Privacy Policy
10. eCommerce and payment service providers
9. Online marketing and partner programs
8. Plug-ins and Tools
7. Newsletter
6. Analysis tools and advertising
5. Social media
4. Recording of data on this website
3. General information and mandatory information
2. Hosting and Content Delivery Networks (CDN)
1. An overview of data protection
General information
The following information will provide you with an easy-to-navigate overview of what happens to your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about data protection, please consult our full Privacy Policy below.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data on this website is processed by the website operator. You can find the operator’s contact details in the section “Information about the responsible party (controller)” in this Privacy Policy.
How do we record your data?
Your data is collected when you provide it to us. This may include information you enter into our contact form.
Other data is collected automatically or after your consent during your visit to the website. This data primarily includes technical information (e.g., browser type, operating system, time of access). This information is recorded automatically when you access the website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze how visitors use the website.
What rights do you have regarding your personal data?
You have the right to request information at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data.
If data processing is based on your consent, you may revoke this consent at any time with effect for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances.
Furthermore, you have the right to lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD).
If you have any questions about data protection, you may contact us at any time.
Analysis tools and third-party tools
Your browsing behavior may be analyzed statistically when visiting this website. Such analyses are performed primarily using analytics tools. For more detailed information, please refer to the following sections of this Privacy Policy.
1. An overview of data protection
External Hosting
This website is hosted externally. Personal data collected on this website is stored on the servers of the hosting providers. This may include, but is not limited to, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access data, and other data generated via the website.
External hosting is carried out for the purpose of fulfilling a contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in our legitimate interest in the secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If we obtain your consent (e.g., for cookie storage or device access), processing is based on Art. 6(1)(a) GDPR. Consent can be withdrawn at any time.
Our hosting providers only process your data to the extent necessary to fulfil their service obligations and in accordance with our instructions.
We use the following hosting providers:
Showit, Inc.
2490 S Gilbert Rd #200
Chandler, AZ 85286
USA
WP Engine
Beyond Aldgate, 2 Leman Street #5032
London, E1 8FA
United Kingdom
Amazon Web Services (AWS)
Showit uses Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (“AWS”).
When you visit our website, your personal data may be processed on AWS servers. This may also involve transfers of personal data to AWS’s parent company in the United States. The transfer is based on the European Commission’s Standard Contractual Clauses (SCCs). Details:
https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/
For more information, please see the AWS Privacy Policy:
https://aws.amazon.com/privacy/
AWS is used on the basis of our legitimate interest in providing a highly reliable website (Art. 6(1)(f) GDPR). If consent is obtained, processing may also be based on Art. 6(1)(a) GDPR. Consent can be withdrawn at any time.
AWS participates in the EU–US Data Privacy Framework (DPF). For details:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOWQAA4
Cloudflare
Showit uses the Cloudflare service, provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”).
Cloudflare provides a global content delivery network (CDN) and DNS services. Data transmission between your browser and our website may be routed through Cloudflare’s network. Cloudflare may analyze this traffic and filter potentially malicious requests. Cloudflare may use cookies or similar technologies strictly for these security and performance purposes.
The use of Cloudflare is based on our legitimate interest in ensuring the secure and error-free provision of our website (Art. 6(1)(f) GDPR).
Data transfers to the United States are based on the Standard Contractual Clauses (SCCs):
https://www.cloudflare.com/privacypolicy/
Cloudflare also participates in the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0
Google Ajax API / jQuery CDN
Our website uses the Google Ajax API to load the JavaScript library jQuery. Provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This enables fast and stable delivery of website content through Google’s global CDN. When accessing a page that uses this feature, your browser connects to Google servers, which may transmit your IP address and technical request information.
The use of Google Ajax API is based on our legitimate interest in ensuring efficient and secure delivery of our website (Art. 6(1)(f) GDPR).
Data transfers to the USA are based on the Standard Contractual Clauses (SCCs):
https://privacy.google.com/businesses/controllerterms/mccs/
Google participates in the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/participant/5780
2. Hosting and Content Delivery Networks (CDN)
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the applicable data protection regulations and this Privacy Policy. Whenever you use this website, various personal data may be collected. Personal data includes any information that can be used to personally identify you. This Privacy Policy explains what data we collect, how we collect it, and for what purposes. We would like to point out that the transmission of data over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
Kim Preis
Estrada Nacional 247 No. 19, Bloco A, 1. Dto.
2655-496 Ericeira
Portugal
Phone: +351 937 143 935
Email: legal@studio-wildlight.com
The controller is the natural person or legal entity that alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage duration
Unless a more specific retention period is stated in this Privacy Policy, your personal data will remain with us until the purpose for which it was collected no longer applies.
If you request the deletion of your data or revoke your consent to processing, your data will be deleted unless we have other legally permissible reasons to retain it (e.g., statutory tax or commercial retention requirements). In such cases, deletion will occur once those obligations expire.
General information on the legal basis for data processing on this website
Information on the relevant legal basis for individual processing operations can be found in the respective sections of this Privacy Policy.
