DecaPerfecta

Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Till Scheel
Merowingerstr. 5
72108 Rottenburg am Neckar
Germany
Phone: +49 176 83201689
Email: info@decaperfecta.com

For any questions regarding data protection, please contact us directly at the address above.


2. General Information on Data Processing

2.1 Scope of Processing

We process personal data only to the extent necessary to provide a functioning website and to deliver our content and services. Processing occurs either with the user's consent or where a legal basis permits it.

2.2 Legal Bases

Where we obtain consent for processing, the legal basis is Art. 6(1)(a) GDPR.

Where processing is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6(1)(b) GDPR. This also applies to processing carried out prior to entering into a contract.

Where processing is required to comply with a legal obligation, the legal basis is Art. 6(1)(c) GDPR.

Where processing is necessary for the purposes of our legitimate interests or those of a third party, and those interests are not overridden by the data subject's fundamental rights and freedoms, the legal basis is Art. 6(1)(f) GDPR.

2.3 Retention and Deletion

Personal data is deleted or restricted as soon as the purpose for which it was collected no longer applies. Retention beyond this point may occur where required by European or national law. Data will also be deleted or restricted upon expiry of any statutory retention period, unless continued retention is necessary for the conclusion or performance of a contract.


3. Website Hosting

3.1 Hosting Provider

Our website is hosted by:

Hostinger International Ltd.
61 Lordou Vironos Street, 6023 Larnaca, Cyprus

Website data is stored on servers located in France (European Union). Backups are stored in Lithuania (European Union). No transfer of data to third countries outside the EU occurs in connection with hosting.

Processing is carried out on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the technically reliable and secure operation of our website. A data processing agreement (DPA) has been concluded with Hostinger in accordance with Art. 28 GDPR.

3.2 Server Log Files

Each time our website is accessed, our system automatically collects data from the requesting device. The following data is recorded:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file accessed
  • Referring website (referrer URL)
  • Browser type and, where applicable, operating system

Log files are stored on our system. The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functionality and security of the website.


4. Cookies

Our website uses cookies — small text files stored on your device. Some cookies are technically necessary for the website to function (legal basis: Art. 6(1)(f) GDPR). Others serve analytical or marketing purposes and are only set with your consent (legal basis: Art. 6(1)(a) GDPR).

Consent is managed through our Consent Management Platform (Complianz). You may withdraw or adjust your consent at any time with effect for the future. For details on individual cookies, please refer to our Cookie Policy.


5. Contact

When you contact us by email or phone, the information you provide is stored for the purpose of handling your inquiry and any follow-up questions. The legal basis is Art. 6(1)(b) GDPR where your inquiry relates to the performance of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) GDPR).


6. Customer Account

You may create a customer account in our shop. Data collected for this purpose is used to process your orders and manage your account. Creating an account is optional — orders can also be placed as a guest without registration. The legal basis is Art. 6(1)(b) GDPR. You may delete your account at any time.


7. Orders and Contract Processing

To process your order, we collect the necessary data (including name, address, email address, and order details). Processing is carried out for the performance of the purchase contract on the basis of Art. 6(1)(b) GDPR.

Our shop is operated using WooCommerce. Order data is stored in our website database on the servers referenced in Section 3.1.

Where statutory retention obligations under commercial or tax law apply, we retain certain data for the duration of those periods (generally six to ten years). The legal basis is Art. 6(1)(c) GDPR.


8. Payment Processors

We work with the following payment processors to handle transactions. Your payment data is transmitted on the basis of Art. 6(1)(b) GDPR for the performance of the contract.

8.1 WooPayments / Stripe

Provider: Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data required for the transaction is transmitted to Stripe for processing.

Stripe may transfer data to its parent company, Stripe, Inc., in the United States. Stripe is certified under the EU–U.S. Data Privacy Framework; additionally, Stripe relies on Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information: https://stripe.com/privacy

8.2 PayPal

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg. Data required for payment processing is transmitted to PayPal upon selection of this payment method. Further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full


9. Shipping

To deliver ordered goods, we share your name and delivery address with our shipping partner (DHL). The legal basis is Art. 6(1)(b) GDPR. Provider: DHL Group, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany. Further information is available in DHL's privacy policy.


10. Web Analytics: Google Analytics

Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to analyze your use of the website. The information collected is generally transmitted to and stored on Google servers, which may involve a transfer to Google LLC in the United States. Google is certified under the EU–U.S. Data Privacy Framework; Standard Contractual Clauses pursuant to Art. 46 GDPR apply as a supplementary safeguard.

Google Analytics is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future via our Consent Management Platform.


11. Marketing and Tracking

Where you have given your consent, we use tracking technologies provided by the following services to measure the effectiveness of our advertising and to deliver relevant ads. The legal basis in each case is your consent pursuant to Art. 6(1)(a) GDPR, which you may withdraw at any time.

11.1 Meta Pixel (Facebook / Instagram)

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The Meta Pixel enables us to track the behavior of visitors who arrive at our website after clicking on a Meta advertisement. Data may be transferred to Meta Platforms, Inc. in the United States. Meta is certified under the EU–U.S. Data Privacy Framework; Standard Contractual Clauses pursuant to Art. 46 GDPR apply as a supplementary safeguard.

11.2 X Pixel (Twitter / X)

Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland. The X Pixel enables measurement of the effectiveness of advertising on the X platform. Data may be transferred to the United States, safeguarded by Standard Contractual Clauses pursuant to Art. 46 GDPR.


12. Data Subject Rights

With respect to your personal data, you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about the personal data we process concerning you. (Art. 15 DSGVO): Sie können Auskunft über die von uns verarbeiteten personenbezogenen Daten verlangen.
  • Recht auf Berichtigung (Art. 16 DSGVO): Sie können die Berichtigung unrichtiger Daten verlangen.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to any applicable statutory retention obligations.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR).
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time with effect for the future.
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

13. Right to Object

Where processing of your personal data is based on Art. 6(1)(f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.


14. Data Security

This website uses SSL/TLS encryption during your visit, employing the highest encryption level supported by your browser. This ensures that data transmitted to us cannot be read by third parties.


15. Currency and Amendments

This Privacy Policy is currently valid. As our website evolves or legal requirements change, it may become necessary to update this document accordingly.

 

DecaPerfecta