Privacy policy

PRIVACY POLICY
As of: 27 December 2025

1. Who is responsible?
   The controller within the meaning of data protection laws (in particular the GDPR) is:

DomDom’s Supply
Wagnerstraße 30
28876 Oyten
Germany
E-Mail: dominik_vermehren@icloud.com

1. What is this about?
   This Privacy Policy explains which personal data we process when you visit our online shop, make purchases there, or communicate with us. “Personal data” is any information that relates to you or by which you can be identified.

2. On what basis do we process data?
   We process personal data only if there is a legal basis for doing so. Depending on the situation, this is in particular:

• performance of a contract / pre-contractual measures (Art. 6(1)(b) GDPR)

• legal obligation (Art. 6(1)(c) GDPR)

• legitimate interest (Art. 6(1)(f) GDPR), e.g. IT security, prevention of misuse, efficient communication

• consent (Art. 6(1)(a) GDPR), e.g. for optional marketing/tracking

1. Which data do we process – and for what?

A) Visiting the website (technical provision)
When you access the website, technically necessary data is processed, e.g.:

• IP address

• date/time, time zone

• browser and device information

• pages/files accessed, referrer URL

• log/security data

Purposes: delivery of the website, stability, security, error analysis, defence against misuse/attacks.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest) and – insofar as the use of technically necessary cookies/similar technologies is required – Section 25(2) TDDDG.

B) Order / contract performance
When you place an order, we process in particular:

• name, billing and shipping address

• e-mail address, if applicable telephone number (e.g. for delivery coordination)

• order data (items, size, quantity, price, time)

• payment status / transaction information (no full card data)

• enquiries/communication regarding the order, returns/refunds

Purposes: conclusion of the contract, processing, shipping, returns, customer support.
Legal basis: Art. 6(1)(b) GDPR.

C) Payments (PayPal, Klarna, Shopify Payments)
For payment processing, depending on the payment method you choose, we transfer the required data to the respective payment service provider (e.g. name, address, e-mail, shopping cart content, amount, payment information, risk/fraud indicators).
Legal bases: Art. 6(1)(b) GDPR (contract) and, if applicable, Art. 6(1)(f) GDPR (fraud prevention, protection against payment default).

Payment service providers (depending on selection at checkout):

• PayPal: https://www.paypal.com/de/legalhub/paypal/privacy-full

• Klarna: https://www.klarna.com/de/datenschutz/

• Shopify Payments (payment processing via Shopify; depending on the region typically with payment service providers such as Stripe): https://www.shopify.com/legal/privacy

• Stripe (privacy): https://stripe.com/at/privacy

Note: As a rule, we do not store full credit card data ourselves, but receive e.g. payment confirmations/status information and transaction identifiers.

D) Shipping / delivery
For delivery, we transfer data to shipping/logistics service providers insofar as this is necessary for delivery (e.g. name, delivery address, if applicable e-mail/telephone for delivery information).
Legal basis: Art. 6(1)(b) GDPR.

E) Communication & Support
If you contact us (e.g. by e-mail), we process your contact data and the content of your message.
Purposes: handling your request, support, documentation.
Legal basis: Art. 6(1)(b) GDPR (if it concerns a contract/order) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

F) Fraud prevention, IT security
We may process data to detect and prevent misuse, fraud or attacks (e.g. unusual order patterns, technical security indicators).
Legal basis: Art. 6(1)(f) GDPR.

G) Marketing / advertising (Instagram, TikTok & possibly other channels)
We want to promote our brand. For this purpose, technologies may be used – only if you consent in the cookie banner – that enable reach measurement and personalised advertising (e.g. pixels/tags, conversion measurement).
Purposes: marketing, measuring the success of campaigns, personalisation of advertising.
Legal basis: Art. 6(1)(a) GDPR (consent) and Section 25(1) TDDDG (consent for non-essential technologies).

Typical recipients/partners may be:

• Meta (Instagram/Facebook) and affiliated companies

• TikTok and affiliated companies

• other advertising/analytics partners, provided you consent in the cookie banner

Important: You can view at any time in the cookie settings which optional partners/tools are active and can also change or withdraw your consent there.

1. Cookies & similar technologies (cookie banner)
   We use cookies and similar technologies (e.g. local storage, pixels) to

• provide the shop technically (necessary) and

• optionally enable statistics/marketing (only with consent).

Necessary technologies:

• required for core functions (e.g. shopping cart, checkout, security).
  Legal basis: Art. 6(1)(f) GDPR and Section 25(2) TDDDG.

Optional statistics/marketing technologies:

• only after your consent in the cookie banner.
  Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

You can change or withdraw your decision at any time via the cookie settings (banner).

1. Shopify as a platform (hosting/shop functions)
   Our shop is provided via Shopify. Shopify processes data to operate the shop technically (hosting, checkout functions, security mechanisms) and may – depending on activated functions – also process data for its own purposes (e.g. to improve Shopify services or extended features).
   More information:

• Shopify Consumer Privacy Policy: https://www.shopify.com/legal/privacy/consumers

• Shopify Privacy Controls/Portal: https://privacy.shopify.com

1. Who receives your data? (recipients/categories)
   We disclose personal data only insofar as it is necessary for the purposes:

• Shopify (shop platform, hosting, checkout)

• payment service providers (PayPal, Klarna, Shopify Payments/if applicable Stripe; depending on selection at checkout)

• shipping/logistics service providers

• IT/hosting/security service providers (e.g. for operation/protection of the website)

• marketing/advertising partners (e.g. Meta, TikTok), but only with your consent

• authorities/courts/tax advisors/legal advisors, if required (e.g. legal obligations, enforcement of rights)

1. International data transfers (EU/world)
   Since Shopify and potentially other service providers operate worldwide, it may happen that data is also processed outside the European Economic Area (EEA) (e.g. USA/Canada). In such cases, we rely – where required – on appropriate safeguards, in particular the EU Commission’s Standard Contractual Clauses, or on adequacy decisions, where available.

2. How long do we store data?
   We store personal data only as long as it is necessary for the purposes stated, or as long as statutory retention obligations exist.

• Contract/order data is stored for contract performance and thereafter in accordance with commercial and tax law requirements (depending on document type typically 6, 8 or 10 years).

• Support/communication data is stored as long as necessary for processing and documentation.

• Consents (e.g. marketing) are stored as evidence until withdrawal and/or as long as we need the evidence.

1. Your rights (GDPR)
   Subject to the applicable requirements, you have the following rights:

• access (Art. 15 GDPR)

• rectification (Art. 16 GDPR)

• erasure (Art. 17 GDPR)

• restriction of processing (Art. 18 GDPR)

• data portability (Art. 20 GDPR)

• objection to processing (Art. 21 GDPR), in particular to direct marketing

• withdrawal of your consent (Art. 7(3) GDPR) with effect for the future

For requests, an e-mail to: dominik_vermehren@icloud.com is sufficient.

1. Right to lodge a complaint
   You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is in particular the supervisory authority of your place of residence or of our company’s registered office.

2. Obligation to provide data
   Certain data is required for an order (e.g. name, address, contact details, payment data). Without this data, we generally cannot perform the contract.

3. Minors
   Our shop is not directed at children. We do not knowingly process personal data of children.

4. Security
   We implement appropriate technical and organisational measures to protect your data. However, no data transmission on the internet can guarantee absolute protection.

5. Changes
   We may update this Privacy Policy, e.g. if the services used or legal requirements change. The current version can be found on this page.