Notice on data transfers to the USA and other third countries
We use tools from companies based in the USA and in other countries outside the EU/EEA that may not offer an equivalent level of data protection. When such tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that the United States is generally considered to offer an adequate level of protection where the respective provider is certified under the EU–US Data Privacy Framework (DPF) or provides additional appropriate safeguards. Information about third-country transfers, including the relevant recipients, is described in this Privacy Policy.
Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You may revoke your previously given consent at any time. The legality of the processing carried out prior to revocation remains unaffected.
Right to object to data processing in special cases; right to object to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING, INCLUDING PROFILING RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to lodge a complaint with the supervisory authority
If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State where you reside, work, or where the alleged infringement occurred.
For Portugal, the competent authority is:
CNPD – Comissão Nacional de Proteção de Dados
https://www.cnpd.pt
This right is available without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used, machine-readable format. You may also request the direct transfer of this data to another controller, where technically feasible.
Right of access, rectification, and deletion
Within the scope of the applicable legal provisions, you have the right to request information about your stored personal data, its origin and recipients, and the purposes of processing at any time. You also have the right to request rectification or deletion of this data.
If you have questions about this or any other matter relating to your personal data, you may contact us at any time.
Right to restriction of processing
You have the right to request restriction of the processing of your personal data. This right applies in the following situations:
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can identify an encrypted connection when the browser’s address line switches from “http://” to “https://” and a lock symbol appears. If encryption is active, the data you transmit to us cannot be read by third parties.
Rejection of unsolicited emails
We object to the use of the contact information published within the legal notice obligations for the purpose of sending unsolicited advertising or informational materials. The website operators reserve the right to take legal action against the sending of unsolicited promotional information, such as spam emails.
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the applicable data protection regulations and this Privacy Policy. Whenever you use this website, various personal data may be collected. Personal data includes any information that can be used to personally identify you. This Privacy Policy explains what data we collect, how we collect it, and for what purposes. We would like to point out that the transmission of data over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
Kim Preis
Estrada Nacional 247 No. 19, Bloco A, 1. Dto.
2655-496 Ericeira
Portugal
Phone: +351 937 143 935
Email: legal@studio-wildlight.com
The controller is the natural person or legal entity that alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage duration
Unless a more specific retention period is stated in this Privacy Policy, your personal data will remain with us until the purpose for which it was collected no longer applies.
If you request the deletion of your data or revoke your consent to processing, your data will be deleted unless we have other legally permissible reasons to retain it (e.g., statutory tax or commercial retention requirements). In such cases, deletion will occur once those obligations expire.
General information on the legal basis for data processing on this website
- If you have consented to data processing, your personal data is processed on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed.
- If you have given explicit consent to data transfer to third countries, processing is additionally carried out on the basis of Art. 49(1)(a) GDPR.
- If your data is required for the performance of a contract or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR.
- If processing is required to comply with a legal obligation, we rely on Art. 6(1)(c) GDPR.
- Processing may also occur on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR.
Information on the relevant legal basis for individual processing operations can be found in the respective sections of this Privacy Policy.
Notice on data transfers to the USA and other third countries
We use tools from companies based in the USA and in other countries outside the EU/EEA that may not offer an equivalent level of data protection. When such tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that the United States is generally considered to offer an adequate level of protection where the respective provider is certified under the EU–US Data Privacy Framework (DPF) or provides additional appropriate safeguards. Information about third-country transfers, including the relevant recipients, is described in this Privacy Policy.
Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You may revoke your previously given consent at any time. The legality of the processing carried out prior to revocation remains unaffected.
Right to object to data processing in special cases; right to object to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOU OBJECT, WE WILL STOP PROCESSING YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING, INCLUDING PROFILING RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to lodge a complaint with the supervisory authority
If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State where you reside, work, or where the alleged infringement occurred.
For Portugal, the competent authority is:
CNPD – Comissão Nacional de Proteção de Dados
https://www.cnpd.pt
This right is available without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used, machine-readable format. You may also request the direct transfer of this data to another controller, where technically feasible.
Right of access, rectification, and deletion
Within the scope of the applicable legal provisions, you have the right to request information about your stored personal data, its origin and recipients, and the purposes of processing at any time. You also have the right to request rectification or deletion of this data.
If you have questions about this or any other matter relating to your personal data, you may contact us at any time.
Right to restriction of processing
You have the right to request restriction of the processing of your personal data. This right applies in the following situations:
- If you contest the accuracy of the personal data, we may restrict processing while we verify the claim.
- If processing is unlawful, you may request restriction instead of deletion.
- If we no longer need your data but you need it to establish, exercise, or defend legal claims.
- If you have objected pursuant to Art. 21(1) GDPR, processing may be restricted until a balancing of interests has been completed.
- If processing is restricted, your personal data may be processed—aside from storage—only with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of another person’s rights, or for important reasons of public interest of the EU or a Member State.
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can identify an encrypted connection when the browser’s address line switches from “http://” to “https://” and a lock symbol appears. If encryption is active, the data you transmit to us cannot be read by third parties.
Rejection of unsolicited emails
We object to the use of the contact information published within the legal notice obligations for the purpose of sending unsolicited advertising or informational materials. The website operators reserve the right to take legal action against the sending of unsolicited promotional information, such as spam emails.
