This policy is written to be compliant with the General Data Protection Regulation (GDPR), which is mandatory for all businesses operating in the EU.

1. Introduction and Data Controller

This Privacy Policy informs users about the nature, scope, and purpose of the processing of personal data (hereinafter “Data”) within our online offering and the associated websites, functions, and content (hereinafter collectively referred to as “Online Offering” or “Website”).

  • Operator/Data Controller: Suave Design Shop
  • Legal Address: Kaiser Wilhelm Straße 5b, 82319 Starnberg, Germany
  • Email for Data Inquiries: admin@suavedesign.shop
  • Website Address: http://suavedesign.shop

We process users’ personal data only in compliance with the relevant data protection provisions, particularly the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Types of Data Processed

We process the following categories of data:

  • Inventory data: Name, address, contact details (email, phone number).
  • Content data: Information entered into forms, comments, or messages.
  • Usage data: Visited websites, interest in content, access times.
  • Metadata/Communication data: IP addresses, browser information, device information.
  • Contract data: Subject of the contract, payment information (though typically processed by a Payment Service Provider).

3. Purpose and Legal Basis for Processing

We process your data for the following purposes and under the following legal bases:

Purpose of ProcessingLegal Basis (GDPR)
Provision of the online offering and its functionsArt. 6 para. 1 lit. b (Contractual obligation)
Customer communication and request handlingArt. 6 para. 1 lit. b (Pre-contractual/Contractual measures)
Fulfillment of contractual obligations (order processing, delivery)Art. 6 para. 1 lit. b (Contractual obligation)
Security measures and spam preventionArt. 6 para. 1 lit. f (Legitimate interest in security)
Direct marketing (if consent is given)Art. 6 para. 1 lit. a (Consent)
Compliance with legal obligations (e.g., commercial and tax law)Art. 6 para. 1 lit. c (Legal obligation)

4. Data Sharing and Third-Party Processors

As your store operates on a print-on-demand business model, data sharing with third parties is essential for contract fulfillment.

  • Order Fulfillment: For the purpose of fulfilling your order, we transfer the necessary data (name, delivery address, order details) to our third-party print-on-demand provider. This transfer is based on Art. 6 para. 1 lit. b GDPR.
  • Hosting: Our website is hosted by Hostinger. Hostinger processes inventory, contact, content, contract, usage, and metadata on our behalf based on a data processing agreement (Art. 28 GDPR).
  • Payment Processors: Payments are processed by external service providers (e.g., PayPal, credit card processors). We do not store or process payment information like credit card numbers. Data is shared with these providers solely for the purpose of payment processing (Art. 6 para. 1 lit. b GDPR).
  • Shipping: Data necessary for delivery (name, address) is shared with shipping service providers (Art. 6 para. 1 lit. b GDPR).

5. Comments, Media, and Cookies

The following points detail the processing of data related to interactive elements on the site:

Comments

  • When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection (Art. 6 para. 1 lit. f GDPR – Legitimate interest in maintaining site integrity).
  • An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service. After approval, your profile picture is visible to the public in the context of your comment.

Media

  • If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract any location data from images (Art. 6 para. 1 lit. f GDPR – Legitimate interest).

Cookies

  • We use cookies to ensure the functionality of our website and to make your experience convenient.
  • Essential Cookies: Used for basic functions (e.g., shopping cart, login). These are necessary for the contract fulfillment (Art. 6 para. 1 lit. b GDPR) and are always active.
  • Convenience Cookies (e.g., saving comment data): If you leave a comment, you may opt-in to saving your name, email address, and website in cookies. These last for one year (Art. 6 para. 1 lit. a GDPR – Consent).
  • WooCommerce/WordPress Cookies: We use cookies for user authentication, login information, and screen display choices (e.g., login cookies lasting two days, screen options cookies lasting one year, “Remember Me” lasting two weeks).

6. Embedded Content and External Links

Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

7. Data Retention

  • Contract Data: We retain contract and invoice data for the mandatory retention periods under German commercial and tax law (10 years), based on Art. 6 para. 1 lit. c GDPR.
  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely so we can recognize and approve any follow-up comments automatically.
  • Registered Users: For users that register on our website, we store the personal information they provide in their user profile until they request its deletion.

8. Your Rights (GDPR Rights)

Under the GDPR, you have the following rights regarding your personal data:

  1. Right to Access (Art. 15 GDPR): You can request confirmation as to whether your personal data is being processed, and access to that data.
  2. Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate or incomplete data concerning you.
  3. Right to Erasure (‘Right to be Forgotten’) (Art. 17 GDPR): You can request the erasure of your personal data, unless we are obliged to keep it for administrative, legal, or security purposes.
  4. Right to Restriction of Processing (Art. 18 GDPR): You can request the restriction of processing your data under certain conditions.
  5. Right to Data Portability (Art. 20 GDPR): You can receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
  6. Right to Object (Art. 21 GDPR): You can object to the future processing of your data, particularly for direct marketing purposes.
  7. Right to Withdraw Consent (Art. 7 para. 3 GDPR): You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  8. Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement.