Privacy policy

Privacy Policy

1. Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we process your personal data when you use our website. Personal data includes all information that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Hobbynella.
You can reach us by email at: info@hobbynella.de.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2. Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, meaning you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (“server log files”). The following data is collected to display the website to you:

The website visited
Date and time of access
Amount of data transmitted in bytes
Source/referrer from which you accessed the site
Browser used
Operating system used
IP address (possibly anonymized)

Processing occurs pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of this data. However, we reserve the right to review server log files subsequently if there are concrete indications of unlawful use.

2.2 Our website uses SSL/TLS encryption for security and to protect the transmission of personal or confidential content, such as orders or inquiries. You can recognize an encrypted connection by the “https://” and the lock symbol in your browser.

3. Hosting & Content Delivery Network

We use the services of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). Also: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on Shopify’s servers. We have entered into a data processing agreement to ensure the protection of your data and prevent unauthorized disclosure to third parties. For data transfers to Canada, an adequacy decision by the European Commission ensures an appropriate level of data protection.

4. Cookies

We use cookies to make your visit to our website more pleasant and to enable certain functions. Cookies are small text files stored on your device. Some are deleted after closing your browser (session cookies), while others remain stored longer to save website settings (persistent cookies). Details regarding storage duration can be found in your browser’s cookie settings.

If cookies process personal data, processing occurs pursuant to:

Art. 6(1)(b) GDPR (contract performance)
Art. 6(1)(a) GDPR (consent)
Art. 6(1)(f) GDPR (legitimate interest in optimal website functionality)

You may control or prevent cookie storage via your browser settings. Please note that refusing cookies may limit website functionality.

5. Contacting Us

If you contact us (e.g., via contact form or email), we process your personal data solely to handle and respond to your inquiry to the extent necessary.

Legal basis:

Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries)
Art. 6(1)(b) GDPR (contract initiation or performance)

Your data will be deleted once the matter is resolved unless legal retention obligations apply.

6. Comment Function

When you use the comment function on our website, we store your comment, the time it was created, and the name you provided. Your IP address is also stored for security reasons and to prevent unlawful content. Your email address is required to contact you if a third party objects to your comment.

Data is stored pursuant to Art. 6(1)(b) and (f) GDPR. We reserve the right to delete comments deemed unlawful.

7. Use of Customer Data for Direct Advertising

7.1 Newsletter Subscription

If you register for our newsletter, you will receive regular information about our offers. Your email address is required; any additional information is optional and used for personalization. We use the double opt-in process: you confirm your subscription by clicking a link in a confirmation email.

Legal basis: Art. 6(1)(a) GDPR.

Your IP address and timestamp of registration are stored to prevent misuse. Data is used solely for newsletter delivery.

You may unsubscribe at any time. Your data will then be deleted unless we retain it based on another legal permission.

7.2 Omnisend

Our newsletter is sent via Omnisend. We share your information with Omnisend pursuant to Art. 6(1)(f) GDPR (legitimate interest in efficient newsletter delivery).

With your explicit consent under Art. 6(1)(a) GDPR, Omnisend also conducts statistical evaluations (device info, IP address, browser type, etc.). Data is not merged with other datasets.

We have a data processing agreement ensuring data protection and preventing unauthorized disclosure. For international transfers, an adequacy decision ensures sufficient protection.

7.3 Product Availability Notification by Email

If you sign up to be notified about the availability of temporarily unavailable items, we will send you a one-time email when the item becomes available again. The only required information is your email address; any additional information is voluntary and used to personalize communication. We use the double opt-in procedure, in which you confirm your consent by clicking a link in a confirmation email.

By confirming the link, you consent to the processing of your personal data pursuant to Art. 6(1)(a) GDPR. Your IP address as well as the date and time of registration are stored to prevent misuse. Your data is used solely for the purpose of availability notification.

You may unsubscribe at any time. Your email address will then be deleted from our distribution list unless another consent or legally permissible use applies.

7.4 Cart Reminder Emails

If you abandon the checkout process, you have the option to receive a one-time email reminder of the contents of your shopping cart. Your email address is required; any additional information is voluntary and used for personalization. We use the double opt-in procedure.

By confirming the link, you consent to data processing pursuant to Art. 6(1)(a) GDPR. Your IP address and timestamp are stored to prevent misuse. Data is used exclusively for cart reminders.

You may unsubscribe at any time. Your email address will then be deleted unless further use is permitted by law.

8. Data Processing for Order Fulfillment

8.1 Submission of Image Files for Order Processing via Email

We offer customers the option to personalize products by submitting image files via email. The submitted image is used as the template for the chosen personalized product.

Customers may send one or more image files to the email address provided on our website. We collect, store, and use the transmitted files solely for producing the personalized product as described. If the manufacturing process requires sharing image files with specialized service providers, we will inform you in the sections below. No further transfer occurs.

