Privacy policy

Privacy Policy (Datenschutzerklärung)

Last updated: 19 December 2025

1. Controller (Verantwortlicher)

Within the meaning of Art. 4(7) GDPR, the controller is:

Cloud Art Aitracher Straße 12

87700 Memmingen, Germany

E-mail: shopcloudart@gmail.com

2. Scope

This Privacy Policy applies to all visitors and customers worldwide who access or use our website and online store. We process personal data in accordance with:

  • GDPR: EU General Data Protection Regulation

  • BDSG: German Federal Data Protection Act

  • TTDSG: Telecommunications-Telemedia Data Protection Act

Note: Where users access the website from outside the EU, EU data protection standards still apply because the controller is established in Germany (Art. 3 GDPR).

3. Hosting & E-Commerce Platform (Shopify)

Our online store is hosted by Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, Ireland). Shopify acts as a data processor under Art. 28 GDPR.

Data may be transferred to third countries (e.g., Canada, USA). These transfers are safeguarded through:

  • EU adequacy decisions.

  • Standard Contractual Clauses (Art. 46 GDPR).

More info: https://privacy.shopify.com

4. Personal Data We Process

Category Data Types
Contact & Order Name, billing/shipping address, email, phone number.
Payment Data Payment method, transaction confirmation (No full credit card details stored).
Account Data Encrypted login credentials, preferences, and settings.
Usage & Device IP address, browser/device info, date, time, and pages visited.
Communication Emails, contact form messages, customer service requests.

 

5. Legal Bases for Processing (Art. 6 GDPR)

  • Art. 6(1)(b): Contract performance (orders, delivery, payments).

  • Art. 6(1)(c): Legal obligations (tax & commercial law).

  • Art. 6(1)(f): Legitimate interests (security, fraud prevention).

  • Art. 6(1)(a): Consent (marketing, cookies, analytics).

6. Cookies & Consent Management (TTDSG)

a) Technically Necessary Cookies

Used under §25(2) TTDSG to enable website functionality (cart, checkout, security). No consent required.

b) Analytics & Marketing Cookies

Used only with your explicit consent (§25(1) TTDSG, Art. 6(1)(a) GDPR). This includes website analytics and personalized ads. Consent can be withdrawn at any time via our cookie banner.

7. Marketing & Communication

Marketing emails are sent only via double opt-in consent. You may unsubscribe at any time using the link in the email. Transactional emails (order confirmations) are not affected.

8. Disclosure of Personal Data

We share data only where legally permitted with:

  • Shopify and IT service providers.

  • Payment processors and shipping/logistics partners.

  • Accounting and tax authorities (if required).

9. International Data Transfers & Retention

  • Transfers: Data processed outside the EU/EEA is protected by adequacy decisions or Standard Contractual Clauses.

  • Retention: * Contractual data: Duration of the contract.

    • Accounting data: Up to 10 years (German tax law).

    • Marketing data: Until consent is withdrawn.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access & Rectification (Art. 15, 16)

  • Erasure & Restriction (Art. 17, 18)

  • Data Portability (Art. 20)

  • Right to Object & Withdraw Consent (Art. 21, 7)

Requests: shopcloudart@gmail.com

11. Supervisory Authority

You have the right to lodge a complaint with a data protection authority.

12. Security & Changes

We apply appropriate technical security measures, though complete security cannot be guaranteed. This policy may be updated to reflect legal or technical changes.