Go to homepage
Store locator Store Locator
Wishlist Wish list
Cart €0.00*
Open Facebook Open YouTube Subscribe or unsubscribe to the newsletter

Privacy Policy and Cookie Policy for the Living Puppets Online Shop

This Privacy and Cookie Policy provides all relevant information regarding the processing of personal data of our customers and users when using our website and the Living Puppets online shop, regardless of the medium (online or in person) through which you contact us.

If you would like to know how we use cookies and similar technologies that may be installed on the devices of our customers and users, we recommend that you read the Cookie Policy.

We want you to feel comfortable on our website. Protecting your privacy and your personal rights is very important to us. You can trust us to handle your data responsibly and transparently.

When collecting and processing your personal data, we comply with the strict provisions of German data protection law as well as the requirements of the European General Data Protection Regulation (GDPR).

§ 1 Controller
The controller responsible for data processing on this website is:

Matthies Spielprodukte GmbH & Co. KG
Kurt-A.-Körber-Chaussee 64
21033 Hamburg
Phone +49 (0)40 735 85 09
E-mail: office@living-puppets.de.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

“We”, “us”, “our” in this document means “Living Puppets GmbH”.

§ 2 Hosting
We host the content of our website with the following provider:

Web Labels Webdesign GmbH
The provider is Web Labels Webdesign GmbH, Bahnhofstraße 7, 22941 Bargteheide (hereinafter “Web Labels”). When you visit our website, Web Labels collects various log files including your IP address. For details, please refer to the privacy information of Web Labels:

The use of Web Labels is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in a presentation of our website that is as reliable as possible. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (Telecommunications-Telemedia Data Protection Act), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a Data Processing Agreement (DPA) with the provider named above. This is a contract mandated by data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

§ 3 Purposes and legal bases of the processing of your personal data
We collect, process, and use your personal data for the following purposes, among others:

  • Provision of telemedia

  • Contact, responding to your questions and customer service

  • Sign-up and registration (online account)

  • Purchases in the online shop

  • Sending surveys and personalised information (newsletter)

  • E-mail dispatch due to the sale of goods

  • Statistical analysis, prevention of abuse, and enforcement of legal claims

  • Fraud prevention and credit checks

  • Product reviews

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR and, where special categories of data are processed under Art. 9 (1) GDPR, on the basis of Art. 9 (2) (a) GDPR.

In the event of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of § 25 (1) TDDDG. You may revoke your consent at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if this is necessary for compliance with a legal obligation on the basis of Art. 6 (1) (c) GDPR, for example to fulfil tax obligations. In the event that vital interests of you or another natural person require the processing of personal data, we process your data on the basis of Art. 6 (1) (d) GDPR. Data processing may also be based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, for example when using service providers as processors or for conducting statistical surveys and analyses. The specific legal bases applicable in each individual case are explained in the sections of this Privacy Policy below.

§ 4 Duration of storage and routine deletion of personal data
Unless a specific storage period has been specified within this Privacy Policy or in the cookie overview, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. statutory retention periods under tax or commercial law); in the latter case, erasure will take place once these grounds no longer apply.


§ 5 Collection of general data and information (log files)
(1) When you visit our website, i.e. when you do not register or otherwise transmit information to us, we only collect the connection data that your browser transmits to our server. Each time the website is accessed, a series of general data and information is stored temporarily in the log files of a server.

A log file is created as part of an automatic protocol of the processing computer system. The following may be collected:

  • Your IP address assigned to your computer by your internet access provider when connecting to the internet

  • Access to the website (date, time, and frequency)

  • Time zone difference to Greenwich Mean Time (GMT)

  • Which internet service provider you use

  • Access status/HTTP status code

  • Volume of data transmitted in each case

  • How you arrived at the website (previous website, hyperlink, etc.)

  • Which browser and browser version you use

  • Your operating system and its interface

  • Language and version of the browser software.

