Privacy policy
Privacy Policy
Last updated: December 2025
1. Controller (Verantwortlicher)
The controller responsible for processing personal data on this website within the meaning of Art. 4(7) GDPR is:
DURRSHEIN
Am Erlenbach 14
34225 Baunatal
Germany
Email: info@durrshein.de
2. Collection and Storage of Personal Data
We process personal data as defined in Art. 4 GDPR. The type and scope of data collected depend on how you interact with our website and services.
2.1 When visiting our website
When accessing our website, the following data are automatically collected by Shopify:
· IP address
· Browser type and version
· Device and operating system information
· Date and time of access
· Referrer URL
· Visited pages and interactions
This data is processed to ensure website functionality, security, and optimization.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
2.2 When placing an order
To process your order, we collect:
· First and last name
· Billing and shipping address
· Email address
· Phone number (optional)
· Payment information (processed securely by the payment provider)
· Ordered products
· Order and transaction history
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
2.3 Customer account registration
If you create an account, we store:
· Name
· Email address
· Encrypted password
· Saved addresses
· Order history
Legal basis: Art. 6(1)(b) GDPR.
2.4 Contact via email or contact form
If you contact us, we process:
· Name
· Email address
· Content of your message
Legal basis:
· Art. 6(1)(a) GDPR (consent), or
· Art. 6(1)(b) GDPR (pre-contractual communication).
3. Use of Personal Data
We process your data for the following purposes:
· Processing and shipping of orders
· Managing and confirming payments
· Providing customer service
· Preventing fraud, misuse, or security issues
· Improving website performance and user experience
· Displaying personalized content or product recommendations
· Fulfilling legal obligations
Data is processed only for purposes permitted under Art. 6 GDPR.
4. Disclosure of Personal Data
We disclose your data only when necessary for contract fulfillment, when required by law, or with your consent.
4.1 Shopify (Platform Provider)
Our store is hosted and operated via:
Shopify International Ltd.
Victoria Buildings, 1–2 Haddington Road
Dublin 4, D04 XN32
Ireland
Shopify processes data as a service provider (processor).
Privacy Policy: https://www.shopify.com/legal/privacy
4.2 Shipping and logistics partners
We share only necessary information (name, address, tracking number) with:
· DHL / Deutsche Post
· UPS
· FedEx
· Other fulfillment partners when required
4.3 Payment service providers
Depending on your selected payment method, data may be shared with:
· PayPal
· Klarna
· Shopify Payments
· Credit card processors
· Apple Pay / Google Pay
Payment providers act as independent controllers.
4.4 Other service providers
We may use GDPR-compliant service providers for:
· Customer support tools
· Email delivery services
· Analytics services
· Cloud hosting providers
All providers are bound by data processing agreements.
5. Cookies & Tracking Technologies
Our website uses cookies to:
· Enable essential website functions
· Maintain shopping cart and checkout functionality
· Enable login sessions
· Analyze website usage
· Provide marketing and retargeting
Non-essential cookies (analytics, marketing, personalization):
Activated only with your explicit consent via our cookie banner (Art. 6(1)(a) GDPR, §25 TTDSG).
Essential cookies:
Processed under Art. 6(1)(f) GDPR (legitimate interest).
You may adjust or withdraw cookie preferences at any time.
6. Analytics & Marketing Tools
Depending on your cookie settings, we may use:
· Shopify Analytics
· Google Analytics
· Facebook/Meta Pixel
· Retargeting or advertising tools
These tools process pseudonymized or anonymized data.
They are activated only with your explicit consent.
7. Data Processing Outside the EU
Some service providers (e.g., Shopify, payment providers) may process data outside the EU/EEA.
Such transfers are protected by:
· Standard Contractual Clauses (SCCs)
· Adequacy decisions
· GDPR-compliant safeguards
8. Data Retention Period
We store personal data only as long as necessary:
· Order data: 10 years (legal retention under §147 AO)
· Customer account data: until account deletion
· Email inquiries: 12 months
· Analytics/cookies: as defined in our cookie policy
Data is deleted when no longer required, unless statutory retention periods apply.
9. Your Rights Under GDPR
You have the following rights:
· Right of access – Art. 15 GDPR
· Right to rectification – Art. 16 GDPR
· Right to erasure – Art. 17 GDPR
· Right to restrict processing – Art. 18 GDPR
· Right to data portability – Art. 20 GDPR
· Right to object – Art. 21 GDPR
· Right to withdraw consent at any time – Art. 7(3) GDPR
To exercise your rights, contact: info@durrshein.de
You also have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
10. Data Security
We use SSL encryption and implement industry-standard technical and organizational measures (TOMs).
While no system is fully secure, we follow recognized best practices to protect your data.
11. Children’s Privacy
Our services are not directed at children under 16.
We do not knowingly collect data from minors.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
13. Changes to This Privacy Policy
We may update this Privacy Policy due to legal, technical, or operational changes.
The most current version always applies.
14. Contact Information
If you have questions regarding this Privacy Policy or your data rights, please contact:
DURRSHEIN
Am Erlenbach 14
34225 Baunatal
Germany
Email: info@durrshein.de