1) Collection of Personal Data and Controller Contact Information

1.1 Introduction

Thank you for visiting our website. Your privacy is important to us. This section explains how we handle your personal data while you interact with our website. "Personal data" refers to any information that can identify you directly or indirectly.

1.2 Data Controller

The controller responsible for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is:

Jan Dangschat

GbR mit Dangschat, Jan und Lönnqvist, Sarah

Moorweg 8A, 24214 Schinkel, Germany

Phone: 017610713588

Email: tiny.magpie.shop@gmail.com

The data controller determines the purpose and means of processing personal data, either alone or in collaboration with others.

2) Data Collection

When Visiting the Website 2.1 Server Log Files When you visit our website without registering or providing information, we collect data automatically transmitted by your browser to our server (server log files). This includes:

● The webpage visited

● Dateandtime of access

● Amountof data sent

● Referring website

● Browser type and version

● Operating system

● IPaddress (anonymized, if applicable)

This data is processed under Article 6(1)(f) GDPR, based on our legitimate interest in ensuring the stability and functionality of the website. We do not share or use this data beyond this purpose unless illegal activity is suspected.

2.2 SSL/TLS Encryption

To protect your data during transmission, our website uses SSL/TLS encryption. An encrypted connection is identifiable by "https://" and a lock icon in your browser's address bar.

3) Hosting and Content Delivery

Weuse Squarespace for hosting and content delivery. Provider: Squarespace, Le Pole House, Ship Street Great, Dublin 8, Ireland Squarespace processes all data collected through our website on its servers. Additionally, some data may be transferred to Squarespace Inc. in the USA under the EU-US Data Privacy Framework, ensuring compliance with European data protection standards.

4) Use of Cookies

Cookies are small text files stored on your device to enhance your experience and enable certain functionalities. These include:

● Session Cookies: Temporary cookies deleted after you close your browser.

● Persistent Cookies: Remain on your device for extended periods to retain settings.

Processing may occur based on:

● Article 6(1)(b) GDPR (contract performance)

● Article 6(1)(a) GDPR (consent)

● Article 6(1)(f) GDPR (legitimate interest in functionality and usability)

You can adjust your browser settings to manage cookie preferences. Please note, disabling cookies may limit website functionality.

5) Contacting Us

If you contact us via form or email, we collect your provided personal data to process your inquiry. Data processing is based on:

● Article 6(1)(f) GDPR (legitimate interest in handling inquiries)

● Article 6(1)(b) GDPR (contract-related inquiries)

Data is deleted once your inquiry is resolved, provided no legal retention requirements apply.

6) Email Newsletter

If you subscribe to our newsletter, we use a double opt-in process to confirm your consent. Required information includes your email address. Optional data, such as your name, may be used for personalization. Processing is based on Article 6(1)(a) GDPR (consent). You can unsubscribe at any time using the link provided in our emails or by contacting us directly.

7) Data Processing for Orders

7.1 Order Fulfillment

To fulfill your orders, we may share your data with:

● Delivery providers

● Payment processors

This is done under Article 6(1)(b) GDPR (contract fulfillment).

7.2 Payment Services

Wepartner with providers like PayPal and Stripe for secure payments. Your data is shared only as necessary for processing payments. Where applicable, providers may also perform credit checks under Article 6(1)(f) GDPR (legitimate interest).

8) Your Rights

Under GDPR, you have the following rights:

● Accessyour data (Article 15)

● Rectify inaccuracies (Article 16)

● Request deletion (Article 17)

● Restrict processing (Article 18)

● Dataportability (Article 20)

● Withdraw consent (Article 7(3))

● Lodgeacomplaint (Article 77)

Right to Object

If your data is processed based on legitimate interests, you may object at any time for reasons related to your situation (Article 21(1)). For direct marketing purposes, you can object without providing a reason (Article 21(2)).

9) Duration of Storage of Personal Data T

he duration for which personal data is stored depends on the applicable legal basis, the purpose of processing, and any relevant legal retention periods (e.g., under commercial or tax law). The following outlines the key principles:

● Retention Based on Consent (Art. 6(1)(a) GDPR): If personal data is processed based on your explicit consent, it will be stored until you revoke your consent. Once consent is withdrawn, the data will be deleted unless another legal basis for its retention applies.

● Retention for Contractual Purposes (Art. 6(1)(b) GDPR): When data is processed as part of fulfilling a contractual obligation, it will be retained as long as necessary to complete the contract and comply with associated obligations. For instance: ○ Order-related data and payment details may be stored for up to 10 years in compliance with tax and commercial record-keeping laws.

● Retention for Legal Obligations (Art. 6(1)(c) GDPR): If the processing of personal data is necessary to meet a legal obligation (e.g., tax or financial records), data will be retained for the legally prescribed duration, typically 6 to 10 years.

● Retention for Legitimate Interests (Art. 6(1)(f) GDPR): For data processed to protect our legitimate interests (e.g., security logs or fraud prevention), it will be stored until the purpose is achieved or until you object, unless we can demonstrate compelling legitimate grounds for continued processing.

● Retention for Direct Marketing: Personal data used for direct marketing purposes will be stored until you object to such processing. Upon objection, data will no longer be processed for marketing purposes and will be deleted unless a different lawful basis applies.

● Deletion Upon Fulfillment of Purpose: Once the specific purpose for processing has been fulfilled and no other legal retention requirements apply, your personal data will be deleted.

If no specific retention period is stated elsewhere in this declaration, personal data will be deleted once it is no longer required for the purposes for which it was collected or processed