Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data refers to any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Anne Geldermann, Anne Geldermann Art, Krahhöhe 13, 96476 Bad Rodach, Germany, Tel.: 0152/52360847, E-Mail: anne.geldermann2612@gmail.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for purely informational purposes — i.e. if you do not register or otherwise provide us with information — we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The page visited
Date and time of access
Amount of data sent in bytes
Source/referral from which you reached the page
Browser used
Operating system used
IP address used (where applicable: in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying its content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Shopify

We use a content delivery network provided by: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data may also be transferred to:

Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

For data transfers to the USA, the data recipient has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

4) Contact

When you contact us (e.g. via contact form or email), personal data is processed solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your inquiry relates to a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted once it can be determined from the circumstances that the matter in question has been fully resolved, provided there are no statutory retention obligations to the contrary.

5) Data Processing When Opening a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. The data required to open an account can be found in the input mask of the relevant form on our website.

You may delete your customer account at any time by contacting us at the address of the controller stated above. Once your account is deleted, your data will be erased provided that all contracts concluded through it have been fully processed, no statutory retention periods apply, and we have no legitimate interest in continued storage.

6) Data Processing for Order Fulfillment

6.1 Where necessary for the processing of contracts for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned financial institution in accordance with Art. 6(1)(b) GDPR.

Where we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact details you provided when placing your order in order to inform you personally within the scope of our statutory information obligations in accordance with Art. 6(1)(c) GDPR. Your contact details will be used strictly for the purpose of communicating updates we are obliged to provide and will only be processed by us to the extent necessary for the respective notification.

For the processing of your order, we also work with the service provider(s) listed below, who support us in whole or in part in the fulfillment of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

6.2 Disclosure of Personal Data to Shipping Service Providers

- Deutsche Post As our shipping service provider, we use: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.

We will pass on your email address and/or telephone number to the provider prior to delivery for the purpose of arranging a delivery date or notifying you of delivery, in accordance with Art. 6(1)(a) GDPR, provided you have given your express consent during the ordering process. Otherwise, we will only pass on the recipient's name and delivery address to the provider for delivery purposes in accordance with Art. 6(1)(b) GDPR. Data is only disclosed to the extent necessary for the delivery of goods. In this case, prior arrangement of a delivery date or delivery notification with the provider is not possible.