Privacy Policy

1. Data Controller

⚠ Company data missing — please configure Admin → Company.

2. Data Collected and Purposes

We process personal data only to the extent necessary to provide a functional website and our content and services. Processing of personal data takes place regularly only with the consent of the user (Art. 6(1)(a) GDPR) or when processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR).

Order Data

When placing an order we collect: name, email address, delivery address, payment data. Legal basis: Art. 6(1)(b) GDPR (contract performance). Retention: 10 years pursuant to §257 HGB.

Contact Requests

Contact requests via form or email are stored to process the request. Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Retention: until the request is fully processed.

User Account

On registration we store name, email address and password (hashed). Legal basis: Art. 6(1)(b) GDPR.

3. Third Parties

Stripe (Payment Processing)

For payment processing we use Stripe. Payment data is transmitted directly to Stripe and not stored on our servers. Legal basis: Art. 6(1)(b) GDPR. More info: stripe.com/de/privacy

Resend (Email Delivery)

For sending transactional emails (order confirmations, etc.) we use Resend. Your email address is transmitted. Legal basis: Art. 6(1)(b) GDPR. More info: resend.com/legal/privacy-policy

Cloudflare (Hosting & CDN)

Our website is hosted via Cloudflare. Cloudflare processes technical connection data (IP address, timestamps, accessed URLs) to provide and secure the service. Legal basis: Art. 6(1)(f) GDPR. More info: cloudflare.com/de-de/privacypolicy

4. Cookies

We use cookies to ensure the functionality of our website:

Cookie	Purpose	Category	Retention
session	Session authentication	Essential	Session end
cart	Shopping cart (localStorage)	Essential	Session end
cookie_consent	Stores your cookie consent	Essential	1 year (localStorage)

5. Your Rights

You have the right to:

Access (Art. 15 GDPR) — a copy of your stored data
Rectification (Art. 16 GDPR) — correction of inaccurate data
Erasure (Art. 17 GDPR) — "right to be forgotten"
Restriction (Art. 18 GDPR) — restriction of processing
Data portability (Art. 20 GDPR) — data in machine-readable format
Objection (Art. 21 GDPR) — to processing based on legitimate interests

6. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection authority. The responsible supervisory authority depends on your place of residence or the registered address of our company.

This page is based on a template pursuant to GDPR Art. 13/14. Source: gesetze-im-internet.de/dsgvo