Datenschutzerklärung
Privacy Policy
1. Controller
The controller for data processing on this website is:
Kreativschicht.de
Sascha Bajonczak
Ostpreussenstr 235c
44866 Bochum
Germany
Email: kreativschicht_de@outlook.com
2. General information on data processing
We process personal data only to the extent necessary for providing our online shop, processing orders, communicating with customers, processing payments, delivering physical products, providing digital products, and analyzing and improving our offerings.
Personal data refers to all information that can directly or indirectly identify a person, such as name, address, email address, IP address, payment data, order data, or usage data.
Processing is carried out based on the General Data Protection Regulation, in particular Art. 6 para. 1 lit. a GDPR for consent, Art. 6 para. 1 lit. b GDPR for contract fulfillment, Art. 6 para. 1 lit. c GDPR for fulfilling legal obligations, and Art. 6 para. 1 lit. f GDPR for legitimate interests.
3. Hosting and Shop System Shopify
Our online shop is operated via Shopify. The provider is Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
Shopify processes data generated during visits to and use of our shop. This includes, in particular, technical access data, order data, customer data, payment information, delivery information, and communication data.
The processing takes place to provide the shop, securely process orders, manage products, customer accounts and orders, and fulfill our contractual obligations.
Personal data may be transferred to Shopify companies and service providers outside the European Union. Shopify uses appropriate safeguards for this, in particular standard contractual clauses.
Legal bases are Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR.
4. Access Data and Server Log Files
When you visit our shop, technical data is automatically processed. This may include:
-
IP address
-
Date and time of access
-
Visited pages
-
Browser type and browser version
-
Operating system
-
Referrer URL
-
Used device
This data is processed to technically provide the shop, ensure security, analyze errors, and prevent misuse.
The legal basis is Art. 6 para. 1 lit. f GDPR.
5. Cookies and Similar Technologies
Our shop uses cookies and similar technologies. Some cookies are technically necessary for the shop to function, for example, for the shopping cart, checkout, logging into customer accounts, and security features.
In addition, we only use analytics and marketing technologies based on consent, to the extent legally required.
Consent can be changed or revoked at any time via the cookie banner or the privacy settings.
Legal bases are Art. 6 para. 1 lit. a GDPR, § 25 TDDDG and, for technically necessary cookies, Art. 6 para. 1 lit. f GDPR.
6. Orders and Contract Processing
When you place an order in our shop, we process the data necessary for the order and contract processing. This includes, in particular:
-
Name
-
Billing address
-
Shipping address
-
Email address
-
Payment data
-
Ordered products
-
Order number
-
Communication data
-
For digital products, information about providing the download
The processing is carried out for order fulfillment, delivery of physical products, provision of digital products, invoicing, payment processing, and handling inquiries.
Legal bases are Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR.
7. Customer Accounts
Customer accounts can be created in our shop. We process the data required for setting up and using the customer account, in particular name, email address, order history, address data, and login information.
The customer account serves to manage orders more easily, view previous orders, and place future orders faster.
The legal basis is Art. 6 para. 1 lit. b GDPR.
You can request the deletion of your customer account at any time, provided that there are no legal retention obligations to the contrary.
8. Contact via Email
If you contact us via email, we process the data you provide to handle your request. This includes, in particular, your email address, your name, the content of your message, and, if applicable, order information.
Legal bases are Art. 6 para. 1 lit. b GDPR, if the inquiry relates to a contract, and Art. 6 para. 1 lit. f GDPR for general inquiries.
9. Payment Providers
We use external payment service providers for payment processing. Depending on the chosen payment method, payment data is transmitted to the respective payment provider.
Shopify Payments
We use Shopify Payments for payment processing. Payment data, billing data, order data, contact information, and technical data may be processed.
The processing is carried out for the execution of payment and for fraud prevention.
Legal bases are Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.
PayPal
When paying via PayPal, personal data is transmitted to PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
The processed data may include name, email address, invoice amount, order data, payment information, and technical data.
The legal basis is Art. 6 para. 1 lit. b GDPR.
Klarna
When paying via Klarna, personal data is transmitted to Klarna. The provider is Klarna Bank AB, Sweden.
Klarna processes data for payment processing, identity and credit checks, fraud prevention, and debt collection. This may include name, address, email address, telephone number, order data, payment data, and technical data.
Legal bases are Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.
10. Shipping and Delivery
For the delivery of physical products, we process the necessary data, in particular name, delivery address, email address, order data, and, if applicable, telephone number.
This data may be passed on to shipping service providers, as far as this is necessary for delivery.
The legal basis is Art. 6 para. 1 lit. b GDPR.
11. Digital Products and Downloads
When purchasing digital products, we process the data necessary to provide the download. This includes, in particular, order data, email address, payment status, and technical provision information.
The processing takes place for contract fulfillment.
The legal basis is Art. 6 para. 1 lit. b GDPR.