(2) Data processing is carried out on the basis of Art. 6 (1) sentence 1 (f) GDPR, as well as on the basis of § 25 (2) no. 2 TDDDG, since the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to display the content of our website correctly. In addition, the data serves to optimise our website and to ensure the security of our IT systems. For this reason, the data is stored for a maximum of 7 days as a technical precaution.

(3) We also use this data for advertising purposes, market research and the demand-oriented design of our services by creating and evaluating usage profiles under pseudonyms, provided you have not exercised your right to object to this use of your data (see notes on the right to object in § 12 (1) and (2) “Your rights”).

§ 6 Collection of personal data when visiting our website
(1) We generally collect and use personal data only to the extent that this is necessary for the provision of a functional website and our content and services. The collection and use of your personal data regularly take place only with your consent. Exceptions apply only in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.

(2) Personal data is information relating to you that can be used to identify you personally (either directly or indirectly). Examples include: your name, your telephone number, your IP address.

(3) The security of your personal data is a high priority for us. We therefore protect the data stored with us by technical and organisational measures to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are obliged to maintain data secrecy and must comply with it.

(4) For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

(5) In order to ensure the long-term protection of your data, security measures are reviewed regularly and, if necessary, adapted to the latest developments in technology. These principles also apply to companies that process and use data on our behalf and according to our instructions.

§ 7 Cookies, web analytics services, identifiers, and retargeting
We use cookies, web analytics services and social media plugins on our website. Please refer to our cookie settings window (lightbox) for information on this.

§ 8 Contact, registration, guest orders and customer service
(1) Contact
When you contact us by telephone, e-mail, fax or via a contact form, we store and process the data you provide (your e-mail address, your first and last name, your billing and delivery address, your billing and payment data, your date of birth, your telephone number and, if applicable, information about orders placed) in order to process your request. We do not share this data without your consent. The act of contacting us is logged to be able to prove contact in accordance with legal requirements.

The processing of this data is based on Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been requested; consent may be revoked at any time.

The data you send to us via contact requests will remain with us until you request erasure, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after completed processing of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

(2) Customer account
On our website you have the option of registering. You can voluntarily create a customer account through which we can store your data for future purchases. If you create an account under “My account”, the data you provide will be stored revocably. All other data, including your user account, can be deleted by you in the customer area. For the provision of your customer account, through which you can place orders, we process the data you store on the basis of Art. 6 (1) (b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship for the management of your customer/user account.

§ 9 Data security and other purposes of processing
On the basis of Art. 6 (1) (c) and (f) GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other unlawful behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This also applies to the extent that we are legally obliged to do so, for example on the basis of official or court orders, and for the assertion of our rights and claims as well as for legal defence.

You can revoke your consent to this at any time as described in § 12 (1) and (2).

§ 10 Disclosure of personal data to third parties
When sharing your personal data, we always ensure the highest possible level of security. For this reason, your data is only passed on to carefully selected and contractually bound service providers and partner companies. In addition, we only forward your data to entities located within the European Economic Area and thus subject to strict EU data protection law or obligated to comply with a comparable level of protection.

§ 11 Purchases in the online shop
(1) If you register on our website or wish to place an order in our online shop, we may process the data necessary for the conclusion, execution or termination of the contract with you. The mandatory information required for the handling of contracts is marked; additional information is voluntary:

  • First name, last name

  • Billing and delivery address

  • E-mail address

  • Billing and payment details

  • Date of birth

  • Telephone number

  • Information about orders placed

As part of your order, you will receive a corresponding confirmation and further documents and information by e-mail so that we can comply with our legal information obligations for the effective conclusion of a contract with you.

The legal basis for this is Art. 6 (1) (b) GDPR, i.e. you provide us with the data on the basis of the respective contractual relationship (e.g. management of your user account, performance of a purchase contract). We are also legally obliged under the German Civil Code (BGB) to process your e-mail address in the event of a purchase via our website living-puppets.de in order to send an electronic order confirmation (Art. 6 (1) (c) GDPR).