3. General information and mandatory information
Cookies
Our website uses “cookies.” Cookies are small data files that do not harm your device. Some cookies are temporary (session cookies) and are automatically deleted when you leave the site. Others remain stored on your device until you delete them (persistent cookies). Cookies may be set by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies allow the integration of certain external services (e.g., video embeds, payment tools, analytics).
Cookies serve various purposes. Some are technically necessary for website functionality (e.g., to play embedded videos or ensure security). Others are used for analytics or marketing. Cookies that are required for the functioning of electronic communication processes or essential website functions are stored based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the technically error-free and optimized provision of our website.
If we ask for your consent to store cookies or use similar technologies, processing is based on Art. 6(1)(a) GDPR. You may revoke your consent at any time. You can configure your browser to notify you about cookie placements, allow cookies only in individual cases, exclude them entirely, or automatically delete them upon closing your browser. Deactivating cookies may limit certain website functionalities.
Information about which cookies and services are used on this website can be found throughout this Privacy Policy.
CCM19
Our website uses the consent management platform CCM19, provided by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, to obtain and document your consent for the use of cookies and similar technologies in a GDPR-compliant manner.
When you access our website, a connection is established with CCM19’s servers in order to retrieve and record your cookie consent preferences. CCM19 then stores a cookie in your browser to assign granted consents or revocations. The data collected through CCM19 is stored until you request deletion, delete the CCM19 cookie yourself, or the purpose of storage no longer applies. Statutory retention requirements remain unaffected.
We use CCM19 to ensure legally compliant cookie consent management. The legal basis for this is Art. 6(1)(c) GDPR (legal obligation to obtain consent where required) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in legally compliant and transparent consent management).
Data Processing Agreement:
We have concluded a Data Processing Agreement (DPA) with CCM19 in accordance with Art. 28 GDPR.
Server log files
Our hosting provider (Showit) automatically collects and stores information in server log files that your browser transmits to us. This includes:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing device
Time of the server request
IP address
This data is not combined with other data sources.
The collection of this data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the technically error-free presentation and optimization of our website.
Contact form
If you send us inquiries using our contact form, the data you provide (including contact details) is stored to respond to your inquiry and for potential follow-up questions. We do not share this information without your consent.
Processing is based on Art. 6(1)(b) GDPR where the request relates to a contractual or pre-contractual relationship. In all other cases, processing is based on our legitimate interest in handling inquiries effectively (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR). Consent may be revoked at any time.
Data from the contact form remains with us until you request deletion, revoke consent, or the storage purpose no longer applies. Mandatory retention periods remain unaffected.
We use the external service provider Moxie to provide and manage our contact forms. Details are provided below.
Request by email or phone
If you contact us by email or phone, your inquiry and related personal data (e.g., name, details of the request) are processed for the purpose of handling your inquiry.
Processing is based on Art. 6(1)(b) GDPR if the inquiry is contract-related; otherwise on Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).
Your data will be stored until you request deletion, revoke consent, or the purpose of storage is no longer given. Statutory retention obligations remain unaffected.
Moxie
We use Moxie, provided by Hectic LLC, 1615 Platte Street, Suite 200, Denver, CO 80202, USA, to manage client communication, inquiries, contracts, and project workflows.
When you contact us through a Moxie-integrated form, your data (e.g., name, email address, project details) is processed to manage and respond to your inquiry and, where applicable, to initiate or administer client relationships.
Moxie processes personal data on our behalf in accordance with applicable GDPR requirements. Data may be transferred to servers in the United States. We point out that the USA currently does not provide a level of data protection equivalent to the EU. Risks include possible access by US authorities without sufficient legal remedies.
To ensure adequate protection, Moxie relies on the European Commission’s Standard Contractual Clauses (SCCs).
Further information can be found in Moxie’s Privacy Policy:
https://withmoxie.com/privacy-policy
We have signed a Data Processing Agreement (DPA) with Moxie pursuant to Art. 28 GDPR.
Our website uses “cookies.” Cookies are small data files that do not harm your device. Some cookies are temporary (session cookies) and are automatically deleted when you leave the site. Others remain stored on your device until you delete them (persistent cookies). Cookies may be set by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies allow the integration of certain external services (e.g., video embeds, payment tools, analytics).
Cookies serve various purposes. Some are technically necessary for website functionality (e.g., to play embedded videos or ensure security). Others are used for analytics or marketing. Cookies that are required for the functioning of electronic communication processes or essential website functions are stored based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the technically error-free and optimized provision of our website.
If we ask for your consent to store cookies or use similar technologies, processing is based on Art. 6(1)(a) GDPR. You may revoke your consent at any time. You can configure your browser to notify you about cookie placements, allow cookies only in individual cases, exclude them entirely, or automatically delete them upon closing your browser. Deactivating cookies may limit certain website functionalities.
Information about which cookies and services are used on this website can be found throughout this Privacy Policy.
CCM19
Our website uses the consent management platform CCM19, provided by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, to obtain and document your consent for the use of cookies and similar technologies in a GDPR-compliant manner.
