Privacy Policy, 

Last Modified: 24 May 2018



LEONIE MERGEN (“Company”, “us”, “we” and “our”) is a shopping platform that  provides you with a curated shopping experience by enabling you to discover and purchase apparel and accessories items from the fashion design label LEONIE MERGEN and a unique shopping experience by enabling you to connect, browse and purchase unique, inspiring and high fashionable items. This privacy policy ("Privacy Policy") governs the data collection practices by us while either a user (“User(s)”) or Business Partner, use our Services and website, available at:“Website”).


This Privacy Policy discloses how or why we collect, share and use our Users’ and Business Partners’ data (hereinafter the “Business Partners” and “User(s)” shall be collectively defined as “you” or “yours”).  We respect your privacy and committed to protect the privacy of our users.


This Privacy Policy is an integrated part of the Company's Terms of Use (“Terms of Use”) and is a legally binding agreement between you and us. The Privacy Policy and Terms of Use shall be binding upon any user using or attempting to use the Website or Services as defined and detailed in our Terms of Use, including any portion thereof. Definitions herein shall have the same meaning as defined in the Terms of Use.




In order to protect your privacy and make sure you understand exactly what information may be collected about you, we have set up this Privacy Policy.


 In our Privacy Policy, you will learn about:

What type of information we collect?

Information we collect from business partners

Information we collect from users


How we use the information we collect?

How we collect your information?


With whom we share the information, and for what purpose?

Right to obtain a copy, delete or revise the data collected & opt – out rights


For how long we retain the information we collect?


 How do we safeguard your information?

 Our servers’ location

 Do Not Track disclosure


Children's policy

Updates or amendments to the Privacy Policy

Partners who collect Data via


How to contact us



The data protection declaration of the Karabakh Collection GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a)    Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b)   Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c)    Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

d)    Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future. 

e)    Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

f)     Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 

g)    Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

h)    Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

i)      Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. 

j)      Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k)    Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

f)    Further Definitions

You will find further definitions directly where certain terminologies are used.



Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Karabakh Collection GmbH

Bellevuestr. 1

13189 Berlin





Data Security Officer:

Busso von der Groeben
Bellevuestr. 1

13189 Berlin




We may collect two types of information from you.

The first type of information is non-identifiable information which may be made available via the use of the Website or Services. Thus, we are not aware of the identity of the user from which the Non-Personal Information was collected. (“Non-Personal Information”).


The Non-Personal Information collected by us may include your aggregated usage information and technical information transmitted by your device, including but not limited to: type of browser and the settings, operating system, type of the device used to access our Services, your ISP, log data, visits to the Website, pages viewed, Items views or Items saved, date and time stamp, duration on the page, location data(if you have that functionality set up) the path taken in the site and your IP addresses (***Please note, we consider IP to be Non-Personal Information, however, in some countries and jurisdictions this data might be considered as identifying and “Personal Information”), etc. We use this information, which does not identify individual users, to analyze trends, to administer the Website, to track users' movements around the Website in order to ensure that our Website’s Content is presented as effectively as possible as well as to gather demographic information about our user base as a whole.


The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”). Personal Information includes your name, email address and private password submitted upon registration, etc.


Please note that we may collect different categories of Personal and Non-Personal information from you depending on the nature of your interaction with the Services, as detailed below.

If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.



If you are one of our Business Partners, we may collect the following information from you:

Registration: information that you provide when you create an account. For example, in order to register to the Services, we require basic contact information such as: first and last name, email address, brand name and brand’s site/online shop etc. Further, during the registration process the Business Partners will be provided with a user name and a password, which can be replaced following login in. you represent and warrant that you are responsible for maintaining the confidentiality of your username and password. You represent and warrant that you will not provide inaccurate, misleading or false information to us. If information provided to us subsequently becomes inaccurate, not updated, misleading or false, you will promptly notify us of such change.

Payment: In order to receive payments from us, you will be required to fill in your payment details, such as: bank or financial account information, PayPal account, etc.

Technical: we also collect viewing and usage information that relates to your interaction with the Site, such as your IP address.



If you are one of our Users, we may collect the following Information from you:

Registration: In order to purchase an Item or create a Wish List you might be required either to submit your email address or to sign up and register by creating an account (“Account”). During the registration process, you will be asked to provide us with the following information: full name, private password (“Password”), email address as well as shipping and billing addresses, you can then choose to provide us with further information about yourself such as your phone number and date of birth. During the checkout, you will be required to provide us with your payment details (i.e., gift card, credit card or PayPal details). WE DO NOT STORE THE PAYMENT DETAILS AT ANY TIME, thus you will need to re-enter the payment information for each order. In addition, the transaction is provided by our secured partners and third-party payment processors.

Please note, that we may also see and store parts of your data, if you leave your Shopping Card unfinished and do not check out.

Signing in from your Facebook account: If the option is povided you can also sign in from your Facebook account, if you do so, you authorize us to access certain Facebook account information, such as your public Facebook profile in consistency with your privacy settings in Facebook. 

Technical: we also collect viewing and usage information that relates to your interaction with the Website, such as your IP address




 If the option is provided you can voluntarily subscribe to our Newsletter you will be asked to provide us with your email address, you can unsubscribe at any moment through your account or by clicking unsubscribe.

Contact Us: if you voluntarily contact us, you might provide us with your contact information such as your name, telephone number, address, email, etc. we will use this information solely to respond to your request and support your needs. 

Newsletters may contain so called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. Based on the embedded tracking pixel, the Karabakh Collection GmbH may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Karabakh Collection GmbH automatically regards a withdrawal from the receipt of the newsletter as a revocation.




We collect your information during your access or use of the Website and Service as detailed above. We collect your information in an effort to operate, manage and improve the Services and shopping experience, to communicate with Users about our Items, services and promotions and respond to your inquiries, provide you with requested services and to enhance and improve the performance and accuracy of our service and website. We may use Users’ information collected online to process and fulfill Users’ order. In addition, we maintain a record of Users’ Items interests, purchases and whatever else might enable us to enhance and personalize Users’ shopping experience. We also monitor our website use and traffic patterns to improve our designs, the Items and Services we offer and the way in which we offer them, all to enhance your experience.



Depending on the nature of your interaction with the Services or Website, we may collect information from you automatically or when you voluntarily choose to provide us with information, all as detailed in this Policy.

If you are User or a Business Partner, we collect information that you voluntarily provide us during your interaction with the Services solely for the purpose of providing the Services.

We may also collect certain types of information automatically, including through the use of Cookies, Web Beacons and other similar tracking technologies (as detailed below). These tracking technologies allow us to personalize your experience with the Services (e.g., remember your password when you login).

For information regarding choices you may have with respect to our use of your information, please refer to the “right to obtain a copy, delete or revise the data collected” section of the Policy.



We may use industry-wide technologies such as “cookies” and other technologies (e.g. web beacons, pixels, etc.) in our Website and Services, as we gather certain information automatically, by ourselves or by using third party service and store it in log files.  A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and your Account and our Website quicker and easier. You can find more information about cookies at Please note that most browsers will allow you to erase cookies from your device, block acceptance of cookies, or receive a warning before a cookie is stored, through your device or browser settings. However, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.

Third parties (i.e., Google Analytics, Squarespace Analytics) may also use cookies, scripts or web beacons for the purpose of tracking and analyzing your use, this information does not include Personal Information. To learn more about how Google uses data from our use of Google Analytics Cookies, we recommend you review Google’s policies located at: We also encourage you to review the Google Analytics’ currently available opt-outs for the web tool available at:



We do not share any Personal Information collected from you with third parties or any of our partners except in the following events:

1)     Authorized Disclosures. We may disclose your Personal Information to third parties when you consent to a particular disclosure of your Personal Information. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.

2)     Third Party Partners- share your Personal Information with third parties that perform services on our behalf (e.g. customer service, marketing assistance, delivery services, payment process, tracking, servers, service functionality and support, etc.) these third parties may be located in different jurisdictions;

3)     Law Requirement- we will share your information, solely to the extent needed to comply with any applicable law, regulation, legal process or governmental request.  

4)     Policy Enforcement- we will share your information, solely to the extent needed to enforce our policies including investigations of potential violations thereof or to detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues;

5)     Company’s Rights- we will share your information, solely to the extent needed to establish or exercise our rights to defend against legal claims;

6)     Third Party Rights- we will share your information, solely to the extent needed to prevent harm to the rights, property or safety of us, our users, yourself or any third party or for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

7)     Corporate Transaction- We may share personal information, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.

We always strive to serve you better and improve our performance, therefore, we may combine information you give us through our Website with publicly available information and information we receive from or cross-reference with select partners and others. By combining the different information, we are able to enhance Users’ shopping experience by providing Users’ with more relevant items, promotions and special events which we believe Users’ will find interesting, as well as to communicate with you better.

