Draft / scaffold: this page is a template. Every highlighted field must be completed with the real details and the text reviewed by a legal professional before publishing. Please remove this notice before going live.

Legal

Privacy Policy

1. Data controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Name: [ TO FILL: name / business name of the operator ]
Address: [ TO FILL: full address ]
E-mail: [ TO FILL: contact e-mail for privacy requests ]

We have [ TO FILL: "appointed a data protection officer: name/contact" OR "not appointed one, as not legally required" ].

2. What data we process

Depending on how you use the website, we process the following categories of personal data:

Order data (name, delivery and billing address, e-mail, phone)
Payment data (via our payment provider; see section 5)
Usage data (IP address, browser type, access time, server logs)
Communication data (content of requests you send us)

3. Legal bases for processing

We process your data on the basis of:

Art. 6(1)(b) GDPR — performance of a contract (order processing)
Art. 6(1)(c) GDPR — compliance with legal obligations (e.g. tax retention)
Art. 6(1)(f) GDPR — legitimate interests (secure operation of the website)
Art. 6(1)(a) GDPR — your consent (e.g. non-essential cookies)

4. Cookies

We use cookies to provide and improve the website. For details and your choices, please see our Cookie Policy.

5. Recipients / third parties

To provide our services we use carefully selected processors (Art. 28 GDPR):

Payment processing: Stripe Payments Europe, Ltd. — processes your payment data. [ REVIEW: confirm the actual Stripe entity used ].
Hosting / CDN / image delivery: [ TO FILL: hosting/CDN provider, e.g. Vultr + Cloudflare R2 ].
Analytics: [ TO FILL: analytics tool, if any — otherwise "none" ].

Any transfer to third countries takes place only on the basis of appropriate safeguards (e.g. EU standard contractual clauses). [ REVIEW: have third-country transfers checked by a lawyer ].

6. Retention period

We retain personal data only as long as necessary for the stated purposes or as required by statutory retention periods (e.g. up to 10 years under commercial and tax law).

7. Your rights

Under the GDPR you have the following rights:

Access (Art. 15), rectification (Art. 16) and erasure (Art. 17)
Restriction of processing (Art. 18) and data portability (Art. 20)
Objection to processing (Art. 21)
Withdrawal of a given consent with future effect (Art. 7(3))
Lodging a complaint with a supervisory authority (Art. 77)

Competent supervisory authority: [ TO FILL: state data protection authority of the operator's federal state ].

8. Contact for privacy matters

To obtain information and exercise your rights, please contact: [ TO FILL: privacy contact e-mail ].

Last updated: [ TO FILL: date of last update ]