1. Controller and Contact Details

Controller:
Shena-CS UG (haftungsbeschränkt)
Address: Breslauer Straße 60 65203 Wiesbaden
Email: hello@incredimerch.de

Data Protection Officer (DPO):
Ilias Gkrekos
Email: hello@incredimerch.de

2. What Personal Data We Collect

We collect the following types of personal data when you use our website or services:

Identification data: Name, company, title

Contact data: Email address, phone number, postal address

Account data: Username, password (encrypted)

Order data: Product details, payment information, delivery addresses

Communication data: Correspondence with us (emails, messages)

Technical data: IP address, browser type and version, operating system, device information

Usage data: Pages visited, time spent, clicks, referring URL

Cookies and tracking technologies (see section 6)

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis
Fulfilling contracts (orders) Art. 6(1)(b) GDPR
User registration & account management Art. 6(1)(b) GDPR
Communication and customer service Art. 6(1)(b) GDPR
Marketing (with consent) Art. 6(1)(a) GDPR
Website operation & security Art. 6(1)(f) GDPR (legitimate interests)
Compliance with legal obligations Art. 6(1)(c) GDPR

4. Cookies and Tracking Technologies
What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help improve the user experience by remembering preferences and enabling website functionalities.

Types of Cookies We Use

Necessary cookies: Essential for website operation (e.g., session cookies). These cannot be disabled as they are required for security and basic functionality.

Performance cookies: Collect anonymous data on website usage to improve performance (e.g., Google Analytics).

Functional cookies: Remember preferences such as language or region.

Marketing cookies: Used to track visitors across websites to display relevant ads.

Cookie Consent and Management

Upon your first visit, you will be presented with a cookie consent banner to accept or decline non-essential cookies. You can manage or revoke your cookie preferences at any time through the cookie settings available on the website or via your browser.

Third-Party Cookies

We use third-party services such as Google Analytics, which may set cookies on your device. These services are bound by privacy agreements, and data is processed in accordance with GDPR. For more details, see below under “Google Analytics.”

5. Use of Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to collect information about your use of the website. This data helps us analyze traffic and improve our site.

Data collected includes IP address (anonymized), device information, browser type, pages visited, and session duration.

We use IP anonymization to ensure that full IP addresses are not stored.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

6. Sharing Your Data

We do not sell or rent your personal data. We share your information only with trusted third parties who assist us in operating the website, processing orders, or complying with legal requirements. These include:

Payment processors

Shipping and logistics partners

IT service providers

Marketing platforms (with your consent)

Legal authorities, if required by law

All third parties are contractually obligated to protect your data and use it only for the purposes specified.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described above, or as required by law. For example:

Order data: retained for 10 years for tax and commercial law compliance.

Contact and account data: retained as long as your account is active or as needed for customer service.

8. Your Data Protection Rights

Under GDPR and German law, you have the right to:

Access: Request a copy of your personal data we hold.

Correction: Rectify inaccurate or incomplete data.

Deletion: Request deletion, subject to legal retention requirements.

Restriction: Request limitation of processing in certain circumstances.

Objection: Object to processing based on legitimate interests or marketing.

Data portability: Receive your data in a structured, machine-readable format.

Withdraw consent: At any time, without affecting past processing.

Complain: Lodge a complaint with a supervisory authority (e.g., the Bavarian Data Protection Authority).

To exercise these rights, please contact us at hello@incredimerch.de.

9. Security Measures

We implement technical and organizational security measures to protect your data against unauthorized access, loss, or misuse, including:

Encryption of sensitive data

Secure servers and firewalls

Access controls and employee training

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our services. The updated version will be posted on this page with a revised effective date.

12. Contact Information

If you have questions or concerns regarding this Privacy Policy or your personal data, please contact us:

Email: hello@incredimerch.de