If the image files contain personal data (e.g., identifiable individuals), processing occurs exclusively for fulfilling your online order in accordance with Art. 6(1)(b) GDPR.

Once the order has been fully processed, all submitted image files are automatically and completely deleted.

8.2 Transfer of Personal Data for Contract Fulfillment

To the extent necessary for delivery and payment, we transfer the personal data collected pursuant to Art. 6(1)(b) GDPR to the contracted shipping company and financial institution.

If we are obligated to provide updates for digital elements or digital products under contract, we process your contact details (name, address, email) to fulfill legal information obligations pursuant to Art. 6(1)(c) GDPR. Your contact information is used solely for this purpose.

We also work with the following service providers to fulfill orders. Personal data is transferred according to the information below.

8.3 Transfer of Personal Data to Shipping Providers

– DHL

We use the shipping provider DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

If you have expressly consented under Art. 6(1)(a) GDPR, we will share your email address and/or telephone number prior to delivery to coordinate a delivery date or provide delivery notifications. Otherwise, we transmit only the recipient’s name and delivery address pursuant to Art. 6(1)(b) GDPR.

You may withdraw your consent at any time with future effect.

8.4 Use of Payment Service Providers

– PayPal

We offer one or more online payment methods from PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method involving advance payment, the payment data you provide (name, address, bank or card details, currency, transaction number) and order details are transmitted to PayPal pursuant to Art. 6(1)(b) GDPR.

– Shopify Payments

We offer one or more online payment methods provided by Shopify International Limited, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.

If you select a payment method involving advance payment (e.g., credit card), your payment data and transaction details are transmitted to Shopify pursuant to Art. 6(1)(b) GDPR.

9. Online Marketing

Google AdSense

This website uses Google AdSense, a web advertising service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses cookies and “web beacons” to analyze website usage and measure visitor traffic. Information generated by cookies and/or web beacons (including your IP address) may be transmitted to Google servers, including Google LLC in the USA.

Google evaluates your usage regarding AdSense advertising. Your IP address is not merged with other Google data. Data may be shared with third parties if legally required or if third parties process data on behalf of Google.

All described processing — especially cookies and device data — occurs only with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without consent, Google AdSense will not be used.

Google participates in the EU–US Data Privacy Framework.

Google’s privacy policy: Google Privacy Policy

10. Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service from Google Ireland Limited.

Google Analytics 4 normally sets cookies and collects information, including your IP address, which is anonymized by truncation. Data may be transmitted to Google LLC in the USA.

Google uses the data to analyze website usage, compile reports, and perform related services. IP addresses are not merged with other Google data. Data is stored for two months, then deleted.

Processing occurs only with explicit consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time.

We have a data processing agreement with Google.

Additional features:

Demographic Features

(… anonymized statistical data …)

Google Signals

(… cross-device reporting, only with personalized ads enabled …)

UserIDs

(… cross-device tracking for logged-in users …)

Google participates in the EU–US Data Privacy Framework.

11. Retargeting/Remarketing and Conversion Tracking

11.1 Meta Pixel with Advanced Matching

Within our online offering, we use the “Meta Pixel” service with advanced matching, provided by Meta Platforms Ireland Limited, 4 Grand Canal Quay, Dublin 2, Ireland (“Meta”).

When a user clicks on an advertisement we place on Facebook or Instagram, the URL of our linked page is extended by a parameter. This parameter is inserted into the user’s browser via a cookie set on our linked page. The cookie collects specific customer data, such as email addresses provided on our website (e.g., during purchases, account sign-ups, or registrations). These data are transmitted to Meta.

We use Meta Pixel with advanced matching to tailor our advertising on Facebook and/or Instagram to your interests and to analyze the effectiveness of our campaigns. Meta stores and processes the transmitted data so they can be assigned to a user profile and used for advertising purposes in accordance with Meta’s Data Policy.

All processing described above — particularly the setting and reading of cookies — occurs only with your explicit consent under Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future via our Cookie Consent Tool.

Meta participates in the EU–US Data Privacy Framework.

11.2 Google Ads Remarketing

This website uses the remarketing technology of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google places a cookie in your browser to enable interest-based advertising based on your cookie ID and previously visited pages. If you are logged into your Google account and have linked your web and app browsing history to your account, Google may use data combined with Google Analytics data to create cross-device remarketing lists. Data may be transferred to Google LLC servers in the USA.

All processing — particularly the setting of cookies — occurs only with your explicit consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time via the Cookie Consent Tool.

Google participates in the EU–US Data Privacy Framework.

Further information: Google Privacy Policy

11.3 Pinterest Retargeting Pixel

This website uses retargeting technology from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

This allows us to target website visitors with personalized ads who have already shown interest in our products. A cookie is stored on your device to record pseudonymized interests. These cookies do not store personal data.