(2) We process the data you provide in order to fulfil your order. For this purpose, we may pass on your payment data to our payment service provider. To this end, we use SaferPay of Worldline Schweiz AG, Hardturmstrasse 201, CH-8005 Zurich (hereinafter “SaferPay”). This service enables you to select your preferred payment service provider by providing a secure interface to various payment methods such as credit card, PayPal or Klarna. Further information on data protection at SaferPay can be found at: https://worldline.com/en-ch/compliancy/privacy.

Depending on which payment service provider you select during the ordering process, we may transfer the payment data collected for this purpose to the payment service provider we have engaged in order to process payments. The controller for your payment data is the respective payment service provider. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in with your access data to the payment service provider during the ordering process. The privacy policy of the respective payment service provider applies in this respect.

The legal basis is Art. 6 (1) sentence 1 (b) GDPR, which permits the processing of personal data for the performance of a contract or for pre-contractual measures.

  1. a) Credit card payment
    In the case of credit card payment, we receive from our payment service provider SaferPay, Worldline Schweiz AG, Hardturmstrasse 201, CH-8005 Zurich, the so-called payment ID and the last four digits of your credit card number. These serve to authenticate and assign your order. The transmission is therefore for your security. The personal data required to process the payment is collected directly by the aforementioned payment service provider.

The legal grounds for the data processing described above are Art. 6 (1) (b) GDPR, which permits processing for the performance of a contract, and Art. 6 (1) (f) GDPR, as our legitimate interest in providing you with a secure credit card payment option outweighs this in the context of the balancing of interests.

  1. b) PayPal
    If you choose the payment method PayPal, your personal data necessary for this purpose (i.e. your first and last name, your delivery address, your e-mail address, your telephone number, the amount to be paid, as well as your IP address) will be transmitted to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, so that you can authorise payment to us via PayPal. To do this, you need a PayPal account.

The legal basis for the data processing described above is Art. 6 (1) (b) GDPR, which permits the processing of personal data for the performance of a contract or for pre-contractual measures.

Further information on data protection at PayPal can be found on the PayPal website at: https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE.

(3) For the purpose of delivering ordered goods, we cooperate with logistics service providers/transport companies (e.g. DHL, GLS): The following data may be transferred to them for the purpose of delivering the ordered goods or – insofar as necessary – for announcing delivery: first name, last name, postal address, e-mail address, telephone number (e.g. for forwarding announcements). The legal basis for processing the data is Art. 6 (1) (b) GDPR.

(4) We are legally obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, after 2 years we restrict the processing, i.e. your data will only be used to comply with legal obligations.

(5) To prevent unauthorised access to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

(6) In connection with payment processing, we process your data, with partial assistance from a fraud prevention service provided by our cooperation partner SaferPay, which you provide during the checkout process and when selecting a payment method as well as user activities on the website, to better identify and prevent possible patterns of fraud and fraudulent behaviour. For this purpose, order and payment data (e.g. address, items, payment method) and device information (e.g. device, browser) are processed automatically.

The legal basis is Art. 6 (1) (f) GDPR based on our legitimate interest in protection against misuse.

If an automated check should result in a suspicion of fraud in your case, we will inform you of this and of your specific possibility of lodging a complaint.

In addition, we may transmit information about non-claim-related behaviour to certain credit agencies, such as SCHUFA, in order to prevent fraud (for example in cases of credit card fraud). This is done, in accordance with the statutory requirements, to the extent that it is necessary to protect our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of personal data prevail. The processing is thus for the purpose of fraud prevention based on Art. 6 (1) (f) GDPR.

The data is stored and evaluated in our fraud prevention database in order to identify atypical payment transactions and, where appropriate, to be able to reject transactions. Due to a large number of insecure transactions and attempted fraud, it is necessary to carry out such checks in order to protect both ourselves and our customers against fraud and to counteract it. The legal basis for data processing is Art. 6 (1) (f) GDPR.