12. Newsletter via Shopify
If you subscribe to our newsletter, we use your email address to send you information about products, offers, and news.
The newsletter is sent only with your consent. You can unsubscribe from the newsletter at any time via the unsubscribe link in each email or by sending us a message.
The legal basis is Art. 6 para. 1 lit. a GDPR.
The newsletter is sent via Shopify. Data such as email address, subscription status, sending data, openings, and clicks may be processed.
13. Google Analytics
We use Google Analytics, a web analytics service provided by Google. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics helps us understand how visitors use our shop. Data such as page views, time spent, click behavior, device used, browser, approximate location, and IP address may be processed.
Its use is based solely on your consent via the cookie banner.
The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 TDDDG.
Personal data may be transferred to Google companies and service providers outside the European Union. Appropriate safeguards such as standard contractual clauses or adequacy mechanisms are used for this.
You can withdraw your consent at any time via the cookie settings.
14. Google Tag Manager
We use or plan to use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is used to manage website tags centrally. Google Tag Manager itself does not create user profiles and does not store analytical or marketing data. However, when the service loads, technical data, in particular the IP address, can be transmitted to Google. In addition, other services can be integrated via Google Tag Manager, which in turn process personal data.
Its use is subject to your consent, if required.
The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 TDDDG.
15. Microsoft Clarity
We use Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Microsoft Clarity helps us understand how users interact with our shop. This may involve processing click behavior, scrolling behavior, mouse movements, visited pages, technical device data, browser information, referrer information, and IP addresses. Microsoft Clarity can also create session recordings and heatmaps.
Its use is based solely on your consent via the cookie banner.
The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 TDDDG.
Personal data may be transferred to Microsoft companies and service providers outside the European Union. Appropriate safeguards are used for this.
You can withdraw your consent at any time via the cookie settings.
16. Pinterest Tag
We use the Pinterest Tag. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
The Pinterest Tag serves to measure the effectiveness of our Pinterest advertising and to display interest-based advertising. In particular, IP address, device information, browser data, visited pages, purchase events, shopping cart contents, and interactions with our shop may be processed.
Its use is based solely on your consent via the cookie banner.
The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 TDDDG.
Personal data may be transferred to Pinterest companies and service providers outside the European Union. Appropriate safeguards are used for this.
You can withdraw your consent at any time via the cookie settings.
17. Product Reviews via Judge.me
We use or plan to use Judge.me for displaying and managing product reviews. The provider is Judge.me Ltd.
If you submit a review or receive a review request, personal data may be processed, in particular name, email address, order information, review text, star rating, photos or videos, IP address, and technical data.
The processing is carried out for the purpose of displaying product reviews, building trust, quality assurance, and improving our offerings.
Legal bases are Art. 6 para. 1 lit. a GDPR, if consent is required, Art. 6 para. 1 lit. b GDPR for review-related communication after a purchase, and Art. 6 para. 1 lit. f GDPR for our legitimate interest in customer feedback and product reviews.
18. Sales Outside Germany
We also sell our products outside Germany. For orders from other countries, personal data may be processed and passed on to payment service providers, shipping service providers, tax and trade service providers, or platform service providers, as far as this is necessary for contract fulfillment, delivery, payment processing, customs clearance or fulfillment of legal obligations.
Legal bases are Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR.
19. Data Transfer to Third Countries
Some of the services we use may process personal data outside the European Union or the European Economic Area, particularly in the USA or Canada.
Such a transfer only takes place if there is an appropriate legal basis for it, for example, an adequacy decision, standard contractual clauses, or your express consent.
20. Storage Duration
We store personal data only for as long as necessary for the respective purposes or as required by legal retention obligations.
Order and invoice data are regularly kept for the legally prescribed periods due to commercial and tax regulations. Communication data will be deleted once the inquiry has been conclusively processed and no legal obligations oppose this.
21. Your Rights
Within the scope of legal provisions, you have the following rights:
-
Right to information
-
Right to rectification
-
Right to erasure
-
Right to restriction of processing
-
Right to data portability
-
Right to withdraw granted consents
-
Right to object to certain processing
-
Right to lodge a complaint with a data protection supervisory authority
If you have given consent, you can withdraw it at any time with effect for the future.
22. Right to Object to Direct Marketing
If personal data is processed for direct marketing purposes, you have the right to object to this processing at any time.
After your objection, your data will no longer be used for direct marketing.
23. Obligation to Provide Data
To place an order, you must provide the data necessary for contract fulfillment. Without this data, we cannot process the order.
Providing data for newsletters, analysis and marketing services is voluntary.
24. Automated Decision-Making
We do not carry out automated decision-making, including profiling, within the meaning of Art. 22 GDPR. Payment providers such as Klarna or PayPal may carry out checks within the scope of their own services, in particular for fraud prevention, identity verification, or credit checks.
25. Amendment of this Privacy Policy
We reserve the right to adapt this privacy policy if technical, legal, or organizational changes occur.
Status: July 2026