Terms of service
1. Controller (Verantwortlicher)
The controller responsible for data processing on this website within the meaning of the GDPR (Art. 4(7) DSGVO) is:
DURRSHEIN
Am Erlenbach 14
34225 Baunatal
Germany
Email: info@durrshein.de
2. Collection and Storage of Personal Data
We process personal data as defined in Art. 4 DSGVO/GDPR.
The type and scope of data collected depend on how you interact with our website and services.
2.1 When visiting our website
We automatically collect the following data:
· IP address
· Browser type and version
· Device and operating system information
· Date and time of access
· Referrer URL
· Visited pages and interactions
This data is collected automatically by Shopify and is required for website functionality, security, and optimization.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
2.2 When placing an order
We collect the following information to process your order:
· First and last name
· Billing and shipping address
· Email address
· Phone number (optional)
· Payment information (processed and encrypted by the respective payment provider)
· Ordered products
· Order and transaction history
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
2.3 Customer account registration
If you create an account, we store:
· Name
· Password (stored in encrypted form)
· Saved addresses
· Order history
Legal basis: Art. 6(1)(b) GDPR.
2.4 Contact via email or contact form
If you contact us, we process:
· Name
· Email address
· Content of your message
Legal basis:
· Art. 6(1)(a) GDPR (consent), or
· Art. 6(1)(b) GDPR (pre-contractual communication).
3. Use of Personal Data
We process your personal data for the following purposes:
· To process and ship your orders
· To manage and confirm payments
· To provide customer service
· To prevent fraud, misuse, or security issues
· To improve website performance and user experience
· To display personalized content or product recommendations
· To comply with legal obligations
Data is processed only for purposes permitted under Art. 6 GDPR.
4. Disclosure of Personal Data
We only disclose your data to third parties when necessary for contract fulfillment (Art. 6(1)(b) GDPR), when required by law, or with your explicit consent.
4.1 Shopify (Platform Provider)
Our online shop is hosted by:
Shopify International Ltd.
Victoria Buildings, 1–2 Haddington Road
Dublin 4, D04 XN32, Ireland
Shopify Privacy Policy:
https://www.shopify.com/legal/privacy
4.2 Shipping and logistics partners
We disclose necessary data (name, address, tracking number) to:
· DHL / Deutsche Post
· UPS
· FedEx
· Other fulfillment partners where required
4.3 Payment service providers
Depending on your selected payment method, data may be shared with:
· PayPal
· Klarna
· Shopify Payments
· Credit card processors
· Apple Pay / Google Pay
Payment providers act as independent data controllers.
4.4 Other service providers
We may use additional service providers for:
· Customer support
· Email delivery
· Analytics and performance measurement
· Cloud hosting
All service providers are bound by GDPR-compliant contracts.
5. Cookies & Tracking Technologies
Our website uses cookies to:
· Enable essential website functions
· Maintain shopping cart and checkout processes
· Enable login sessions
· Analyze website usage
· Provide marketing and retargeting
Non-essential cookies (analytics, marketing, personalization) are only activated with your explicit consent via our cookie banner (Art. 6(1)(a) GDPR, §25 TTDSG).
Essential cookies
Processed under Art. 6(1)(f) GDPR (legitimate interest).
You may adjust or withdraw your cookie preferences at any time through the cookie banner or your browser settings.
6. Analytics & Marketing Tools
Depending on your cookie preferences, we may use:
· Shopify Analytics
· Google Analytics
· Facebook/Meta Pixel
· Retargeting or advertising services
These tools process pseudonymized or anonymized data.
They are activated only with your explicit consent.
7. Data Processing Outside the EU
Some service providers (e.g., Shopify, payment providers) may process data outside the EU/EEA.
All transfers are protected using:
· Standard Contractual Clauses (SCCs)
· Adequacy decisions
· GDPR-compliant safeguards
8. Data Retention Period
We store personal data only as long as necessary:
· Order data: 10 years (legal retention – §147 AO)
· Customer account data: until account deletion
· Email inquiries: 12 months
· Analytics/cookies: according to our cookie policy
Data is deleted when no longer required, unless legal retention obligations apply.
9. Your Rights Under GDPR
You have the following rights:
· Right of access – Art. 15 GDPR
· Right to rectification – Art. 16 GDPR
· Right to erasure – Art. 17 GDPR
· Right to restrict processing – Art. 18 GDPR
· Right to data portability – Art. 20 GDPR
· Right to object – Art. 21 GDPR
· Right to withdraw consent at any time – Art. 7(3) GDPR
To exercise your rights, contact: info@durrshein.de
You also have the right to lodge a complaint with your competent supervisory authority (Art. 77 GDPR).
10. Data Security
We use SSL encryption and implement industry-standard technical and organizational security measures (TOMs).
While no system is fully secure, we apply recognized best practices to protect your data.
11. Children’s Privacy
Our services are not directed at children under 16 years of age.
We do not knowingly collect data from minors.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on users.
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes.
The most current version always applies.
14. Contact Information
If you have questions about this Privacy Policy or your data rights, contact us:
DURRSHEIN
Am Erlenbach 14
34225 Baunatal
Germany
Email: info@durrshein.de