Privacy policy

Privacy Policy

  1. Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is any data that can be used to identify you personally.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Bederdin Cakar, Tority, Germany, Tel.: Upon request, Email: shoptority@gmail.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

  1. Data Collection When Visiting Our Website

When using our website for informational purposes only, i.e., when you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

The processing is carried out in accordance with Article 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no disclosure or other use of the data. However, we reserve the right to review the server log files retroactively if specific indications point to illegal use.

  1. Hosting & Content Delivery Network
  • Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the hosting and presentation of the online shop based on processing on our behalf. All data collected on our website is processed on the servers of Shopify. As part of the aforementioned services by Shopify, data may also be transmitted to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the case of data transfer to Shopify Inc. in Canada, the adequate level of data protection is ensured by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found at the following website: https://www.shopify.de/legal/datenschutz. Further processing on servers other than those mentioned above by Shopify only takes place within the framework communicated below.

  1. Cookies

To make visiting our website attractive and to enable the use of certain features, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow for saving page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Article 6 (1) lit. b GDPR either for the performance of the contract, in accordance with Article 6 (1) lit. a GDPR in the case of granted consent, or in accordance with Article 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the visit to the website.

You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for specific cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.

  1. Contacting Us

In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and answering your inquiry and only to the necessary extent. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6 (1) lit. f GDPR. If your contact aims at a contract, the additional legal basis for processing is Article 6 (1) lit. b GDPR. Your data will be deleted when it is evident from the circumstances that the affected matter has been conclusively clarified, and there are no legal retention obligations to the contrary.

  1. Comment Function

In the context of the comment function on this website, in addition to your comment, information on the time of creation of the comment and the commentator name you choose will be stored and published on this website. Furthermore, your IP address will be stored for security reasons to enable assignment to the author in the event of illegal comments. Your email address will be stored for contacting you in case a third party should contest your published content as illegal.

  1. Use of Customer Data for Direct Marketing

7.1 Subscription to our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to personally address you. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will receive the newsletter only after you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6 (1) lit. a GDPR. We store the IP address you registered with your Internet Service Provider (ISP) and the date and time of registration to be able to trace any misuse of your email address at a later date. The data we collect when you register for the newsletter is used strictly for its intended purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the aforementioned controller. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have explicitly consented to further use of your data or we reserve a further data use that is legally permissible and of which we inform you in this declaration.

7.2 Newsletter Sending via Klaviyo

The sending of our email newsletters is done through the technical service provider "Klaviyo," 225 Franklin St, Boston, MA 02110, USA (http://www.klaviyo.com/), to whom we pass on your data provided during the newsletter registration. This transfer is carried out in accordance with Article 6 (1) lit. f GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. Please note that your data is generally transmitted to a server of Klaviyo in the USA and stored there.

Klaviyo uses this information to send the newsletters on our behalf. Klaviyo does not use our newsletter recipients' data to contact them directly or to pass it on to third parties.

To protect your data in the USA, we have entered into a data processing agreement ("Data-Processing-Agreement") with Klaviyo, in which Klaviyo commits to protect our users' data, process it on our behalf in accordance with its data protection provisions, and not to disclose it to third parties.

You can view Klaviyo's data protection provisions here: https://www.klaviyo.com/legal/privacy.

8) Data Processing for Order Fulfillment

8.1 Submission of Image Files for Order Fulfillment via Upload Function

  • Our website allows customers to submit image files through an upload function for product personalization.
  • The submitted images will only be used for the creation of the personalized product as described in our service specifications.
  • The transfer of image files occurs automatically and is encrypted.
  • If the files are shared with service providers, customers will be informed in the following sections.
  • The processing of personal data is carried out in accordance with Article 6 (1) (b) of the GDPR. After the order has been completed, the files will be automatically deleted.

8.2 Disclosure of Personal Data

  • For contract fulfillment, we will share necessary personal data, such as name, address, and payment information, with contracted service providers (transport companies and financial institutions).
  • Updates for digital products will be sent to the contact details provided during the order to fulfill our legal information obligations (Article 6 (1) (c) of the GDPR).

8.3 Collaboration with External Shipping Partners

  • To fulfill our contractual obligations, we will provide your name, delivery address, and phone number to our selected shipping partner, in accordance with Article 6 (1) (b) of the GDPR.

8.4 Use of Payment Service Providers

  • Amazon Pay: Payment processing through Amazon Payments. Data is shared solely for the purpose of payment processing in accordance with Article 6 (1) (b) of the GDPR. More information on data protection: Amazon Payments Privacy.
  • Apple Pay: Payment processing through Apple Pay. Data is processed for payment processing purposes in accordance with Article 6 (1) (b) of the GDPR. Privacy information: Apple Pay Privacy.
  • Google Pay: Payment processing through Google Pay. Data processing occurs in accordance with Article 6 (1) (b) of the GDPR. Privacy details: Google Pay Privacy.
  • giropay: Payment processing through giropay. Data sharing occurs in accordance with Article 6 (1) (b) of the GDPR. Privacy information: giropay Privacy.
  • PayPal: Payment processing through PayPal. Data is shared in accordance with Article 6 (1) (b) of the GDPR. Information on credit checks and data protection: PayPal Privacy.
  • Shopify Payments: Payment processing through Shopify Payments and Stripe. Data is shared in accordance with Article 6 (1) (b) of the GDPR. Privacy information: Shopify Privacy, Stripe Privacy.

9) Online Marketing

Facebook Pixel for Creating Custom Audiences with Enhanced Data Matching

  • Within our online offering, we use the "Facebook Pixel" from the social network Facebook to create targeted advertising.
  • Data such as email addresses are collected as part of the enhanced data matching and forwarded to Facebook to create Custom Audiences and measure the effectiveness of our Facebook ads.
  • The processing is carried out only upon receiving your explicit consent in accordance with Article 6 (1) (a) of the GDPR. Facebook’s privacy information: Facebook Privacy.
  • The information collected may be transmitted to Facebook's servers and to Meta Platforms Inc. in the USA. You can revoke your consent at any time.

10) Retargeting/Remarketing/Referral Advertising

TikTok Pixel

  • This website utilizes the "TikTok Pixel," a tracking technology from the social network TikTok Technology Limited, located at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").
  • Using cookies (small text files stored on the user's device), information about browsing behavior on our website is collected in a pseudonymized form and transmitted to TikTok, where it is stored and analyzed. This process enables the display of interest-based and personalized product recommendations on TikTok.
  • The information collected typically includes device ID, device type, timestamp, operating system, and IP address. These details may be associated with the user's identity through additional information that TikTok has stored about the user, particularly if they have an account on the TikTok social network.
  • TikTok may also combine the information collected via the pixel with data obtained from other websites and/or in connection with the use of the TikTok social network, thus creating pseudonymized usage profiles. The collected information cannot be used to personally identify visitors to this website.
  • The TikTok Pixel also allows us to track the effectiveness of advertisements on TikTok. If a user clicks on an advertisement on TikTok and is directed to our website while the cookies are still valid, the pixel captures predefined user actions (such as completed transactions, leads, search queries, and product page views). When such actions occur, your browser sends an HTTP request via the TikTok Pixel, transmitting specific action-related information to TikTok's server. This transmission enables TikTok to generate statistics about user behavior on our website following the referral from a TikTok advertisement, which helps us optimize our offerings.
  • All the processing described above, particularly the setting of cookies to read information from the user's device, will only occur if you have given your explicit consent in accordance with Article 6 (1) (a) of the GDPR. You may revoke your consent at any time for future effects by disabling this service in the "Cookie Consent Tool" provided on the website. We have signed a Data Processing Agreement with TikTok for the use of the TikTok Pixel, obliging TikTok to protect our website visitors' data and not to disclose it to third parties. TikTok typically transfers collected information outside the European Economic Area, relying on standard contractual clauses from the European Commission to ensure compliance with European data protection standards.

11) Page Functionalities

Endereco

  • Our website uses the "Endereco" service from Endereco UG, located at Balthasar-Neumann-Straße 4b, 97236 Randersacker, to verify certain entries in the address form during the ordering process in real-time for input errors.
  • This process aims to prevent delivery issues resulting from incorrect information provided by you. We also wish to ensure that your contact details are valid for sending information regarding your order or for any necessary follow-up inquiries.
  • Endereco validates the entered address, verifies its spelling, and completes any missing data if applicable. If the address is ambiguous, correct alternative suggestions are displayed. The address data you provide is transmitted to Endereco, where it is stored and analyzed. This processing is conducted in accordance with Article 6 (1) (f) of the GDPR based on our legitimate interest in accurately capturing correct customer address data to fulfill our contractual delivery obligations and to prevent contractual execution problems.
  • Endereco processes the affected data separately and does not combine it with other data sets. The affected data will be automatically deleted once its status or correctness has been confirmed, but no later than 30 days thereafter.
  • For more information on Endereco's data protection practices, please visit: Endereco Privacy

12) Rights of the Data Subject

12.1 The applicable data protection law grants you the following rights regarding the processing of your personal data:

  • Right of access according to Article 15 of the GDPR;
  • Right to rectification according to Article 16 of the GDPR;
  • Right to erasure according to Article 17 of the GDPR;
  • Right to restriction of processing according to Article 18 of the GDPR;
  • Right to notification according to Article 19 of the GDPR;
  • Right to data portability according to Article 20 of the GDPR;
  • Right to withdraw consent according to Article 7 (3) of the GDPR;
  • Right to lodge a complaint according to Article 77 of the GDPR.

12.2 Right to Object

  • If we process your personal data based on a balancing of interests due to our overriding legitimate interest, you have the right to object at any time, for reasons related to your particular situation, to this processing with future effect.
  • If you exercise your right to object, we will cease processing your personal data. Further processing remains permissible if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
  • If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes. You may exercise your right to object as described above.
  • If you exercise your right to object, we will cease processing your personal data for direct marketing purposes.

13) Duration of Storage of Personal Data

  • The duration of storage for personal data is determined by the respective legal basis, the purpose of processing, and, where applicable, the respective statutory retention period (e.g., commercial and tax law retention periods).
  • For processing based on explicit consent according to Article 6 (1) (a) of the GDPR, personal data will be stored until the data subject revokes their consent.
  • If statutory retention periods exist for data processed under contractual or quasi-contractual obligations based on Article 6 (1) (b) of the GDPR, such data will be routinely deleted after the retention periods expire unless further storage is necessary for contract fulfillment or initiation and/or we have a legitimate interest in retaining the data.
  • For processing based on Article 6 (1) (f) of the GDPR, personal data will be stored until the data subject exercises their right to object under Article 21 (1) of the GDPR unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or if the processing is necessary for the establishment, exercise, or defense of legal claims.
  • For processing personal data for direct marketing purposes based on Article 6 (1) (f) of the GDPR, such data will be stored until the data subject exercises their right to object under Article 21 (2) of the GDPR.
  • Unless specified otherwise in other information within this declaration regarding specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.