§ 12 Your contact and your rights
(1) Naturally, you have rights with regard to the collection of your data, which we would like to inform you about here. If you have general questions about data protection at Living Puppets, or if you wish to exercise your rights under the GDPR*, all you need to do is send us a message. You can use the following contact details for this:

By post:
Matthies Spielprodukte GmbH & Co. KG
Kurt-A.-Körber-Chaussee 64
21033 Hamburg
E-mail: office@living-puppets.de.

*For your own protection, we may be required, when you exercise your rights (e.g. access requests or erasure requests), to request additional information necessary to confirm your identity in order, for example, not to disclose personal data to unauthorised persons or to erase it at their request. If identification is not possible, we must refuse to process such requests if there are doubts about your identity.

(2) Your rights:

Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. The lawfulness of the data processing carried out until your withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis for processing is stated in this privacy information. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves to assert, exercise or defend legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling to the extent that it is related to direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority
If you believe that the processing of your personal data violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with a supervisory authority. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability
You have the right to receive data that we process on the basis of your consent or in performance of a contract in a structured, commonly used and machine-readable format and to have this data transmitted to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

Access, erasure and rectification
Within the scope of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of data processing, and, if applicable, a right to rectification or erasure of this data. If you have any questions on the subject of personal data, you can contact us at any time.

Right to information
If you have exercised the right to rectification, erasure or restriction of processing, we will notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.

Right to restriction of processing
You have the right to request restriction of the processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of this verification, you have the right to request restriction of the processing of your personal data.

  • If the processing of your personal data has been or is unlawful, you may request restriction of data processing instead of erasure.

  • If we no longer need your personal data, but you require it for the exercise, defence or assertion of legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

§ 13 Data processing for advertising purposes (without cookies/tracking data)
We also have a legitimate interest in storing and processing data for advertising purposes with the aim of sending you advertising tailored to your needs. The legal basis for this data processing is Art. 6 (1) (f) GDPR.

(1) Data processing for advertising purposes (personalisation):
We use stored data relating to you, for example regarding products you have purchased from us, for the personalisation of advertising materials (including e-mail, print). For this purpose, the data is used exclusively in a strongly pseudonymised form.

(2) Postal advertising
We generally have a legitimate interest in using data that we have collected, for instance in the context of entering into a contractual relationship with you, for marketing purposes. For this purpose, we process the following data for our own marketing activities: first name, last name, postal address, year of birth.

In addition to the above data, we may store other personal data collected in compliance with the legal requirements for our own marketing purposes. These additional stored data may include products you have purchased from us.

(3) Notice of the right to object
You may object at any time free of charge, with future effect, to the use of your personal data for the aforementioned marketing purposes in your customer account or by e-mail to office@living-puppets.de.

If you object, your data will – insofar as continued storage of the data is necessary for purposes other than use for marketing purposes – be blocked for further processing for advertising purposes. Please note that in exceptional cases advertising material may still be sent for a short time after your objection has been received. This is due to technical reasons and the necessary lead times in the selection process and does not mean that we have not implemented your objection.

§ 14 Other functions and services of our website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will usually be required to provide additional personal data that we use to provide the respective service and for which the principles of data processing mentioned above apply.

§ 15 Competitions / special offers
If you register for a competition organised by us, we use the data you provide during registration for the purpose of performing the participation contract, in particular to notify winners and, if applicable, to advertise our offers and/or offers from our competition partners. In addition, we may offer you special offers, such as vouchers, discounts, etc., the use of which may be made conditional on your consent to the use of certain data (e.g. e-mail address). In these cases, consent is legally required for you to take advantage of the special offers. Detailed information can be found in the respective terms and conditions of participation/General Terms and Conditions for the respective competition or special offer. The legal bases for this data processing are Art. 6 (1) (a) GDPR, Art. 6 (1) (b) GDPR, and Art. 6 (1) (f) GDPR.

§ 16 Disclosure of personal data to third parties
(1) In some cases, we use external service providers to process your data. These may be processors or partners who are necessary for the provision of services. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

These include:

▪ Financial institutions

▪ Companies specialised in the prevention and detection of fraud

▪ Technological and analytical service providers

▪ Providers and partners of services related to logistics, transport and delivery and/or their partner companies

▪ Customer service providers

▪ Service providers and partners in connection with marketing and advertising

▪ Service providers and partners in connection with debt collection, such as collection agencies.

