1. Introduction
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
[Your Company Name]
[Street Address]
[Postal Code] [City]
Germany
Email: privacy@example.com
Phone: +49 (0) XXX XXXXXXX
3. Information We Collect
3.1 Personal Information
We collect the following personal information when you use our services:
- Name and contact information (email address, shipping address)
- Payment information (processed securely by our payment providers)
- Order history and purchase information
- Age verification data (verification result only, not birth date)
- Communication preferences
3.2 Automatically Collected Information
- IP address and browser information
- Device information and operating system
- Cookies and similar tracking technologies
- Usage data and analytics
4. How We Use Your Information
We use your personal data for the following purposes:
- Order Processing: To process and fulfill your orders
- Communication: To send order confirmations, shipping updates, and customer service messages
- Legal Compliance: To comply with legal obligations, including age verification and VAT requirements
- Service Improvement: To improve our website and services
- Marketing: To send promotional emails (only with your consent)
5. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to fulfill our contract with you (Art. 6(1)(b) GDPR)
- Legal Obligation: Processing required by law, such as tax and accounting requirements (Art. 6(1)(c) GDPR)
- Legitimate Interest: Processing necessary for our legitimate business interests (Art. 6(1)(f) GDPR)
- Consent: Processing based on your explicit consent, such as marketing communications (Art. 6(1)(a) GDPR)
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience. You can manage your cookie preferences through our cookie consent banner.
Cookie Categories:
- Necessary Cookies: Required for website functionality (cannot be disabled)
- Analytics Cookies: Help us understand how visitors use our website
- Marketing Cookies: Used to deliver relevant advertisements
- Preference Cookies: Remember your settings and preferences
7. Data Sharing and Third Parties
We may share your information with the following third parties:
- Payment Processors: Stripe for credit card and SEPA payments
- Shipping Partners: To deliver your orders
- Email Service Providers: To send transactional and marketing emails
- Analytics Providers: Google Analytics (if you consent)
- Legal Authorities: When required by law
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:
- Order data: 10 years (German tax law requirement)
- Marketing consent: Until you withdraw consent
- Account data: Until account deletion
- Cookie consent: 12 months
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, please contact us at privacy@example.com
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:
- SSL/TLS encryption for data transmission
- Secure payment processing (PCI DSS compliant)
- Regular security audits and updates
- Access controls and authentication
- Data backup and recovery procedures
11. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
12. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.
14. Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the relevant supervisory authority:
For Germany:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: www.bfdi.bund.de
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@example.com
Phone: +49 (0) XXX XXXXXXX
Address: [Your Company Address]