Cookie Policy

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT]] This Cookie Policy is a draft and does not constitute legal advice. It must be reviewed and finalised by qualified counsel before publication.

This Cookie Policy explains how [[PLACEHOLDER: LEGAL ENTITY NAME]], operator of my-own-dolls.com (the "Website", "we", "us"), uses cookies and similar technologies (such as pixels, local storage, and SDKs) when you visit or use the Website. It applies in addition to, and should be read together with, our Privacy Policy and our Terms of Service.

We are established in Germany / the European Union. Our use of cookies is governed by the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG, formerly TTDSG) and, where cookies involve the processing of personal data, by the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Because the Website provides adult (18+) content, certain technical measures relating to age verification and closed user group access under the German Interstate Treaty on the Protection of Minors in the Media (Jugendmedienschutz-Staatsvertrag, JMStV) may rely on strictly necessary cookies. These are described further below. The controller responsible for any personal data processed via cookies is identified in our Privacy Policy; data protection enquiries may be directed to [[PLACEHOLDER: DPO / PRIVACY CONTACT EMAIL]].

Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They allow the Website to recognise your device, remember your actions and preferences, and function correctly. In this Policy, "cookies" also covers similar technologies that store or access information on your device, including browser local storage, session storage, pixels, tags, and software development kits (SDKs).

Cookies may be "first-party" (set by us, under the my-own-dolls.com domain) or "third-party" (set by a service provider or partner acting on our behalf or independently). They may also be "session" cookies, which are deleted when you close your browser, or "persistent" cookies, which remain on your device for a defined period or until you delete them.

Under the TDDDG, storing information on, or accessing information already stored on, your device generally requires your prior consent, unless the storage or access is strictly necessary to provide a service you have expressly requested. Where personal data is processed via cookies, that processing additionally requires a lawful basis under the GDPR.

[[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT — confirm consent mechanics, banner wording, and lawful bases match the deployed consent management platform.]]

All non-essential cookies (functional, analytics, and any other optional categories) are switched OFF by default. We do not set, read, or activate any non-essential cookie before you have given your specific, informed, freely given, and unambiguous consent through our consent banner. There are no pre-ticked boxes, and continuing to browse, scroll, or close the banner does not count as consent.

When you first visit the Website you are shown a consent banner that lets you (i) accept all cookies, (ii) reject all non-essential cookies, or (iii) make granular choices by category. Rejecting non-essential cookies is as easy as accepting them, and both options are presented with equal prominence.

Strictly necessary cookies do not require consent and cannot be switched off through the banner, because the Website cannot function properly without them. We rely on the strict-necessity exemption under the TDDDG for these, and, where they involve personal data, on our legitimate interests or on the necessity of performing the contract / providing a service you requested (Art. 6(1)(b) and/or (f) GDPR). For all other categories we rely on your consent (Art. 6(1)(a) GDPR; § 25(1) TDDDG).

Strictly Necessary Cookies. These are essential for the Website to operate and to deliver services you have explicitly requested. They include cookies that maintain your login session, secure your account, balance server load, remember the contents of your shopping basket or active subscription state, support payment and fraud-prevention processes, and, importantly, record that you have passed age verification and may access the 18+ closed user group required under the JMStV. Without these cookies, core features such as logging in, paying, and accessing age-restricted galleries would not work. They are exempt from consent.

Functional Cookies. These enhance the usability of the Website by remembering choices you make, such as your preferred language, region, display or playback preferences, content-blur or safe-viewing settings, and whether you have dismissed certain notices. They are not strictly necessary, are OFF by default, and are activated only with your consent. Disabling them may reduce convenience but will not prevent core access.

Analytics / Performance Cookies. These help us understand how visitors interact with the Website — for example which pages are viewed, how users navigate, and where errors occur — so we can measure and improve performance. They are OFF by default and set only with your consent. Where feasible we use privacy-friendly configurations (such as IP truncation/anonymisation and limited data retention). Any analytics provider acting as a processor does so under a data processing agreement. [[PLACEHOLDER: NAME OF ANALYTICS PROVIDER(S), e.g. self-hosted Matomo / other]].

Other / Optional Cookies. If we introduce additional optional categories in future (for example for personalisation or limited measurement of marketing campaigns through age-gated channels), they will be added to the consent banner as separate, opt-in categories, OFF by default, and described in this Policy before activation. [[PLACEHOLDER: CONFIRM WHETHER ANY MARKETING / ADVERTISING COOKIES ARE USED — note that adult-content advertising and certain third-party tracking may be restricted by ad networks and platform policies.]]

The table below lists the specific cookies and similar technologies in use, and is maintained as a live inventory. For each item we identify: the cookie name; the provider/domain (first- or third-party); the category (strictly necessary, functional, or analytics); the purpose; the type (HTTP cookie, local storage, pixel, etc.); whether it is a session or persistent cookie; and its retention/expiry period.

