our server.
However, we do not store this or any other personal data. In order to offer you the best possible service as a customer - e.g. via internet pages, which are optimally tailored to your wishes or through personalised and individual offers in our newsletter - we record your activities on our webpages and the items placed into your baskets. We use cookies for this for analysis purposes to find out how you use our internet site, and to allow us to continually optimise our offer: we know, for example, which sites you like to look at or which items you have searched for.

We have entered into agreements with external service providers who register access to certain pages of our website with marketing campaigns to be able to create reports about page views, statistics, adverts that were clicked on and/or other browsing behaviour on our website.

The data collected for this is exclusively anonymised data which only contains the number of views of certain pages of our website.

Under no circumstances do we communicate the personal data of our customers to these service providers. We have already made reference to the cookies on our website. The legal basis for the processing of personal data through the use of cookies is also the legal basis of Art. 6 (1) GDPR.

If you do not agree with the use of cookies on your computer, you can delete the cookies in your browser at any time and also prevent the storing of cookies in the future. As we lack information under these circumstances, it could be the case that the functionality of our website is then restricted.

We use "Addthis" Plugins on our websites to facilitate access to and forwarding of website content.

By the use of "Addthis", Cookies are deployed. Thereby, data is collected and transmitted to AddThis LLC in the USA where it is analysed.Further information on data analysis by AddThis LLC and Data Privacy can be found at www.addthis.com/privacy.

This website carries details of which Data is collected and for which purpose they are further processed. Processing of the data concerned is not carried out by us.

By using the "Addthis" function you agree to the data processing by Add This LLC. You may object to the use of your data at any time by the use of "Opt Out Cookies" http://www.addthis.com/privacy/opt-out.
Alternatively you can set your browser to to block Cookies.

On our website we use the services of Dynamic Yield Ltd. (Dynamic Yield Ltd. 8 Kaplan Street, Tel Aviv, 6473409, Israel).

Your visit to the website will be personalised by the recommendation tool Dynamic Yield to enable an individual and personal experience with the Ulla Popken website and its contents. The page contents that you access will be used in order to show you suitable articles and relevant page contents.
For this purpose, Dynamic Yield will collect pseudonymised information about your user behaviour at the Ulla Popken online shop.

This takes place with the use of Cookies which exclusively store pseudonymised information under an ID (pseudonym) which is generated at random. A direct link to a specific person is therefore not possible.
If you would like to prevent the future collection of data by Dynamic Yield, you can do so under the following link: https://www.dynamicyield.com/platform-privacy-policy/.
Here, you can also find further information concerning data protection and the tracking technology used by Dynamic yield.

We use the re- and pretargeting function of fatmedia.io on our website.

This enables us to target visitors to our websites with advertising, compensate visitors to the personalized websites, interest-based advertising ads are displayed.
Fatmedia.io uses cookies to carry out the analysis of website use, which basis for the creation of interest-based advertisements.

There is no storage of personal data of the visitors of the website.
The user is a other website are you display www. You can permanently deactivate the use of fatmedia.io by ad-shot llc cookies by clicking on the following link: https://tech.fatmedia.io/consent.php?cid=717 and pressing the button Do not show advertising. Further information is available at https://www.mediards.de/#datenschutz The legal basis is a legitimate interest according to Art. 6 Para. 1 S. 1 f GDPR, namely the pursuit of our business purposes, namely the targeted advertising of our services

Our website uses the web analysis service with bid management of the company Kenshoo Ltd. (Oskar-Von-Miller-Ring 20, 80333 Munich) for needs-based design of our webpages and optimisation of advertisement campaigns.

We use tracking technology to enable us to display targeted advertisement on other websites based on your visit to our website and to determine how effective our advertisement efforts have been.

Data processing is based on a legitimate interest (direct marketing) according to point f of art. 6(1) sent 1 GDPR.
If you visit our webpages, it is possible that Kenshoo retrieves identifying features for your browser or end device (e.g. a so-called browser fingerprint), analyses your IP address, saves or reads out identifying features on your end device (e.g. cookies) or obtains access to individual tracking pixels. Anonymised user data are collected and stored in an aggregated form, and user profiles are generated based on these data using pseudonyms.

Due to the use of Kenshoo tracking, cookies valid for up to 90 days are stored locally.
This cookie links the order number and shopping cart value with the Adwords advertisement clicked by the user. The individual features can be used to identify your end device on other websites.

