Datenschutzerklärung

1. Overview and Data Controller

This Privacy Policy explains how we collect, use, and protect your personal data when you visit our online shop, place an order, or otherwise interact with us. We take the protection of your personal data seriously and process it in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection law.

The controller responsible for data processing on this website within the meaning of Article 4(7) GDPR is:

  • Julian Peter BuPeSü
  • Richterstraße 2
  • 50933 Köln
  • Germany
  • Email: bupesuesoehne@gmail.com
  • Phone: +49 1578 8331594

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the details above.

2. General Information on Data Processing

We process personal data only where there is a legal basis to do so. Depending on the purpose, the legal basis may be:

  • Article 6(1)(a) GDPR – your consent;
  • Article 6(1)(b) GDPR – performance of a contract or pre-contractual measures (for example processing your order);
  • Article 6(1)(c) GDPR – compliance with a legal obligation (for example tax and commercial retention duties);
  • Article 6(1)(f) GDPR – our legitimate interests, provided your interests or fundamental rights do not override them.

We retain personal data only for as long as is necessary for the relevant purpose or as required by statutory retention periods. Once the data is no longer needed and no legal obligation requires its retention, it is deleted or anonymised.

3. Hosting via Shopify

Our online shop is hosted on the platform of Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland), part of the Shopify group. Shopify provides the e-commerce infrastructure that allows us to display our products and process orders.

When you visit our shop, Shopify automatically collects and processes data that your browser transmits, as well as data you provide when browsing or ordering. This is technically necessary to display the website securely and reliably and to enable the contractual relationship with you.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of the contract) and Article 6(1)(f) GDPR (our legitimate interest in a secure, efficient, and reliable provision of our online shop). We have concluded a data processing agreement with Shopify in accordance with Article 28 GDPR. Where data is transferred to countries outside the European Economic Area, such transfers are safeguarded by appropriate measures, in particular the Standard Contractual Clauses of the European Commission.

4. Cookies and Consent

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that allow us to recognise your browser and provide certain functions.

4.1 Technically Necessary Cookies

Some cookies are strictly necessary for the operation of the shop, for example to maintain your shopping cart, manage your session, or ensure security. These are used on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in providing a functional website. They do not require your consent.

4.2 Optional Cookies (Analytics and Marketing)

We use non-essential cookies, such as those for analytics or marketing, only with your prior consent in accordance with Article 6(1)(a) GDPR. When you first visit our website, you can decide via our consent banner which categories of cookies you wish to allow.

4.3 Managing and Withdrawing Consent

You can withdraw your consent at any time with effect for the future by adjusting your cookie settings or by configuring your browser to refuse or delete cookies. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that disabling certain cookies may limit the functionality of the shop.

5. Server Log Files

Each time our website is accessed, our hosting provider automatically collects and stores information in so-called server log files, which your browser transmits to us. This may include:

  • the IP address of the requesting device;
  • the date and time of the request;
  • the name and URL of the file retrieved;
  • the website from which access was made (referrer URL);
  • the browser type and version and the operating system used;
  • the volume of data transferred.

This data is processed to ensure a smooth connection, to guarantee comfortable use of our website, to evaluate system security and stability, and for administrative purposes. The legal basis is Article 6(1)(f) GDPR; our legitimate interest lies in the secure and stable operation of our website. This data is not merged with other data sources, and log file data is deleted after it is no longer required for the purposes described, unless a longer retention period is necessary to investigate specific security incidents.

6. Contact by Email

If you contact us by email, the personal data you provide (such as your name, email address, and the content of your message) will be processed solely for the purpose of handling your enquiry and any follow-up questions.

The legal basis for this processing is Article 6(1)(b) GDPR where your enquiry relates to the conclusion or performance of a contract, and otherwise Article 6(1)(f) GDPR, based on our legitimate interest in responding to enquiries directed to us. We delete this data once your enquiry has been fully dealt with and no statutory retention obligations require continued storage.