[[PLACEHOLDER: COOKIE INVENTORY TABLE — to be populated and kept current. Example rows to replace: (1) Name "session_id" — first-party — Strictly Necessary — maintains logged-in session — HTTP cookie — Session — expires on browser close. (2) Name "age_verified" / "cug_access" — first-party — Strictly Necessary — records passing JMStV age verification / closed user group access — HTTP cookie — Persistent — [[PLACEHOLDER: DURATION]]. (3) Name "csrf_token" — first-party — Strictly Necessary — security / request forgery protection — HTTP cookie — Session. (4) Name "cookie_consent" — first-party — Strictly Necessary — stores your consent choices — HTTP cookie — Persistent — [[PLACEHOLDER: e.g. 6–12 months]]. (5) Name "lang"/"prefs" — first-party — Functional — remembers language and viewing preferences — HTTP cookie — Persistent — [[PLACEHOLDER: DURATION]]. (6) Name "_pk_*" or equivalent — [[PLACEHOLDER: ANALYTICS PROVIDER]] — Analytics — usage measurement — HTTP cookie/local storage — Persistent — [[PLACEHOLDER: DURATION]]. (7) Payment/fraud-prevention cookies set by [[PLACEHOLDER: PAYMENT PROCESSOR NAME]] — Strictly Necessary — secure card processing — [[PLACEHOLDER: TYPE/DURATION]].]]

The names, providers, and durations listed in the published table prevail over the illustrative examples above. We review and update the inventory whenever cookies are added, removed, or changed.

Some cookies may be set by third-party service providers we engage, such as our payment and fraud-prevention providers, content delivery network, and (subject to your consent) our analytics provider. These parties may process limited data on our behalf as processors under data processing agreements, or, in defined cases, as independent or joint controllers. The relevant parties are identified in the cookie inventory and in our Privacy Policy.

Where a third-party cookie provider is located outside the European Economic Area, or transfers data to a third country, such transfers are made only on the basis of an adequate safeguard recognised under the GDPR — for example an EU Commission adequacy decision, EU Standard Contractual Clauses, or another valid Chapter V mechanism — together with any supplementary measures required. Details and copies of safeguards are available on request via [[PLACEHOLDER: DPO / PRIVACY CONTACT EMAIL]].

We do not control cookies set independently by third parties via their own technologies, and we encourage you to review the privacy and cookie notices of any such providers identified in the inventory. [[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT — confirm controller/processor roles and transfer mechanisms for each named third party.]]

You can change your cookie choices at any time, and withdrawing consent is as easy as giving it. To revisit your settings, open the cookie preferences panel via the "Cookie Settings" link in the Website footer (or the on-screen control [[PLACEHOLDER: DESCRIBE LOCATION / WIDGET]]). From there you can enable or disable each non-essential category and save your updated choices.

Withdrawing consent takes effect going forward and does not affect the lawfulness of any processing carried out before withdrawal. After you withdraw consent, the relevant cookies will no longer be set; cookies already stored on your device may need to be cleared through your browser if you wish to remove them immediately.

You can also manage or delete cookies directly in your browser. Most browsers let you view, block, or delete cookies and configure whether to accept them. Instructions are available in the help sections of common browsers (for example Chrome, Firefox, Safari, and Edge). Please note that blocking strictly necessary cookies may prevent you from logging in, completing payment, or accessing age-restricted areas of the Website. Disabling cookies entirely may significantly limit functionality.

Where your browser sends an automated consent or objection signal that we are legally required to honour (for example a recognised opt-out signal), we will treat it in accordance with applicable law. [[PLACEHOLDER — REPLACE WITH LAWYER-REVIEWED TEXT — confirm handling of automated signals once TDDDG implementing rules / PIMS recognition are settled.]]

Cookies are retained only for as long as necessary for their stated purpose. Session cookies are deleted automatically when you close your browser. Persistent cookies remain for the defined period set out in the cookie inventory and then expire, unless you delete them earlier through your browser or by withdrawing consent.

Your consent choices are themselves stored (in the "cookie_consent" record described in the inventory) so that we can remember your preferences and demonstrate compliance. We re-request consent periodically — at most every [[PLACEHOLDER: e.g. 6 to 12 MONTHS]] — and whenever the categories, purposes, or third parties materially change, so that your consent stays current and informed.

Personal data processed through cookies is retained in line with the retention periods described in our Privacy Policy. We do not keep cookie data longer than necessary for the purposes for which it was collected, subject to any legal retention obligations.

Where cookies involve the processing of your personal data, you have the rights granted under the GDPR, including the rights of access, rectification, erasure, restriction, data portability, and objection, and the right to withdraw consent at any time. These rights, and how to exercise them, are described in full in our Privacy Policy.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for our establishment is [[PLACEHOLDER: NAME AND ADDRESS OF COMPETENT GERMAN DATA PROTECTION SUPERVISORY AUTHORITY, e.g. the State Data Protection Commissioner of [[PLACEHOLDER: FEDERAL STATE]]]].

If you have questions about this Cookie Policy or our use of cookies, contact us at [[PLACEHOLDER: CONTACT EMAIL]] or [[PLACEHOLDER: POSTAL ADDRESS]]. Data protection enquiries and requests to our Data Protection Officer (where appointed) may be sent to [[PLACEHOLDER: DPO CONTACT]]. Full operator details are set out in our Imprint (Impressum), including [[PLACEHOLDER: LEGAL ENTITY NAME, ADDRESS, REGISTER NUMBER, USt-IdNr / VAT ID]].

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, in technology, or in legal requirements. The current version is always available on the Website, with the date of last revision shown at the top.

Where changes affect cookies that require consent — for example the addition of a new category, purpose, or third party — we will obtain fresh consent before activating those cookies. We encourage you to review this Policy periodically. [[PLACEHOLDER: DATE OF LAST REVISION]].