When you access our website, a connection is established with CCM19’s servers in order to retrieve and record your cookie consent preferences. CCM19 then stores a cookie in your browser to assign granted consents or revocations. The data collected through CCM19 is stored until you request deletion, delete the CCM19 cookie yourself, or the purpose of storage no longer applies. Statutory retention requirements remain unaffected.
We use CCM19 to ensure legally compliant cookie consent management. The legal basis for this is Art. 6(1)(c) GDPR (legal obligation to obtain consent where required) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in legally compliant and transparent consent management).
Data Processing Agreement:
We have concluded a Data Processing Agreement (DPA) with CCM19 in accordance with Art. 28 GDPR.
Server log files
Our hosting provider (Showit) automatically collects and stores information in server log files that your browser transmits to us. This includes:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing device
Time of the server request
IP address
This data is not combined with other data sources.
The collection of this data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the technically error-free presentation and optimization of our website.
Contact form
If you send us inquiries using our contact form, the data you provide (including contact details) is stored to respond to your inquiry and for potential follow-up questions. We do not share this information without your consent.
Processing is based on Art. 6(1)(b) GDPR where the request relates to a contractual or pre-contractual relationship. In all other cases, processing is based on our legitimate interest in handling inquiries effectively (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR). Consent may be revoked at any time.
Data from the contact form remains with us until you request deletion, revoke consent, or the storage purpose no longer applies. Mandatory retention periods remain unaffected.
We use the external service provider Moxie to provide and manage our contact forms. Details are provided below.
Request by email or phone
If you contact us by email or phone, your inquiry and related personal data (e.g., name, details of the request) are processed for the purpose of handling your inquiry.
Processing is based on Art. 6(1)(b) GDPR if the inquiry is contract-related; otherwise on Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).
Your data will be stored until you request deletion, revoke consent, or the purpose of storage is no longer given. Statutory retention obligations remain unaffected.
Moxie
We use Moxie, provided by Hectic LLC, 1615 Platte Street, Suite 200, Denver, CO 80202, USA, to manage client communication, inquiries, contracts, and project workflows.
When you contact us through a Moxie-integrated form, your data (e.g., name, email address, project details) is processed to manage and respond to your inquiry and, where applicable, to initiate or administer client relationships.
Moxie processes personal data on our behalf in accordance with applicable GDPR requirements. Data may be transferred to servers in the United States. We point out that the USA currently does not provide a level of data protection equivalent to the EU. Risks include possible access by US authorities without sufficient legal remedies.
To ensure adequate protection, Moxie relies on the European Commission’s Standard Contractual Clauses (SCCs).
Further information can be found in Moxie’s Privacy Policy:
https://withmoxie.com/privacy-policy
We have signed a Data Processing Agreement (DPA) with Moxie pursuant to Art. 28 GDPR.
4. Recording of data on this website
Pinterest-Tag
We use the Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
The Pinterest Tag allows us to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you, either on our website or on other websites that use the Pinterest Tag.
The Pinterest Tag collects data such as Tag ID, location, referrer URL, and action-specific information (e.g., order value, quantity, order number, product category, video views).
Pinterest uses technologies such as cookies and device fingerprinting to recognize users across websites and analyze user behavior.
If we obtain your consent, the use of this service is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, processing is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in effective marketing and website optimization.
Pinterest operates globally, which means personal data may be transferred to the United States. According to Pinterest, such transfers are based on the European Commission’s Standard Contractual Clauses (SCCs). Details:
https://policy.pinterest.com/en/privacy-policy
Further information about the Pinterest Tag can be found here:
https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag
We use the Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
The Pinterest Tag allows us to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you, either on our website or on other websites that use the Pinterest Tag.
The Pinterest Tag collects data such as Tag ID, location, referrer URL, and action-specific information (e.g., order value, quantity, order number, product category, video views).
Pinterest uses technologies such as cookies and device fingerprinting to recognize users across websites and analyze user behavior.
If we obtain your consent, the use of this service is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, processing is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in effective marketing and website optimization.
Pinterest operates globally, which means personal data may be transferred to the United States. According to Pinterest, such transfers are based on the European Commission’s Standard Contractual Clauses (SCCs). Details:
https://policy.pinterest.com/en/privacy-policy
Further information about the Pinterest Tag can be found here:
https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag
Meta Pixel (formerly Facebook Pixel)
This website uses the Meta Pixel for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, data may also be transferred to the USA and other third countries.
The Meta Pixel allows us to track the behavior of visitors after they click on a Meta (Facebook/Instagram) advertisement and are redirected to our website. This enables us to evaluate the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the website operator, the collected data is anonymized. We cannot identify individual users. However, Meta may link this data to specific user profiles and process it for its own purposes in line with its Data Usage Policy: https://www.facebook.com/about/privacy/
This allows Meta to display ads on and outside the Meta platform. We have no control over this processing. The use of the Meta Pixel takes place based on your consent pursuant to Art. 6(1)(a) GDPR. Consent can be revoked at any time.
If personal data is collected on our website using the Meta Pixel and transferred to Meta, we and Meta Platforms Ireland Limited are jointly responsible for this data processing within the meaning of Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta. Any subsequent processing by Meta is not part of the joint controllership agreement.
