Data protection

1. Controller

The controller for data processing in the sense of the General Data Protection Regulation (GDPR) is:

STRAMM Design UG
Kölnerstraße 146, 51702 Bergneustadt
shop@strammdesign.com

2. Collection and Storage of Personal Data, as well as Type and Purpose of Use

a) When visiting the website

When you access our website, the following data is automatically collected:

  • IP address
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser type, operating system, internet provider

Purpose: technical provision, stability, security.
Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest).

b) For orders in the webshop

We process the following data:

  • Name, billing and delivery address
  • Email address, phone number
  • Payment information (depending on the chosen payment method)

Purpose: Contract fulfillment (orders, delivery, invoicing, communication).
Legal basis: Art. 6 Para. 1 lit. b GDPR.

c) Contacting us

If you contact us via contact form or email, we store your information for processing.
Legal basis: Art. 6 Para. 1 lit. b/f GDPR.

d) Newsletter

If you subscribe to our newsletter, we use your email address to regularly send you information about our products and promotions.

  • Dispatch only after explicit consent (double opt-in).
  • Unsubscription possible at any time, e.g. via the unsubscribe link in the newsletter.

Legal basis: Art. 6 Para. 1 lit. a GDPR.
If we use an external service provider (e.g. Shopify Email, Klaviyo, Mailchimp, Brevo), data processing is carried out in accordance with Art. 28 GDPR.

3. Data Transfer

Data will only be transferred if it is necessary for the fulfillment of the contract or if there is a legal obligation:

  • Shop System (Shopify): Shopify International Ltd., Ireland. Data may be transferred to Shopify Inc., Canada/USA. Basis: EU standard contractual clauses. Info: https://www.shopify.com/legal/privacy

·         Payment service providers:

PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

Shopify Payments (Stripe Payments Europe Ltd.), Ireland

Klarna Bank AB (publ), Sweden – Klarna may perform a credit check and transmit data to credit agencies if certain payment methods are selected (e.g., invoice purchase, installment purchase). Info: https://www.klarna.com/de/datenschutz/

 

4. Data Transfer to Third Countries

Shopify, Google and Meta may transfer data to the USA. Basis: EU Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.

 

5. Storage Period

  • Order data: in accordance with commercial and tax law regulations 10 years
  • Customer data: as long as your customer account is active
  • Newsletter data: until consent is withdrawn

 

6. Cookies and Tracking

We use cookies and tracking tools.

a) Necessary Cookies

For the functionality of the shop (e.g. shopping cart, login).
Legal basis: Art. 6 Para. 1 lit. b GDPR.

 

b) Google Analytics

We use Google Analytics, a web analysis service from Google Ireland Ltd. (Ireland).

  • Collection: IP address, browser information, click behavior
  • Purpose: Analysis of user behavior, shop optimization
  • Data transfer: possibly USA (SCCs)

Legal basis: Art. 6 Para. 1 lit. a GDPR in conjunction with Section 25 Para. 1 TTDSG (consent via cookie banner).
Further info: https://policies.google.com/privacy

 

7. Obligation to Provide Data

  • For orders, certain data (name, address, payment information) is required.
  • Without this information, a contract cannot be concluded.
  • The provision of further data (e.g., telephone number) is voluntary but facilitates processing.

8. Rights of Data Subjects

You have the right to:

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR)
  • Withdraw consent (Art. 7 Para. 3 GDPR)

You can also lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

 

9. Security

Our website uses SSL/TLS encryption to protect your data during transmission.

 

10. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to legal changes or new services.
Version: August 2025

11. Contact

For questions regarding data protection:

STRAMM Design UG
Kölnerstraße 146, 51702 Bergneustadt

shopstrammdesign@gmail.com