Privacy Policy

1. Data controller

[Company name] [Address] Contact: [email]

2. Data categories and purposes

We process the following data: • Master data (name, address, date of birth) • Contact data (email, phone) • Contract data (shelf reservations, sales) • Payment data (IBAN for payouts) • Content data (product photos, descriptions) • Usage data (visited pages, IP address)

3. Legal basis (Art. 6 GDPR)

• Art. 6(1)(b) GDPR – contract performance • Art. 6(1)(c) GDPR – legal obligations (tax, accounting) • Art. 6(1)(a) GDPR – consent (marketing emails) • Art. 6(1)(f) GDPR – legitimate interest (security, fraud prevention)

4. Retention

Business records: 10 years (German commercial law). Account/marketing data: until withdrawal. Log data: max 30 days.

5. Recipients

We share data with: • Payment provider (Stripe, Inc.) • Hosting (Railway Corp.) • Email (Resend, Inc.) • Tax advisors and authorities as required by law

6. Third-country transfers

Some providers are based in the US. Transfers rely on Standard Contractual Clauses (Art. 46 GDPR) or the EU-US Data Privacy Framework adequacy decision.

7. Your rights

You have the right to access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with a supervisory authority. Contact: privacy@[domain]

8. Cookies

We use technically necessary cookies. Analytics cookies are only set with your consent.