All service providers are contractually obliged to treat your data confidentially. Data processing is carried out on the basis of Art. 6 (1) sentence 1 (b) and (f) GDPR (data processing for contract performance, data processing on the basis of legitimate interest).

(2) If we transfer your data to social media websites, advertising agencies or advertising partners for advertising purposes, we will only do so if you have previously consented.

(3) We may also share your personal data with third parties when prize draws, competitions, contract conclusions or similar services are offered by us together with partners. Further information on this can be found at the point where you provide your personal data or in the description of the competition/offer.

(4) If we use commissioned service providers for individual functions of our services or wish to use your data for advertising purposes, we will inform you in detail below about the respective processes. In doing so, we will also name the criteria specified for the storage period.

(5) When transferring your personal data, we always ensure the highest possible level of security. For this reason, your data is only forwarded to carefully selected and contractually bound service providers and partner companies.

(6) Data transfer to third countries:
We place great importance on processing your data within the European Union (“EU”). However, in the context of the administration, development, and operation of IT systems as well as marketing and customer communication, we may use service providers that process data outside the EU and the European Economic Area (“EEA”) (“third countries”). In these countries, the high European data protection level cannot be guaranteed despite careful selection and contractual commitment of the service providers.

The European Court of Justice has determined, with respect to the United States, that it is a country with an insufficient level of data protection. In this context, there is in particular a risk that your data may be processed by US institutions/authorities for control and monitoring purposes without sufficient legal remedies or enforceable data subject rights being available to you. On 10 July 2023, the EU Commission adopted the adequacy decision for the “EU-U.S. Data Privacy Framework”. This means that, for transfers based on this framework, the EU Commission considers the level of data protection in the US to be comparable to that in the EU and thus safe.

If we use service providers in third countries, we take additional measures in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection when transferring personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are fulfilled (e.g. by concluding EU standard contractual clauses and additional safeguards and technical and organisational measures, such as encryption or anonymisation). You can access the content of these standard contractual clauses here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

If a potential data transfer is based on your consent, giving such consent is voluntary. Such consent then also includes your consent in accordance with Art. 49 (1) (a) GDPR to data processing outside the EEA, e.g. in the USA.

(7) Finally, we will disclose your data to third parties or government bodies within the framework of the applicable data protection legislation (Art. 6 (1) (c) and (f) GDPR) if we are legally obliged to do so, for example on the basis of official or court orders, or if we are entitled to do so, for example because it is necessary for the prosecution of criminal offences or to assert and enforce our rights and claims.

§ 17 Newsletter
(1) On our website, we offer you the opportunity to subscribe to our newsletter so that we can inform you by e-mail about our products, current offers, campaigns, competitions and surveys. Your data will be used exclusively for the purpose of sending you the subscribed newsletter by e-mail and, if you have additionally consented, to analyse how you use the newsletter and any content linked within it. Providing your name allows us to address you personally in the newsletter and, if necessary, to identify you if you wish to exercise your rights as a data subject.

(2) To verify that a subscription is actually made by the owner of an e-mail address, we use the so-called double opt-in (DOI) procedure for registration. This means that after you register, we will send a confirmation link to the e-mail address you provided. Your e-mail address will only be added to our mailing list for sending the newsletter when you click on this confirmation link.

At the time of DOI confirmation, the following data is also stored:

  • Place, date and time of subscription and confirmation

  • IP address

  • E-mail address

  • First name, last name

If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted after one month. The purpose of the procedure is to be able to prove your subscription and, if necessary, to clarify any possible misuse of your personal data. Changes to the data stored by the mailing service provider are also logged.