These data are stored for up to 12 months.
You may object to the collection, storage and use of your collected user data at any time.

You can find more information on data protection with Kenshoo in the Kenshoo privacy statement at https://www.kenshoo.de/privacy-policy/. If you wish to prevent data processing, you can set your browser to inform you about the placement of tracking technology.

Additionally, you may delete cookies and also prevent the storage of new cookies or trackers at any time in your browser settings.
As a website user, you are entitled to object to data storage of your user data (collected in an anonymised form) for the future also. Please use the Kenshoo opt-out function according to the privacy policy https://www.kenshoo.de/privacy-policy/.

This website uses cross-device (conversion) tracking technology of “Microsoft Ads” by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA), enabling the display of targeted advertisement on other websites based on your visit to our website and allowing us to determine how effective our advertising efforts have been.

Data processing is based on our legitimate interest in effective marketing according to point f of art. 6(1) GDPR.
The service collects and stores data from which user profiles are created based on the use of pseudonyms. All collected data remain anonymous and cannot be used to identify a person.

This service allows us to trace the activities of users on our website if they have reached our website through “Microsoft Ads” advertisements. If you reach our website through one of these ads, a cookie will be stored on your computer to record any concluded transactions. These cookies generally expire after 180 days and are not used for personal identification. If you visit certain pages of this website during this time, Microsoft and we are able to identify that you have clicked the advertisement and were transferred to this page (conversion page). The data collected by means of the conversion cookie are used to generate conversion statistics.
​​​​​​
Cookies may be deleted in browsers such as Internet Explorer and Mozilla Firefox. They also allow you to choose which cookies are allowed on the computer and which are not. You can find information on how to delete cookies or change the data protection policy of the computer in the browser help section.

1.1. Microsoft Advertising UET and Remarketing

Our website has integrated universal event tracking (UET). We are also using the remarketing feature within the scope of the Microsoft Advertising service.

UET is a piece of code used for storing some non-personal data about the use of the website in connection with a cookie. This includes, inter alia, the time spent on the website, which parts of the website were accessed and through which ad users have reached the website.

By using the remarketing feature, we are able to show you advertisements based on your interests. It analyses the interaction of users on our website, e.g. in which offers the user was interested, to also show the users targeted advertisements on other pages after they have used our website. It identifies visits by end users on the website and records users. It does not identify a person but the web browser on a specific end device.

Thereby, the website is able to identify individual end users in a pseudonymised form and to forward pseudonymised data to third parties for advertising and marketing purposes. The collected information is transmitted to Microsoft servers in the USA and stored there for a maximum of 180 days.

You can find more information on data protection with Microsoft in the Microsoft privacy statement at https://privacy.microsoft.com/de-de/privacystatement.


1.2. Objection against data processing

You have several options to prevent data processing.

You may prevent collection of the data generated by the cookie with regard to your use of the website and the processing of such data by deactivating the storage of cookies or deleting cookies in your browser. Under certain circumstances, this can cause functionality of the website to be limited.

Likewise, you may also deactivate the interest-based advertisement. You may avail yourself of your right to deactivate such technology by using resources such as https://optout.networkadvertising.org/?c=1 or https://youradchoices.com/.

You may deactivate advertisements by cross-device tracking technology at http://choice.microsoft.com/de-de/opt-out. .

To make it easier for you to find the right product size, we offer the optional Fit Finder service by Snap Inc. As part of this service, Snap Inc. collects data provided voluntarily by you such as size, weight, body type, age and your personal wear comfort. Fit Finder then recommends a size based on this information. Snap Inc. stores this data for a period of 90 days by placing a cookie on your device. Please note that Snap Inc. processes your data in the USA. This means that an adequate level of data protection cannot be ensured. If you decide to make a purchase after using Fit Finder, we will also submit the following data in anonymised format to Snap Inc.: date of purchase, order number, product number, selected clothing size and price. The legal basis for sending data to Snap Inc. is your consent via our banner. Your data will be processed by Snap Inc. among others in the USA. This means that an adequate level of data protection cannot be guaranteed. This transfer takes place pursuant to Article 49 Para. 1 lit. a GDPR.

