Privacy Policy

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Data Controller

**1.1 **We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when using our website. Personal data is any data by which you can be personally identified.

1.2 The data controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Themenza Germany, e-mail: themenzashop@gmail.com. The controller responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

**2.1 **When you use our website for informational purposes only, i.e., if you do not register or otherwise submit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the time of access

  • Amount of data transmitted in bytes

  • Source/referrer from which you reached the page

  • Browser used

  • Operating system used

  • IP address (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

**2.2 **For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

3) Hosting

Shopify

For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorised disclosure to third parties.

In case of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable certain functions, we use cookies—small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in your browser’s cookie settings overview.

If personal data is also processed by individual cookies we use, processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR if consent has been given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance, or exclude acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g., via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request and for contacting you and the associated technical administration.

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted after your request has been fully processed; this is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified, and provided that no statutory retention obligations conflict with this.

6) Data Processing When Opening a Customer Account and for Contract Processing

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary when you provide it to us when opening a customer account. You can see which data is required for opening an account from the input form on our website.

Deletion of your customer account is possible at any time and can be carried out by sending a message to the controller’s address stated above. After deletion of your customer account, your data will be deleted provided that all contracts concluded via the account have been fully processed, no statutory retention periods conflict with this, and we have no legitimate interest in continued storage.

7) Data Processing for Order Handling

**7.1 **To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact details you transmitted when placing the order (name, address, e-mail address) in order to inform you personally, within the legally prescribed period, about upcoming updates via a suitable communication channel (e.g., by post or e-mail) in accordance with our legal information obligations pursuant to Art. 6(1)(c) GDPR. Your contact details are used strictly for the purpose of communications about updates owed by us and are processed by us only to the extent necessary for the respective information.

For the processing of your order, we also work with the service provider(s) listed below who support us in whole or in part in the performance of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

7.2 Use of Payment Service Providers (Payment Services)
(Dieser Abschnitt ist bereits Englisch in deinem Text – ich lasse ihn wie er ist.)

  • Apple Pay

  • giropay

  • Google Pay

  • Klarna

  • Masterpayment

  • Paypal Checkout

  • Shopify Payments

8) Site Functionalities

Facebook Connect

On our website we provide a single sign-on function offered by the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quary, Square, Dublin 2, Ireland

(Der Rest ist bereits Englisch – bleibt unverändert.)

9) Tools and Miscellaneous

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface in which consent for certain cookies and/or cookie-based applications can be granted by checking a box. By using this tool, all cookies/services requiring consent are only loaded if the respective user gives consent by checking the corresponding box. This ensures that such cookies are only placed on the user’s device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in lawful, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website.

The legal basis for processing is also Art. 6(1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the respective user’s consent.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

10) Rights of the Data Subject

**10.1 **Applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) regarding the processing of your personal data. We inform you about these rights below:

  • Right of access pursuant to Art. 15 GDPR: You have, in particular, the right to obtain information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or criteria for determining that period, the existence of the right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved as well as the scope and intended effects of such processing, and your right to be informed about what safeguards pursuant to Art. 46 GDPR exist when your data is transferred to third countries.

  • Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of incomplete data stored by us.

  • Right to erasure pursuant to Art. 17 GDPR: You have the right to request deletion of your personal data if the requirements of Art. 17(1) GDPR are met. However, this right does not apply in particular if processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

  • Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request restriction of processing of your personal data while the accuracy of your data is being verified, if you oppose deletion due to unlawful processing and instead request restriction, if you need your data for legal claims after we no longer need it for the purpose, or if you have lodged an objection for reasons relating to your particular situation pending the verification of whether our legitimate grounds override yours.

  • Right to notification pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure, or restriction, the controller must notify all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, commonly used, machine-readable format or to request transmission to another controller, where technically feasible.

  • Right to withdraw consent pursuant to Art. 7(3) GDPR: You have the right to withdraw consent at any time with effect for the future. In case of withdrawal, we will delete the data immediately unless further processing is based on another legal basis. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

11) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and—if applicable—also by statutory retention periods (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent in accordance with Art. 6(1)(a) GDPR, this data is stored until the data subject withdraws consent.

If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the retention periods expire, provided it is no longer required for contract fulfillment or initiation and/or we have no legitimate interest in continued storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject exercises their right to object under Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject exercises their right to object under Art. 21(2) GDPR.

Unless otherwise stated in this policy regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.