(3) Mailing service provider:
The newsletter is sent via SuperMailer, Mirko Böer, Malachitstraße 16, 04319 Leipzig, Germany, https://int.supermailer.de/ (hereinafter referred to as the “mailing service provider”). The mailing service provider’s privacy policy can be viewed here: https://int.supermailer.de/privacypolicy.htm.

(4) SuperMailer is software installed locally on our systems. The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on our own servers or the servers of our hosting provider. The software provider SuperMailer does not have direct access to your data. We use SuperMailer exclusively for the technical dispatch of the newsletters.

(5) The legal basis for this processing is your consent, Art. 6 (1) sentence 1 (a) GDPR.

(6) The use of the mailing service provider, the implementation of statistical surveys and analyses, and the logging of the subscription process are based on our legitimate interests. Our interest lies in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users.

(7) You may revoke your consent to receive the newsletter at any time with future effect and unsubscribe from the newsletter. You can declare your withdrawal by clicking on the unsubscribe link provided in each newsletter e-mail or by sending a message as described in § 11 (1) by e-mail to office@living-puppets.de. Your data for newsletter dispatch will be deleted within 3 months after termination of newsletter receipt, provided that statutory retention obligations do not prevent erasure.

§ 18 Objection or withdrawal against the processing of your data
(1) If you have given consent to the processing of your data, you may withdraw this consent at any time with effect for the future. Such withdrawal affects the lawfulness of the processing of your personal data after you have expressed it to us.

(2) If we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case in particular if the processing is not necessary for the performance of a contract with you, which we indicate in the following description of the functions. When you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or show you our compelling legitimate grounds on the basis of which we will continue processing.

(3) You may of course object at any time to the processing of your personal data for advertising and data analysis purposes. You can notify us of your objection to advertising at the following contact details:

Matthies Spielprodukte GmbH & Co. KG, Kurt-A.-Körber-Chaussee 64, 21033 Hamburg, Phone +49 (0)40 735 85 09, E-mail: office@living-puppets.de.

§ 19 Links to websites of other companies
Our website contains links to websites of other companies. We are not responsible for the data protection measures on external websites that you can access via these links. Please inform yourself there about data protection on those external websites.

§ 20 Cookie settings window / Consent Management Tool (CMT)
(1) We use the consent management tool “EU Cookie Richtlinie Pro + automatische Cookie-Erkennung” by ACRIS E-Commerce GmbH to obtain your consent to the storage of certain cookies on your device and to document this in a manner compliant with data protection law. The provider of this technology is ACRIS E-Commerce GmbH, Am Pfenningberg 60, A-4040 Linz, Austria (hereinafter “ACRIS”).

When users access the website, an interactive user interface (“cookie settings window”) appears where they can grant consent for certain cookies and/or cookie-based applications via slider control. By using this tool, all cookies/services requiring consent are only loaded if the respective user grants corresponding consent. This ensures that cookies are only placed on the user’s device if consent is given.

The tool sets technically necessary cookies to store your cookie preferences. When you visit our website, the following personal data is transmitted to ACRIS:

  • Your consent(s) or withdrawal of your consent(s)

  • Your IP address

  • Information about your browser

  • Information about your device

  • Time of your visit to the website

ACRIS also stores a cookie in your browser to be able to attribute the granted consents or their withdrawal to you. The data collected in this way is stored until you request erasure from us, delete the ACRIS cookie yourself, or the purpose of storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The use of ACRIS is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) sentence 1 (c) GDPR.

(2) Recipients of the data are technical service providers. ACRIS is also a recipient of your personal data and acts as a processor for us. All service providers are contractually obliged to handle your data confidentially.

(3) Storage period: consent data (consent and withdrawal of consent) is stored for three years. The data is then deleted immediately.

(4) Further information on the operator and the configuration options of the cookie consent tool can be found directly in the user interface on our website. You can access and modify your cookie settings at any time via the “Cookie settings” link in the footer of our website.

Options for objection and removal vis-à-vis ACRIS can be found at . Further information about ACRIS can be found at https://www.acris.at/impressum.