The obligations under the joint controller arrangement are defined here: https://www.facebook.com/legal/controller_addendum
According to this agreement:
We are responsible for providing the Meta Pixel privacy information and ensuring the tool is implemented in a privacy-compliant manner.
Meta is responsible for the security of Meta’s products and for handling data subject rights relating to data processed by Meta.
You may assert data subject rights directly with Meta. If you contact us, we are obliged to forward your request to Meta.
Data transfer to the USA
Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses (SCCs): https://www.facebook.com/legal/EU_data_transfer_addendum
https://www.facebook.com/help/566994660333381
More information can be found in Meta’s Privacy Policy:https://www.facebook.com/about/privacy/
Opt-out options
You can disable Meta's “Custom Audiences” remarketing feature in your ad settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen (You must be logged in.)
If you do not have a Meta/Facebook account, you can opt out of user-based advertising through the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
Data Privacy Framework (DPF)
Meta participates in the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
This website uses the Meta Pixel for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, data may also be transferred to the USA and other third countries.
The Meta Pixel allows us to track the behavior of visitors after they click on a Meta (Facebook/Instagram) advertisement and are redirected to our website. This enables us to evaluate the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the website operator, the collected data is anonymized. We cannot identify individual users. However, Meta may link this data to specific user profiles and process it for its own purposes in line with its Data Usage Policy: https://www.facebook.com/about/privacy/
This allows Meta to display ads on and outside the Meta platform. We have no control over this processing. The use of the Meta Pixel takes place based on your consent pursuant to Art. 6(1)(a) GDPR. Consent can be revoked at any time.
If personal data is collected on our website using the Meta Pixel and transferred to Meta, we and Meta Platforms Ireland Limited are jointly responsible for this data processing within the meaning of Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta. Any subsequent processing by Meta is not part of the joint controllership agreement.
The obligations under the joint controller arrangement are defined here: https://www.facebook.com/legal/controller_addendum
According to this agreement:
We are responsible for providing the Meta Pixel privacy information and ensuring the tool is implemented in a privacy-compliant manner.
Meta is responsible for the security of Meta’s products and for handling data subject rights relating to data processed by Meta.
You may assert data subject rights directly with Meta. If you contact us, we are obliged to forward your request to Meta.
Data transfer to the USA
Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses (SCCs): https://www.facebook.com/legal/EU_data_transfer_addendum
https://www.facebook.com/help/566994660333381
More information can be found in Meta’s Privacy Policy:https://www.facebook.com/about/privacy/
Opt-out options
You can disable Meta's “Custom Audiences” remarketing feature in your ad settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen (You must be logged in.)
If you do not have a Meta/Facebook account, you can opt out of user-based advertising through the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
Data Privacy Framework (DPF)
Meta participates in the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Plausible
We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.
Plausible Analytics helps us analyze how visitors use our website. The following data is collected: page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. The HTTP request and IP address are stored in a hashed form for 24 hours; during this time, returning visitors can be recognized without personally identifying them. Personal identification is not possible.
If we obtain your consent, the use of this service is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, the use of this service is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in analyzing user behavior in order to optimize our website.
Data processing
We have concluded a Data Processing Agreement (DPA) with Plausible in accordance with Art. 28 GDPR, ensuring that personal data is processed only according to our instructions and in compliance with the GDPR.
We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.
Plausible Analytics helps us analyze how visitors use our website. The following data is collected: page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. The HTTP request and IP address are stored in a hashed form for 24 hours; during this time, returning visitors can be recognized without personally identifying them. Personal identification is not possible.
If we obtain your consent, the use of this service is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, the use of this service is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in analyzing user behavior in order to optimize our website.
Data processing
We have concluded a Data Processing Agreement (DPA) with Plausible in accordance with Art. 28 GDPR, ensuring that personal data is processed only according to our instructions and in compliance with the GDPR.
Hotjar
This website uses Hotjar, provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (https://www.hotjar.com
).
Hotjar is an analytics tool that helps us understand how visitors interact with our website. It can record mouse movements, scrolling behavior, and clicks. Hotjar may also detect how long your cursor stays in certain areas. These interactions allow Hotjar to create so-called “heatmaps,” which show which parts of the website users focus on most.
We can also see how long visitors remain on a page, at what point they leave, and at which point they stop filling out a form (conversion funnels).
Hotjar also includes features for collecting direct feedback from users, helping us improve the usability and performance of our website.
Hotjar uses technologies such as cookies and device fingerprinting to recognize users and analyze behavior patterns.
If we obtain your consent, the use of Hotjar is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, Hotjar is used on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in analyzing user behavior to optimize our online offerings.
Deactivation of Hotjar
To deactivate Hotjar, you can follow the instructions at:
https://www.hotjar.com/policies/do-not-track/
Please note that this must be done separately for each browser and device you use.
Further information about Hotjar’s data processing can be found in their privacy policy:
https://www.hotjar.com/privacy/
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with Hotjar in accordance with Art. 28 GDPR, ensuring that Hotjar processes personal data only according to our instructions and in compliance with EU data protection regulations.