You can sign up to receive push notifications. We use "CleverPush," which is operated by CleverPush GmbH, Nagelsweg 22, 20097 Hamburg, Germany (hereinafter, "CleverPush") to send you push notifications. You'll receive regular information about offers, promotions and current fashion trends via our push notifications. To sign up for push notifications, you must accept your browser's or device's request to receive the notifications. This process is documented and stored by CleverPush. For this purpose, the login time and a push token or device ID is stored. This data is used to send you push notifications and as proof of your registration. The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. CleverPush also evaluates our push notifications statistically. CleverPush can thus recognize whether and when our push notifications were displayed and clicked on. This allows us to determine which push notifications are of interest to recipients in order to tailor future messages to the presumed interests of all recipients and thus to increase interest in our offer. In addition to the push token or device ID, we store the thematic focus of the app in which the push notifications were activated (e.g., business, sports, etc.). We also use this information to send push notifications which are in the presumed interests of our subscribers. In each case, the legal basis for this processing is Art. 6 para. 1 lit. f GDPR. A push token or device ID is only assigned to a specific person if we are required to do so by law, to defend claims against us if this is necessary as evidence and for the possible prosecution of violations of the law. You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with effect for the future. Furthermore, you may object to the use of your personal data as described above on the basis of Art. 6 para. 1 lit. f at any time. Please revoke your consent for this purpose. You can revoke your consent for receiving push notifications in the settings provided for this purpose in your device or browser settings. Your data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. Accordingly, your data will be stored as long as your subscription to our push notifications is active. The following link explains the unsubscribe process in detail: https://cleverpush.com/faq. For accelerating the retrieval of content (such as images) and for defending against attacks, CleverPush uses cloudflare.com, an offering of Cloudflare, Inc. as part of the processing carried out on our behalf based on the standard contractual clauses. CleverPush does not store any data that contains personal data on Cloudflare's servers, but only general content, such as text or images. When you retrieve this content, the device you are using establishes a connection to Cloudflare and this results in the processing of the IP address of the device you are using.

We Ulla Popken as the website provider use fraud0, a service provided by fraud0 GmbH Sendlinger Straße 7, 80331 Munich, to detect invalid traffic and low-quality traffic and to prevent fraud on our website. By using the fraud0 service we can detect invalid traffic on our site, improve our online marketing efforts, clean marketing-relevant statistics and improve the usability of our website. The data obtained from this service is only used for analysis and mitigation of invalid and low-quality traffic. fraud0 processes data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data. A data processing agreement with fraud0 has been concluded. The fraud0 technology uses JavaScript pixels. During your website visit, the following data are collected by or through the use of this service: Browser and device information, such as the device type and model, manufacturer, operating system type and version (e.g. iOS or Android), web browser type and version (e.g., Chrome or Safari), user-agent, flash version, location information, IP address, JavaScript support, pages visited,, time zone, the network connection type, hardware-based identifiers (e.g. MAC address), referrer URL, number of fonts, fonts hash, number of plugins, plugins hash, screen height and width, colour depth, platform, whether the resolution has been tampered, language or OS, whether ad blocking is enabled, whether do not track is enabled. End-user’s behaviour on Controller’s sites, information, such as click path, session ID, session start/stop time, timezone offset, date and time of visit, usage and behavioural data. In our admin interface From fraud0 we receive a classification for invalid and low quality traffic, no personal data. There is no transfer of data to third parties - except as otherwise stated in our data processing agreement with you. When invalid or low quality traffic is detected, we generate invalid audience lists using our tag manager to automatically de-targeted this traffic across all our major buying channels like GoogleAds, Facebook, DV360 etc. Data processing by fraud0 only continues until a classification is done. Tracking across websites does not happen at any time. We process data by using the fraud0 bot detection service based on Art. 6 lit. f GDPR. It is in the interest of the website operator to classify the users of its website as valid or as invalid traffic. First and foremost, we are preventing fraud (recital 47 of the GDPR), but we can also correct the website statistics by removing invalid traffic shares from our statistics. This will allow us to use our online marketing budget more efficiently and therefore continue to provide our services (as usual/free of charge/at a reasonable price). In case of using additional fraud0 services, we may process your data on another legal basis such as your consent, see further information: https://fraud0.com/de/privacy-policy/. The data processing is performed exclusively in the European Union and Data is stored on Google's servers within the European Union and is not intended to be transferred to Google servers in the USA. The User may object to the processing by fraud0 at any time. The privacy policy and contact details of fraud0's data protection officer can be found at the following link. https://fraud0.com/privacy-policy/