§ 21 Changes to this Privacy Policy
We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or in order to implement changes to our services in the Privacy Policy, for example when introducing new services. The new Privacy Policy will then apply to your next visit.


Status: November 2025



Cookie Policy

Before we begin …
This Cookie Policy provides information about our use of cookies and similar technologies that may be installed on the devices of our customers and users. Sometimes the use of cookies may involve the processing of personal data. Therefore, we recommend that you read our Privacy Policy, which is available on our platform, if you wish to obtain information about how we use the personal data of our customers and users and how you can exercise your rights.

Information about cookies

  1. What is a cookie?

A cookie is a small text file that is stored by a website, an app or another platform on your computer, tablet, smartphone or a comparable device and contains information about your browsing behaviour or usage, like a label that identifies your device. Cookies are necessary, for example, to facilitate browsing and to understand how users interact with the platforms in order to improve them. They are also very useful for offering advertising tailored to the user’s preferences, as well as for other purposes described below. Cookies do not damage your computer or device.

When we refer to “cookies”, we also mean other similar technologies for installing and/or collecting information on or about your device (such as Flash cookies, web beacons or bugs, pixels, HTML5 (local storage), and SDK technologies for app formats). The term “cookies” also includes the use of fingerprinting techniques, i.e. technologies that combine information and help us identify your device. Sometimes these technologies work together with cookies to collect and store information, either to provide you with certain functionalities or services on our platform or to display advertising on third-party platforms tailored to your browsing behaviour.

For the sake of simplicity, this Cookie Policy also refers to all these technologies as “cookies”.

The cookies we actually use are listed in detail in the cookie settings window available on our website.

2. What types of cookies are there?

Please read this section, which provides an overview of the types of cookies that can be used in an online environment. Depending on the owner, cookies can be classified as follows:

a. First-party cookies:
These are cookies that are sent to the user’s computer or device from a computer or domain managed by the publisher itself and from which the platform or service requested by the user is provided.

b. Third-party cookies:
These are cookies that are sent to the user’s computer or device from a computer or domain that is not managed by us, but by another entity that processes the data obtained via cookies. You can find more information about these third parties on our website and in the consent management tool (CMT). For further details on this tool, please refer to “5. How can I manage the use of cookies on this platform?” below.

Depending on their storage duration, cookies can be classified as follows:

a. Session cookies
Session cookies are deleted as soon as you close your browser. We use session cookies for a number of reasons, including to learn more about your use of our website during a browser session and to help you use our website more efficiently.

b. Persistent cookies
Persistent cookies have a longer “lifespan” and remain beyond the current session. These types of cookies may be used to help you log in more quickly to our website, for analytical purposes and for other reasons described below.

Depending on their purpose, cookies may be classified as follows:

a. Strictly necessary (technical) cookies:
Cookies that enable the user to browse a website, platform or application and use the different options or services offered there, such as controlling data traffic, identifying data or sessions, accessing sections or content with restricted access, remembering items in a shopping basket, completing the purchase process for an order, managing payment, controlling fraud linked to the security of the service, using security features while browsing, registering for or participating in an event, storing content for video or audio transmission, enabling dynamic content (e.g. animation when loading text or images) or sharing content via social media. Technical cookies are strictly necessary and are therefore downloaded by default when they allow the display of the platform or the provision of the service requested by the user.

b. Functionality or customisation cookies:
These cookies allow information to be remembered so that the user can access the service or platform with certain customised features, such as language, appearance or content of the service based on the type of browser used by the user or the region from which they access the service, etc. Refusal of these cookies may result in slower website performance or poorly adapted recommendations.

c. Analytics cookies:
Analytics cookies make it possible to quantify the number of users, the areas visited on the website and their interactions, in order to measure and statistically evaluate how users use the platform and/or service, and thereby introduce improvements based on the analysis of user data.

d. Behavioural advertising cookies:
These store information about user behaviour obtained through continuous observation of their browsing habits. This makes it possible to develop a specific profile in order to display advertising tailored to that profile.