This website uses Hotjar, provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (https://www.hotjar.com
).
Hotjar is an analytics tool that helps us understand how visitors interact with our website. It can record mouse movements, scrolling behavior, and clicks. Hotjar may also detect how long your cursor stays in certain areas. These interactions allow Hotjar to create so-called “heatmaps,” which show which parts of the website users focus on most.
We can also see how long visitors remain on a page, at what point they leave, and at which point they stop filling out a form (conversion funnels).
Hotjar also includes features for collecting direct feedback from users, helping us improve the usability and performance of our website.
Hotjar uses technologies such as cookies and device fingerprinting to recognize users and analyze behavior patterns.
If we obtain your consent, the use of Hotjar is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
If no consent is obtained, Hotjar is used on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in analyzing user behavior to optimize our online offerings.
Deactivation of Hotjar
To deactivate Hotjar, you can follow the instructions at:
https://www.hotjar.com/policies/do-not-track/
Please note that this must be done separately for each browser and device you use.
Further information about Hotjar’s data processing can be found in their privacy policy:
https://www.hotjar.com/privacy/
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with Hotjar in accordance with Art. 28 GDPR, ensuring that Hotjar processes personal data only according to our instructions and in compliance with EU data protection regulations.
6. Analysis tools and advertising
ConvertBox
We use ConvertBox to display interactive forms, opt-ins, and pop-ups on our website. The provider is ConvertBox Ltd., 20–22 Wenlock Road, London, N1 7GU, United Kingdom.
When you interact with a ConvertBox element (e.g., by submitting a form), personal data may be collected and processed to deliver the requested content and to support communication and marketing activities. Processing is carried out in accordance with applicable data protection laws.
ConvertBox processes data on our behalf and has implemented measures to comply with GDPR requirements. Although the provider is based in the United Kingdom, data transfers may occur outside the EEA. In such cases, appropriate safeguards—such as the European Commission’s Standard Contractual Clauses (SCCs)—are used to ensure an adequate level of data protection.
The legal basis for the use of ConvertBox is your consent (Art. 6(1)(a) GDPR). Consent may be withdrawn at any time.
Further information about ConvertBox’s data processing can be found in their privacy policy:
https://convertbox.com/privacy-policy/
We have concluded a Data Processing Agreement (DPA) with ConvertBox in accordance with Art. 28 GDPR.
We use ConvertBox to display interactive forms, opt-ins, and pop-ups on our website. The provider is ConvertBox Ltd., 20–22 Wenlock Road, London, N1 7GU, United Kingdom.
When you interact with a ConvertBox element (e.g., by submitting a form), personal data may be collected and processed to deliver the requested content and to support communication and marketing activities. Processing is carried out in accordance with applicable data protection laws.
ConvertBox processes data on our behalf and has implemented measures to comply with GDPR requirements. Although the provider is based in the United Kingdom, data transfers may occur outside the EEA. In such cases, appropriate safeguards—such as the European Commission’s Standard Contractual Clauses (SCCs)—are used to ensure an adequate level of data protection.
The legal basis for the use of ConvertBox is your consent (Art. 6(1)(a) GDPR). Consent may be withdrawn at any time.
Further information about ConvertBox’s data processing can be found in their privacy policy:
https://convertbox.com/privacy-policy/
We have concluded a Data Processing Agreement (DPA) with ConvertBox in accordance with Art. 28 GDPR.
Adobe Fonts
To ensure consistent and visually appealing font rendering, this website uses Adobe Fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. When you visit our website, your browser automatically loads the necessary fonts directly from Adobe in order to display them correctly on your device. This establishes a connection between your browser and Adobe’s servers in the United States. According to Adobe, no cookies are stored in connection with providing these fonts.
Data is processed on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in ensuring a uniform and optimized presentation of our website. If we obtain your consent, processing is based exclusively on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs). Details:
https://www.adobe.com/privacy/eudatatransfers.html
More information about Adobe Fonts: https://www.adobe.com/privacy/policies/adobe-fonts.html
Adobe’s full Privacy Policy: https://www.adobe.com/privacy/policy.html
Adobe participates in the EU–US Data Privacy Framework: https://www.dataprivacyframework.gov/participant/5660
To ensure consistent and visually appealing font rendering, this website uses Adobe Fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. When you visit our website, your browser automatically loads the necessary fonts directly from Adobe in order to display them correctly on your device. This establishes a connection between your browser and Adobe’s servers in the United States. According to Adobe, no cookies are stored in connection with providing these fonts.
Data is processed on the basis of Art. 6(1)(f) GDPR, as we have a legitimate interest in ensuring a uniform and optimized presentation of our website. If we obtain your consent, processing is based exclusively on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs). Details:
https://www.adobe.com/privacy/eudatatransfers.html
More information about Adobe Fonts: https://www.adobe.com/privacy/policies/adobe-fonts.html
Adobe’s full Privacy Policy: https://www.adobe.com/privacy/policy.html
Adobe participates in the EU–US Data Privacy Framework: https://www.dataprivacyframework.gov/participant/5660
Google Fonts (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Vimeo
This website uses plugins from the video platform Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.