7. Order Data

When you place an order in our shop, we collect and process the data necessary to fulfil the contract. This typically includes your name, billing and shipping address, email address, telephone number (where provided), order details, and payment information.

We process this data to perform the purchase contract with you, to deliver your order, to handle payments, and to respond to any enquiries related to your order. The legal basis is Article 6(1)(b) GDPR. In addition, we are subject to commercial and tax retention obligations under Article 6(1)(c) GDPR, which require us to retain certain order and invoice data for the statutory retention periods (generally several years) even after the contract has been completed. After these periods expire, the corresponding data is deleted.

We disclose your data to third parties only insofar as this is necessary for the performance of the contract, for example to payment providers, shipping companies, and our fulfilment partners, or where we are legally obliged to do so.

8. Payment Providers

To process payments, we use external payment service providers. Depending on the payment method you select, the data required for payment processing (such as your name, address, payment details, and order amount) is transmitted to the relevant provider.

The payment service providers process this data as independent controllers in accordance with their own privacy policies and the applicable payment card and banking security standards. The legal basis for transmitting your data to a payment provider is Article 6(1)(b) GDPR (performance of the contract), as the transfer is necessary to process the payment you have chosen. Where a payment provider processes data outside the European Economic Area, appropriate safeguards such as the Standard Contractual Clauses of the European Commission apply. We recommend that you review the privacy policy of the respective payment provider before completing your purchase.

9. Shipping and International Delivery

To deliver your order, we share the necessary shipping data (in particular your name and delivery address, and where required your email address or telephone number for delivery notifications) with the shipping companies and logistics partners engaged to carry out the delivery.

We operate an honest dropshipping model: while some products are dispatched directly by us, others are shipped by our fulfilment partners, and certain items may be sent from partner warehouses located abroad, including outside the European Economic Area. The typical delivery time is 5–10 business days, although it may vary depending on the product and destination. Where your shipping data is transferred to a partner outside the European Economic Area for the purpose of fulfilling your order, we ensure appropriate safeguards in accordance with the GDPR, in particular through Standard Contractual Clauses, or rely on Article 49(1)(b) GDPR where the transfer is necessary for the performance of the contract with you.

The legal basis for sharing shipping data with our delivery and fulfilment partners is Article 6(1)(b) GDPR, as it is necessary to perform the purchase contract and deliver the goods you have ordered.

10. Your Data-Subject Rights

Under the GDPR, you have the following rights regarding your personal data. You may exercise them at any time by contacting us using the details provided in Section 1.

  • Right of access (Article 15 GDPR): you may request confirmation as to whether we process personal data concerning you and, if so, obtain access to that data and information about its processing.
  • Right to rectification (Article 16 GDPR): you may request that inaccurate personal data be corrected and incomplete data be completed.
  • Right to erasure (Article 17 GDPR): you may request the deletion of your personal data where one of the grounds set out in the GDPR applies, provided no legal retention obligations prevent this.
  • Right to restriction of processing (Article 18 GDPR): you may request that the processing of your personal data be restricted in the cases provided for by law.
  • Right to data portability (Article 20 GDPR): you may request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller where technically feasible.
  • Right to object (Article 21 GDPR): you may object, on grounds relating to your particular situation, to processing based on Article 6(1)(f) GDPR. You may object to processing for direct marketing purposes at any time, after which we will no longer process your data for those purposes.
  • Right to withdraw consent (Article 7(3) GDPR): where processing is based on your consent, you may withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal.

10.1 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other remedy, you have the right under Article 77 GDPR to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. As the controller is based in Germany, you may also contact the competent German state data protection authority.

11. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful loss, alteration, unauthorised disclosure, or access. Our website uses encryption (SSL/TLS) to protect the transmission of your data. Please be aware that data transmission over the internet can never be entirely secure.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, in legal requirements, or in the way we process personal data. The version published in our online shop at the time you access it applies.