3. Requirement of consent
According to legal provisions, storing information on devices (desktops, mobile phones, tablets, etc.) – e.g. via cookies – and retrieving information from devices (tracking) is generally only permitted if you have previously given your consent. The legal basis is § 25 (1) sentence 1 TDDDG. Consent does not have to be given if storage/retrieval is necessary for the provision of the website/app. The legal basis for this is § 25 (2) no. 2 TDDDG. Necessity exists, for example, with regard to ensuring the following functionalities/achieving the following purposes:

  • Provision of individual “features” (display of shopping basket, enabling and maintaining login, integration of payment service providers, etc.)

  • Ensuring system security / detecting or preventing fraud

  • Identification of bot traffic and prevention of bot attacks

  • Checking functionality of the service

  • Carrying out billing (e.g. billing of partners)

  • Fulfilment of legal requirements (including documentation of granting/withdrawing tracking opt-ins)

  • General reach measurement

There is no right to object to data processing measures that are necessary for the operation of the website/app.

4. What are cookies used for on our platform?
The main purpose of our cookies is to make your browsing experience more pleasant and efficient. For example, they are used to remember your settings during navigation and for future visits. We also use our cookies to continuously improve our services and platform and to offer personalised advertising based on your browsing habits.

The information collected in cookies also enables us to improve our platform by means of estimates based on statistical data and usage patterns (number of visits, most visited areas, time of visit, etc.), to obtain statistical knowledge about how users interact with the platform in order to improve our services, and to adapt the platform to your personal interests, speed up searches and so on.

Occasionally, we may use cookies to obtain information that enables us to display advertising on our platform, third-party platforms or elsewhere based on an analysis of your browsing habits (viewed products, visited areas, etc.).

5. How can I manage the use of cookies on this platform?
In the cookie settings window, which is accessible at any time on our website, you can find all information about the cookies used by this website, including their purpose, duration and management (first-party or third-party) for each individual cookie, so that you can activate and deactivate the use of those cookies that are not strictly necessary for the operation of the platform.

If you deactivate cookies, the affected cookies will be removed from your browser where possible. If you refuse a cookie but cannot delete it, we will in any case block it. The cookies that you have rejected will therefore not be used by us under any circumstances and we will do our best to delete them (please note that some deletion mechanisms are beyond our control, as they depend on the third party responsible for the cookie).

If you browse the internet, you can also deactivate the use of cookies in your browser in relation to third-party cookies that you have previously accepted but wish to reject later.

Here’s how you can do this in the most common browsers:

You can prevent the use of cookies at any time.

Please note that both your cookie settings in the cookie settings window and your browser-based option to refuse cookies apply specifically to the browser you are using. If, for example, you decide on a certain cookie configuration on one device and you would like your decision to be applied to another device, you must activate the same option on the other device.

As an additional step regarding third-party cookies for interest-based advertising, please note that certain third parties may be members of one of the following self-regulatory programmes for online behavioural advertising, which also include opt-out provisions:

  • Google (for YouTube, Google Maps, Google Search): You can manage personalised advertising in Google services via the Google Ad Center: https://myadcenter.google.com/

  • Cross-industry platforms: Many companies, including Meta, participate in industry-wide initiatives that you can manage here:


6. Who uses the information stored in the cookies?
Except for those referred to in section 2 as “third-party cookies”, the information stored in our cookies is used exclusively by us. Third-party cookies are used and managed by external entities to provide us with services that help us improve our own services and the user experience when browsing our platform. Further information can be found in the cookie settings window, which is accessible at any time on our platform.

For more information about the processing of your personal data in the context of our cooperation with third parties and regarding data subject to international data transfers, we recommend that you read our Privacy Policy available on our platform, as well as the privacy policies/settings of the respective third parties, available on their platforms.

These are the most relevant third parties that we allow to place cookies on our platform. Find out more about how these third parties process your data:

  • Google: For analytics services (Analytics) and video embedding (YouTube). You can manage personalised advertising in the Google Ad Center: https://myadcenter.google.com/


Status: November 2025