When you visit a page on our website that contains a Vimeo video, a connection to Vimeo’s servers is established. This tells Vimeo which of our pages you have visited and transmits your IP address — even if you are not logged in to Vimeo or do not have a Vimeo account. The data is transferred to Vimeo servers in the United States.
If you are logged into your Vimeo account, Vimeo may associate your browsing behavior with your personal profile. You can prevent this by logging out before visiting our site. Vimeo uses cookies and similar recognition technologies (e.g., device fingerprinting) to identify website visitors. The use of Vimeo is based on our legitimate interest in presenting online content in an engaging and user-friendly way (Art. 6(1)(f) GDPR). If we obtain your consent, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs) and, according to Vimeo, on “legitimate business interests.” Details: https://vimeo.com/privacy
For more information on Vimeo’s handling of personal data, please see their Privacy Policy: https://vimeo.com/privacy
Vimeo participates in the EU–US Data Privacy Framework (DPF): https://www.dataprivacyframework.gov/participant/5711
This website uses plugins from the video platform Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.
When you visit a page on our website that contains a Vimeo video, a connection to Vimeo’s servers is established. This tells Vimeo which of our pages you have visited and transmits your IP address — even if you are not logged in to Vimeo or do not have a Vimeo account. The data is transferred to Vimeo servers in the United States.
If you are logged into your Vimeo account, Vimeo may associate your browsing behavior with your personal profile. You can prevent this by logging out before visiting our site. Vimeo uses cookies and similar recognition technologies (e.g., device fingerprinting) to identify website visitors. The use of Vimeo is based on our legitimate interest in presenting online content in an engaging and user-friendly way (Art. 6(1)(f) GDPR). If we obtain your consent, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses (SCCs) and, according to Vimeo, on “legitimate business interests.” Details: https://vimeo.com/privacy
For more information on Vimeo’s handling of personal data, please see their Privacy Policy: https://vimeo.com/privacy
Vimeo participates in the EU–US Data Privacy Framework (DPF): https://www.dataprivacyframework.gov/participant/5711
Youtube
This website embeds videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on our website that contains a YouTube embed, a connection to YouTube’s servers is established. This notifies YouTube which of our pages you have visited. YouTube may also store cookies or use similar technologies (e.g., device fingerprinting) on your device. These technologies allow YouTube to collect information about visitors to this website, generate video statistics, improve user experience, prevent fraudulent activity, and process the collected data within the Google advertising network. If you are logged into your YouTube account while browsing our website, YouTube may associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.
The use of YouTube is based on our legitimate interest in presenting online content in an appealing way (Art. 6(1)(f) GDPR).
If we obtain your consent, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR. Consent can be revoked at any time.
More information about the handling of user data can be found in YouTube’s Privacy Policy:
https://policies.google.com/privacy?hl=en
EU–US Data Privacy Framework (DPF)
Google is certified under the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/participant/5780
This website embeds videos from YouTube. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on our website that contains a YouTube embed, a connection to YouTube’s servers is established. This notifies YouTube which of our pages you have visited. YouTube may also store cookies or use similar technologies (e.g., device fingerprinting) on your device. These technologies allow YouTube to collect information about visitors to this website, generate video statistics, improve user experience, prevent fraudulent activity, and process the collected data within the Google advertising network. If you are logged into your YouTube account while browsing our website, YouTube may associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.
The use of YouTube is based on our legitimate interest in presenting online content in an appealing way (Art. 6(1)(f) GDPR).
If we obtain your consent, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR. Consent can be revoked at any time.
More information about the handling of user data can be found in YouTube’s Privacy Policy:
https://policies.google.com/privacy?hl=en
EU–US Data Privacy Framework (DPF)
Google is certified under the EU–US Data Privacy Framework (DPF):
https://www.dataprivacyframework.gov/participant/5780
8. Plug-ins and Tools
Affiliate Programs on this website
We participate in affiliate partner programs. Within such programs, advertisements or links to offers from partner companies (“advertisers”) may appear on this website. When you click one of these affiliate links and subsequently complete a qualifying action (a “conversion”), we may receive a commission at no additional cost to you.
To track commissions, affiliate networks must be able to determine which link led to the conversion. For this purpose, cookies or similar tracking technologies (e.g., device fingerprinting) may be used.
The processing of this data is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in the correct calculation of affiliate commissions.
If we obtain your consent (e.g., for non-essential cookies), processing is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
We may work with different affiliate networks and providers. The selection of partners may change over time. The processing practices of each affiliate partner comply with their respective privacy policies, which apply once you click an affiliate link and are redirected to their website.
We participate in affiliate partner programs. Within such programs, advertisements or links to offers from partner companies (“advertisers”) may appear on this website. When you click one of these affiliate links and subsequently complete a qualifying action (a “conversion”), we may receive a commission at no additional cost to you.
To track commissions, affiliate networks must be able to determine which link led to the conversion. For this purpose, cookies or similar tracking technologies (e.g., device fingerprinting) may be used.
The processing of this data is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in the correct calculation of affiliate commissions.
If we obtain your consent (e.g., for non-essential cookies), processing is based on Art. 6(1)(a) GDPR. Consent may be withdrawn at any time.
