Privacy Policy

1. Introduction to Data Protection

We take the protection of your personal data very seriously. This privacy policy informs you about how we process your personal data when you visit our website and use our services.

The provision of personal data is generally not required unless specifically indicated. However, certain functions of our website may be limited if you do not provide the necessary data.

Personal data means any information relating to an identified or identifiable natural person. This includes information such as your name, email address, postal address, and phone number, but also information about your usage behavior.

2. Contact Information

The controller responsible for data processing on this website according to the General Data Protection Regulation (GDPR) is:

3. Proactive Contact and Communication

When you contact us (e.g., via contact form, email, telephone, or social media), we process the data you provide to handle your request and in case follow-up questions arise.

The legal basis for processing contact data is:

• Art. 6(1)(b) GDPR for inquiries related to pre-contractual or contractual matters.
• Art. 6(1)(f) GDPR for other inquiries, where our legitimate interest is to respond to your request.

If the data processing is based on our legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

4. Customer Account and Orders

When you create a customer account or place an order on our website, we collect and process the following data:

• Email address
• Name
• Account information
• Order data

This data is processed and stored in our Supabase database. We process this data based on the following legal grounds:

• Art. 6(1)(a) GDPR - your consent for account registration when this is not directly related to contract fulfillment.
• Art. 6(1)(b) GDPR - for processing necessary for the performance of a contract or pre-contractual measures.

We share your data with Supabase as our service provider for authentication and database services. Your data is stored on servers within the European Union. For more information about how Supabase processes your data, please refer to their privacy policy.

5. Advertising

We may use your personal data for marketing purposes as follows:

Email Marketing for Existing Customers

If you have purchased goods or services from us, we may use your email address for advertising similar products or services. The legal basis for this processing is our legitimate interest in promoting our products (Art. 6(1)(f) GDPR).

Newsletter Subscription

If you explicitly subscribe to our newsletter, we process your email address based on your consent (Art. 6(1)(a) GDPR).

You can unsubscribe from our marketing communications at any time. Each email contains an unsubscribe link, or you can contact us directly to withdraw your consent or object to the processing of your data for marketing purposes.

6. Cookies and Storage Technologies

Our website uses cookies and similar storage technologies. Cookies are small text files that are stored on your device when you visit our website. Local storage allows websites to store data directly in your browser.

Technically Necessary Cookies

We use technically necessary cookies to make our website function properly. These cookies are essential for authentication, maintaining your session, and enabling core website functionality. Without these cookies, certain services cannot be provided.

The legal basis for these technically necessary cookies is Art. 25 para. 2 TTDSG in conjunction with Art. 6(1)(f) GDPR, where our legitimate interest is to provide a functional and secure website.

Cookie Management

You can manage your cookie preferences through our consent management tool available on our website. Additionally, most browsers allow you to view, delete, or block cookies:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Cookies and site permissions → Cookies and site data

Please note that blocking all cookies may affect the functionality of our website.

7. Third-Party Services

Supabase (Auth and Database)

We use Supabase for user authentication and data storage. When you create an account or place an order, the following data may be processed by Supabase:

• Email address
• Name
• Account data

The legal basis for this processing is Art. 6(1)(b) GDPR, as it is necessary for the performance of our contract with you. For more information, please refer to Supabase's privacy policy.

Posthog Analytics

We use Posthog Analytics to analyze and improve our website. Posthog collects information about how you use our website, including:

• Usage data
• IP address (anonymized)
• Pages visited
• Time spent on the website

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR) and our legitimate interest in analyzing and improving our website (Art. 6(1)(f) GDPR). You can opt out of Posthog Analytics through our consent management tool. For more information, please refer to Posthog's privacy policy.

Google Analytics & Tag Manager

Our website uses Google Analytics and Google Tag Manager to analyze website usage and optimize our marketing efforts. These services collect:

• IP address (anonymized)
• Date and time of your visit
• Pages visited
• Referral source
• Browser and device information

This data may be transferred to Google servers in the USA. For data transfers to the USA, we rely on standard contractual clauses approved by the European Commission.

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time using our consent management tool or by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

Stripe (Payment Processing)

We use Stripe to process payments on our website. When you make a purchase, the following data may be shared with Stripe:

• Order information
• Payment data
• Billing information

The legal basis for sharing this data is Art. 6(1)(b) GDPR, as it is necessary for the performance of our contract with you. We use Stripe Checkout or Stripe Elements for secure payment processing. For more information, please refer to Stripe's privacy policy.

8. Rights of Persons Affected and Storage Duration

Storage Duration

We store your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For example:

• Contact inquiries are typically stored for 6 months after the inquiry has been resolved.
• Contract-related data is stored for the duration of the contractual relationship and for the statutory retention periods (usually 6-10 years).

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to information (Art. 15 GDPR): You have the right to request information about the personal data we process about you.
• Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain conditions.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain conditions.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests (Art. 6(1)(f) GDPR) at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority for us is:

Right to Object

If we process your personal data based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing on grounds relating to your particular situation. To exercise this right, please contact us at [email protected].