Privacy Policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Anne Geldermann, Anne Geldermann Art, Krahhöhe 13, 96476 Bad Rodach, Germany, Phone: +49 152 52360847, Email: anne.geldermann2612@gmail.com. The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes, i.e. without registering or otherwise providing us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary to display the website to you:

  • Page visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (where applicable: in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. We reserve the right to retrospectively review server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying page content, we use the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Shopify CDN

We use a content delivery network from the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data may also be transferred to:

  • Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
  • Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission. For data transfers to the USA, the recipient has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.

4) Contact

When you contact us (e.g. via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once the matter has been conclusively resolved and no statutory retention obligations apply.

5) Data Processing When Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data will be collected and processed to the extent necessary when you provide it to us when opening a customer account. The data required for account creation can be found in the input form on our website.

You may delete your customer account at any time by contacting us at the address above. After deletion, your data will be erased provided all contracts concluded through the account have been fully processed, no statutory retention periods apply, and we have no legitimate interest in continued storage.

6) Data Processing for Order Fulfillment

6.1 To the extent required for contract fulfillment for delivery and payment purposes, the personal data we collect will be passed on to the commissioned shipping company and payment institution pursuant to Art. 6(1)(b) GDPR.

Where we owe you updates for goods with digital elements or digital products under a corresponding contract, we process the contact data provided during your order to inform you personally in accordance with our legal information obligations pursuant to Art. 6(1)(c) GDPR.

6.2 Transfer of Personal Data to Shipping Service Providers

Deutsche Post Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany We pass on your email address and/or phone number pursuant to Art. 6(1)(a) GDPR prior to delivery for the purpose of arranging a delivery date or delivery notification, provided you have given your express consent during the ordering process. Otherwise, only the recipient's name and delivery address are passed on pursuant to Art. 6(1)(b) GDPR. Consent may be withdrawn at any time with future effect.

DHL DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany Same conditions as above apply.

DHL Express DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany Same conditions as above apply.

DHL Express Austria DHL Express (Austria) GmbH, Am Europlatz 2 (Objekt G), 1120 Vienna Same conditions as above apply.

DHL Austria DHL Paket (Austria) GmbH, Campus 21, Liebermannstrasse F08/401, 2345 Brunn am Gebirge, Austria Same conditions as above apply.

6.3 Use of Payment Service Providers

Shopify Payments Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

When selecting a payment method where you pay in advance (e.g. credit card), your payment data (including name, address, bank and card information, currency and transaction number) and order content information will be passed on to this provider pursuant to Art. 6(1)(b) GDPR solely for the purpose of payment processing.

7) Website Functions

Google reCAPTCHA Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Data may also be transferred to: Google LLC, USA

This service checks whether input is made by a natural person or abusively by automated processing, and blocks spam, DDoS attacks and similar automated malicious access. The provider collects the IP address, browser and operating system type, and date and duration of the visit, and transmits this to its servers for evaluation. Cookies may be used for this purpose.

Where the above processing is based on cookies, these are only set if you have given your express consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time via the Cookie Consent Tool on our website.

Where processing is carried out without cookies, the legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.

Further information: https://business.safety.google/intl/de/privacy/

8) Tools and Other

Cookie Consent Tool

This website uses a Cookie Consent Tool to obtain effective user consent for cookies requiring consent. The tool is displayed to users upon visiting the site as an interactive interface allowing consent to be given for specific cookies and applications. Cookie-based services are only loaded after the relevant consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal data is generally not processed. Where personal data (such as an IP address) is processed for storing cookie settings, this is done pursuant to Art. 6(1)(f) and Art. 6(1)(c) GDPR.

9) Rights of the Data Subject

9.1 Under applicable data protection law, you have the following rights with respect to the processing of your personal data:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent pursuant to Art. 7(3) GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

9.2 RIGHT TO OBJECT

WHERE WE PROCESS YOUR PERSONAL DATA BASED ON A BALANCING OF INTERESTS PURSUANT TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS RESERVED WHERE WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. IF YOU EXERCISE THIS RIGHT, WE WILL CEASE PROCESSING YOUR DATA FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the applicable legal basis, the purpose of processing and, where applicable, statutory retention periods (e.g. commercial and tax retention periods).

Data processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR is stored until you withdraw your consent.

Data processed on the basis of Art. 6(1)(b) GDPR is routinely deleted after expiry of statutory retention periods, unless still required for contract performance or we have a legitimate interest in continued storage.

Data processed on the basis of Art. 6(1)(f) GDPR is stored until you exercise your right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or processing serves the establishment, exercise or defense of legal claims.

Data processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR is stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise specified in this policy for specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.