We may work with different affiliate networks and providers. The selection of partners may change over time. The processing practices of each affiliate partner comply with their respective privacy policies, which apply once you click an affiliate link and are redirected to their website.
9. Online marketing and partner programs
Payment Processing (Stripe and PayPal)
Payments are processed via the payment service providers Stripe and PayPal, which are connected to our ThriveCart checkout. We do not collect or store full payment details ourselves; however, we may have access to limited transaction information (e.g., payer name, email address, transaction ID, last four digits of a card) through our Stripe or PayPal merchant dashboards.
Processing of payment data is carried out for the performance of a contract (Art. 6(1)(b) GDPR) and in the interest of secure and efficient payment handling (Art. 6(1)(f) GDPR).
Stripe
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Privacy policy: https://stripe.com/privacy
EU Data Transfers: https://stripe.com/guides/general-data-protection-regulation
PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
Privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
EU Data Transfers: https://www.paypal.com/webapps/mpp/ua/pocpsa-full
Payments are processed via the payment service providers Stripe and PayPal, which are connected to our ThriveCart checkout. We do not collect or store full payment details ourselves; however, we may have access to limited transaction information (e.g., payer name, email address, transaction ID, last four digits of a card) through our Stripe or PayPal merchant dashboards.
Processing of payment data is carried out for the performance of a contract (Art. 6(1)(b) GDPR) and in the interest of secure and efficient payment handling (Art. 6(1)(f) GDPR).
Stripe
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Privacy policy: https://stripe.com/privacy
EU Data Transfers: https://stripe.com/guides/general-data-protection-regulation
PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
Privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
EU Data Transfers: https://www.paypal.com/webapps/mpp/ua/pocpsa-full
Thrivecart
We use the checkout platform ThriveCart (ThriveCart LLC, 221 W 6th St UNIT 910, Austin, TX 78701, USA) to process orders for digital products and services. When you place an order, the data you enter during checkout (e.g., name, email address, billing email, product selection, order value) is processed by ThriveCart to complete your purchase.
ThriveCart acts as a processor under Art. 28 GDPR and processes personal data solely on our instructions. We have concluded a Data Processing Agreement (DPA) with ThriveCart.
As part of providing the service, personal data may be transferred to the United States. These transfers are protected by the Standard Contractual Clauses (SCCs).
Details: https://legal.thrivecart.com/platform/eu-model-contract-clauses/
Privacy policy: https://legal.thrivecart.com/platform/privacy/
We use the checkout platform ThriveCart (ThriveCart LLC, 221 W 6th St UNIT 910, Austin, TX 78701, USA) to process orders for digital products and services. When you place an order, the data you enter during checkout (e.g., name, email address, billing email, product selection, order value) is processed by ThriveCart to complete your purchase.
ThriveCart acts as a processor under Art. 28 GDPR and processes personal data solely on our instructions. We have concluded a Data Processing Agreement (DPA) with ThriveCart.
As part of providing the service, personal data may be transferred to the United States. These transfers are protected by the Standard Contractual Clauses (SCCs).
Details: https://legal.thrivecart.com/platform/eu-model-contract-clauses/
Privacy policy: https://legal.thrivecart.com/platform/privacy/
10. eCommerce and payment service providers
Processing of Customer and Contract Data
We collect, process, and use personal data necessary for the initiation, execution, and management of contractual relationships. This includes data required to provide our services and to perform pre-contractual steps (usage data), insofar as it is necessary to enable you to use our services or to manage billing. The legal basis for this processing is Art. 6(1)(b) GDPR.
Customer and contract data will be deleted once the contractual relationship has ended and no statutory retention obligations apply. If legal retention requirements exist, the data will be deleted after those periods expire.
Data Transfer for Contract Fulfillment
We share personal data with third parties only when necessary to perform the contract — for example, with technical service providers involved in order processing (such as our checkout platform ThriveCart) and with payment service providers (Stripe or PayPal), which handle the actual payment transaction. Personal data is transmitted only to the extent required for the respective purpose. No further transfer takes place unless you have expressly consented to it. Your data will not be shared with third parties for advertising purposes without your explicit consent.
The legal basis for such processing is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual activities.
We collect, process, and use personal data necessary for the initiation, execution, and management of contractual relationships. This includes data required to provide our services and to perform pre-contractual steps (usage data), insofar as it is necessary to enable you to use our services or to manage billing. The legal basis for this processing is Art. 6(1)(b) GDPR.
Customer and contract data will be deleted once the contractual relationship has ended and no statutory retention obligations apply. If legal retention requirements exist, the data will be deleted after those periods expire.
Data Transfer for Contract Fulfillment
We share personal data with third parties only when necessary to perform the contract — for example, with technical service providers involved in order processing (such as our checkout platform ThriveCart) and with payment service providers (Stripe or PayPal), which handle the actual payment transaction. Personal data is transmitted only to the extent required for the respective purpose. No further transfer takes place unless you have expressly consented to it. Your data will not be shared with third parties for advertising purposes without your explicit consent.
The legal basis for such processing is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual activities.