All processing described above — particularly the setting of cookies — occurs only with explicit consent under Art. 6(1)(a) GDPR. You may withdraw your consent at any time via the Cookie Consent Tool.

11.4 Google Ads Conversion Tracking

This website uses Google Ads Conversion Tracking, provided by Google Ireland Limited.

A cookie is set when a user clicks on a Google ad. These cookies expire after 30 days and do not personally identify users. They track the effectiveness of our advertising. Data may be transferred to Google LLC in the USA.

All processing — particularly cookies — occurs only with your explicit consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time via the Cookie Consent Tool.

You may also permanently opt out by installing the browser plugin provided by Google.

We also use Customer Match, where aggregated customer data (e.g., email addresses) are uploaded to Google. Google encrypts the data and uses it for personalized advertising. This occurs only with explicit consent under Art. 6(1)(a) GDPR.

11.5 Google Marketing Platform (GMP)

This website uses Google Marketing Platform, provided by Google Ireland Limited.

GMP uses cookies to display relevant ads, improve campaign performance, and prevent repeated display of the same ad. Cookie IDs allow Google to track which ads were displayed and which resulted in conversions. GMP cookies do not contain personal information.

Google may associate visits with your Google account if you're logged in. Data may also be transmitted to Google LLC in the USA.

All processing — particularly cookies — occurs only with your explicit consent under Art. 6(1)(a) GDPR.

Google participates in the EU–US Data Privacy Framework.

12. Website Functionalities

12.1 Google Web Fonts

This website uses Google Web Fonts provided by Google Ireland Limited to ensure consistent font display.

When you access a page, your browser loads Web Fonts from Google’s servers and establishes a connection to the provider, transmitting certain browser information including your IP address. Data may also be transmitted to Google LLC in the USA.

Processing occurs only with your explicit consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time via the Cookie Consent Tool.

If your browser does not support Web Fonts, a standard font is used.

13. Tools and Miscellaneous

13.1 Lexoffice

We use the cloud-based accounting software Lexoffice provided by Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany.

The service is used to process invoices, payment transactions, and bookkeeping. If personal data is processed during this, it occurs pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in efficient business administration.

13.2 Cookie Consent Tool

Our website uses a Cookie Consent Tool to obtain valid consents for using cookies and similar technologies. The tool ensures that cookies are set only after consent is granted.

Technically required cookies are used to store your settings. These typically do not involve personal data, but if personal data (such as IP address) is processed, it occurs based on:

Art. 6(1)(f) GDPR (legitimate interest in lawful consent management), and
Art. 6(1)(c) GDPR (legal obligation to obtain consent).

A data processing agreement exists with the provider.

Further information can be found in the tool’s interface.

14. Rights of Data Subjects

14.1 Your Rights

Applicable data protection law grants you the following rights regarding your personal data:

Right of access (Art. 15 GDPR):
You have the right to obtain information about the processing of your personal data.
Right to rectification (Art. 16 GDPR):
You may request the correction of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR):
You may request the deletion of your personal data.
Right to restriction of processing (Art. 18 GDPR):
You may request the restriction of processing.
Right to notification (Art. 19 GDPR):
You have the right to be informed about the rectification or deletion of personal data or restriction of processing.
Right to data portability (Art. 20 GDPR):
You may request that your personal data be provided to you in a structured, commonly used, and machine-readable format.
Right to withdraw consent (Art. 7(3) GDPR):
You may withdraw your consent to data processing at any time.
Right to lodge a complaint (Art. 77 GDPR):
You may lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

14.2 Right to Object

If we process your personal data based on our overriding legitimate interest, you have the right to object at any time for reasons arising from your particular situation.

In this case, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend legal claims.

If your data is processed for direct marketing purposes, you may object at any time. In such a case, your data will no longer be processed for direct marketing.

15. Duration of Storage of Personal Data

The duration of personal data storage depends on the legal basis, processing purpose, and statutory retention periods (e.g., commercial or tax law).

Consent (Art. 6(1)(a) GDPR):
Data processed based on consent is stored as long as consent remains valid. You may withdraw your consent at any time.
Legal retention obligations (Art. 6(1)(b) GDPR):
Data processed under statutory requirements (e.g., commercial or tax law) is deleted after the retention period expires, provided it is no longer needed for contract fulfillment or unless legitimate interests justify continued storage.
Legitimate interest (Art. 6(1)(f) GDPR):
Data processed based on legitimate interest is stored until you exercise your right to object, except where overriding reasons require continued processing or data is needed for legal claims.
Direct marketing:
Data processed for direct marketing is stored until you object.

Unless specific periods apply, personal data is deleted once it is no longer necessary for the purposes for which it was collected or processed.