We may store Non-Personal and Personal Information on our servers or our cloud servers, use or share Non-Personal Information in any of the above circumstances, as well as for the purpose of providing and improving our Website and Service, aggregate statistics, marketing and conduct business and marketing analysis, and enhance your experience with the Website.



You have a right to obtain a copy of your Personal Information that we hold. Further, you have the right to have the information associated with you corrected, if inaccurate, or erased, if we do not have a legitimate reason for retaining the information.(e.g.: We need your e-mail address to confirm the deletion of your data to you) you may, at any time, make such request (to access, change, update or remove your Personal Information) by contacting us at: Further, note that we may require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.



Even after providing your consent to this Policy, you are entitled to change your mind and opt-out of the data collection and sharing process related to our Website, by changing your browser or settings and disabling or blocking cookies, in any event the cookies will be automatically deleted within a reasonable period of time, with respect to Company’s collection proposes. You may also opt-out by contacting us at: Note that once you opt out, part of the Services provided by us might no longer be available.



We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion. Please note that unless you decide to delete your Account by sending us a request do so, or any part thereof, or instruct us otherwise, we retain the information we collect for as long as needed to provide the service and to comply with our legal obligations, resolve disputes and enforce our agreements.

Once you delete your account you will not be able to recover it and will have to register again with a new account in case you choose to use the Service.

In addition, some of the data we receive depends on your privacy settings with the social network (i.e., Facebook) and you should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Website.

If you delete your account we will delete all information and data of you. Please note, that we cannot send you your details if you request them after you deleted your account.



We take great care in implementing and maintaining the security of the Website and your information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Website, and we make no warranty, express, implied or otherwise, that we will prevent such access. We may adopt what we believe is appropriate data collection, storage and processing practices and security measures to protect against unauthorized access to such data.

If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse our Website or acted in an inappropriate manner, please contact us directly at



The Website and Services are not designated to users under the age of 16 and the Company does not knowingly collect or maintain information from users who it positively knows are under the age of 16. If a parent or guardian becomes aware of personal information we have collected from an individual under the age of 16 please contact us at In the event that we become aware that a user under the age of 16 has shared any information, we will discard such information.



We reserve the right to periodically amend or revise the Privacy Policy at our sole discretion; such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the "Last Modified" heading. Your continued use of the Website, following the notification of such amendments constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

In the event of a material changes we will make best efforts to notify you by email or through your Account. 




We promote the service Instagram on Instagram is a service of Instagram Inc. By means of the integrated “Insta” button on our page, Instagram receives the information that you have accessed the corresponding page of Leonie Mergen. If you are logged into Instagram, Instagram may assign the visit to our site to your Instagram account and link the data by this means. The data transmitted by clicking the “Insta” button is stored by Instagram. You can find more information regarding the purpose and scope of data collection, it’s processing and use, as well as your related rights and settings options for protecting your privacy in the Instagram data protection notice under

To prevent your visit to our site from being accessed by your Instagram account, you must log out of your Instagram account before visiting our site.



We promote the service Facebook on Facebook is a service of Facebook Inc. By means of the integrated “Facebook” button on our page, Facebook receives the information that you have accessed the corresponding page of Leonie Mergen. If you are logged into Facebook, Facebook may assign the visit to our site to your Facebook account and link the data by this means. The data transmitted by clicking the “Facebook” button is stored by Facebook. You can find more information regarding the purpose and scope of data collection, its processing and use, as well as your related rights and settings options for protecting your privacy in the Instagram data protection notice under To prevent your visit to our site from being accessed by your Facebook account, you must log out of your Facebook account before visiting our site.



We promote the service of the payment provider PayPal. Payments may be processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A. If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.

The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved under



In our online shop there is the possibility to pay with Credit Card. 

The following Data is collected if you pay via Credit Card:: Provider of the Card, card number, CVV and Expiry Date. As stated before we will not store your Credit Card or other payment details. 



The Website is hosted by It uses Squarespace Analytics, to help us provide the best service for you. Squarespace Analytics shows us your IP Adress including an activity log for our website. Squarespace ensures in its own data protection provisions, that they do not store any Data of our customers. The data protection provisions of squarespace may be retrieved under 



 Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller



If any part of this Privacy Policiy is not valid after law and other restrictions the other terms and parts are not affected and still valid.



If you have any general questions about the Website, Service or the information that we collect about you and how we use it, please contact us at: