Privacy policy
Last updated: 12 March 2025
1) Introduction and Contact Details of the Controller
1.1
We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data means any information by which you can be personally identified.
1.2
The controller responsible for data processing on this website within the meaning of the UK General Data Protection Regulation (UK GDPR) is:
Ingo Eisenreich
Forststraße 4B
01689 Weinböhla
Germany
Telephone: +49 1523 5761288
Email: pibaluoffice@gmail.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
When you use our website for informational purposes only (i.e. if you do not register or otherwise provide us with information), we only collect data that your browser transmits to our server (so-called “server log files”).
When you access our website, we collect the following data which is technically necessary to display the website:
-
Website visited
-
Date and time of access
-
Amount of data sent (in bytes)
-
Source/reference from which you accessed the page
-
Browser used
-
Operating system used
-
IP address (possibly anonymised)
Processing is carried out in accordance with Article 6(1)(f) UK GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for other purposes. However, we reserve the right to review server log files retrospectively if there are concrete indications of unlawful use.
3) Hosting & Content Delivery Network
Shopify
We use the system of the following provider to host our website and display page content:
Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland
Data may also be transferred to:
Shopify Inc., Ottawa, Canada, and Shopify entities in the USA.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and to prohibit unauthorised disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision.
For transfers to the United States, the provider relies on Standard Contractual Clauses to ensure compliance with European and UK data protection standards.
4) Contact
4.1 Loox
We use the services of the following provider for review reminders:
Loox Online Ltd.
Rehov Har Sinai 2
6581602 Tel Aviv-Yafo
Israel
On the basis of your explicit consent pursuant to Article 6(1)(a) UK GDPR, we transmit your email address and, where applicable, additional customer data to the provider so that you may receive a review reminder by email.
You may withdraw your consent at any time with future effect by contacting us or the provider.
We have concluded a data processing agreement with the provider. An adequate level of data protection is ensured by an adequacy decision.
4.2 Contacting Us
When you contact us (e.g. via contact form or email), personal data is processed solely for the purpose of handling and responding to your enquiry and only to the extent necessary.
The legal basis is our legitimate interest pursuant to Article 6(1)(f) UK GDPR. If your contact relates to the conclusion of a contract, the additional legal basis is Article 6(1)(b) UK GDPR.
Your data will be deleted once your enquiry has been conclusively resolved, provided no statutory retention obligations apply.
5) Data Processing When Opening a Customer Account
Pursuant to Article 6(1)(b) UK GDPR, personal data will continue to be collected and processed if you provide it to us when opening a customer account.
The required data can be seen in the input form on our website.
You may delete your customer account at any time by contacting the controller at the above address. After deletion, your data will be erased provided all contracts have been fully processed and no statutory retention obligations apply.
6) Use of Customer Data for Direct Marketing
6.1 Email Newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers.
The only mandatory information required is your email address. Additional information is voluntary.
We use the double opt-in procedure to ensure that you only receive newsletters after explicitly confirming your consent via a verification link.
By activating the confirmation link, you grant us consent pursuant to Article 6(1)(a) UK GDPR. We store your IP address and the date and time of registration to prevent misuse.
You may unsubscribe at any time via the link provided in the newsletter or by contacting us. Your email address will then be removed from our mailing list immediately unless further lawful processing applies.
6.2 Basket Reminder Emails
If you abandon your purchase before completing your order, you may opt to receive a one-time email reminder of your shopping basket contents.
Your email address is mandatory for this service. We also use the double opt-in procedure here.
The legal basis is your consent pursuant to Article 6(1)(a) UK GDPR.
You may withdraw your consent at any time.
7) Data Processing for Order Fulfilment
7.1
To fulfil contracts for delivery and payment purposes, personal data is passed on to the appointed transport company and payment provider in accordance with Article 6(1)(b) UK GDPR.
If we owe updates for goods with digital elements or digital products, we process your contact data to inform you of updates as required by law pursuant to Article 6(1)(c) UK GDPR.
7.2 DSers
We use:
Bowers Enterprises, LLC
109 Cloister Drive
Peachtree City, GA 30269
USA
Personal data is transferred pursuant to Article 6(1)(b) UK GDPR for order fulfilment. For US transfers, Standard Contractual Clauses are relied upon.
7.3 Payment Providers
We offer payment via:
-
Apple Pay (Apple Distribution International, Ireland)
-
Klarna Bank AB, Stockholm, Sweden
-
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
Payment data is processed solely for payment handling pursuant to Article 6(1)(b) UK GDPR.
If a provider performs a credit check, this is based on Article 6(1)(f) UK GDPR (legitimate interest in assessing creditworthiness). You may object to such processing at any time.
8) Tools and Miscellaneous
Lexoffice
We use:
Haufe-Lexware GmbH & Co. KG
Munzinger Straße 9
79111 Freiburg
Germany
The provider processes invoices and financial data for accounting purposes pursuant to Article 6(1)(f) UK GDPR (legitimate interest in efficient accounting).
9) Rights of the Data Subject
Under applicable data protection law, you have the following rights:
-
Right of access (Article 15 UK GDPR)
-
Right to rectification (Article 16 UK GDPR)
-
Right to erasure (Article 17 UK GDPR)
-
Right to restriction of processing (Article 18 UK GDPR)
-
Right to data portability (Article 20 UK GDPR)
-
Right to withdraw consent (Article 7(3) UK GDPR)
-
Right to lodge a complaint with a supervisory authority (Article 77 UK GDPR)
Right to Object
If we process your data based on legitimate interests, you have the right to object at any time on grounds relating to your particular situation.
If your data is processed for direct marketing purposes, you may object at any time.
10) Duration of Storage of Personal Data
Personal data is stored only as long as necessary for the respective legal basis and purpose of processing and in accordance with statutory retention periods.
Data processed on the basis of consent is stored until consent is withdrawn.
Data processed under contractual obligations is stored in accordance with statutory retention periods.
Data processed on the basis of legitimate interests is stored until you exercise your right to object, unless overriding legitimate grounds apply.
If no specific retention period applies, personal data is deleted once it is no longer necessary for the purposes for which it was collected.
Pibalu
Email: pibaluoffice@gmail.com
Telephone: +49 1523 5761288