Privacy Policy
Privacy Policy of Grace & Gabriel
1. Information on the Collection of Personal Data & Contact Details of the Controller
1.1 We appreciate your visit to our website and thank you for your interest. Below we inform you about how we handle your personal data when using our website. Personal data includes any information that can identify you.
1.2 The controller under the GDPR for data processing on this website is Stefan HQ Limited, including its responsibility under applicable data protection laws.
1.3 To protect the transmission of personal data and confidential content (e.g., orders or inquiries), this website uses SSL/TLS encryption. A secure connection is indicated by “https://” and the lock symbol in your browser address bar.
2. Data Collection When You Visit Our Website
When simply visiting our website (without registering or submitting data), we only collect data your browser sends to our server (so-called “server log files”):
-
The page you visit
-
Date and time of access
-
Amount of data transferred
-
Referrer (where you came from)
-
Browser type
-
Operating system
-
IP address (possibly anonymized)
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in running a stable and secure website.
No personal data is shared or used for other purposes unless we detect illegal activity, in which case we may review the logs.
3. Cookies
We use cookies to make your visit more user-friendly:
-
Session cookies are deleted when you close your browser.
-
Persistent cookies remain and help us recognize you on return visits.
Cookies can store preferences and assist with features like shopping cart contents.
Legal bases:
-
Art. 6(1)(b) GDPR – contract performance
-
Art. 6(1)(f) GDPR – our legitimate interest in functionality
We may also use third-party cookies (e.g., for advertising). You can disable or manage cookies via your browser settings—links are provided in the original German text.
⚠️ If cookies are disabled, some website functionality may be limited.
4. Contact Requests
If you contact us via form or email, we collect only the personal data needed to respond (e.g., name, email, message).
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest in customer support; if the contact is for concluding a contract, Art. 6(1)(b) applies.
We delete your data after resolving your request, unless legal retention is required.
5. Data Processing for Customer Accounts & Orders
If you create an account or place an order, we process data necessary to fulfill our contract (Art. 6(1)(b) GDPR).
After the contract is complete or your account is deleted, we retain data only for tax or commercial retention periods, then delete it—unless you consented to further use.
6. Use of Data for Direct Marketing
6.1 Newsletter
If you subscribe to our newsletter, we use a double opt-in process and collect your email, timestamp, and IP.
Legal basis: Art. 6(1)(a) GDPR – your consent.
You may unsubscribe anytime via the link in the newsletter or by contacting us; your email will be deleted immediately unless you’ve consented to further use.
6.2 Marketing to Existing Customers
If you provided your email with a purchase, we may send promotional offers via email.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest.
You may object at any time without cost; upon objection, marketing will cease.
7. Data Use for Order Fulfillment
7.1 Shipping
We share data with shipping companies as needed to deliver your order.
Legal basis: Art. 6(1)(b) GDPR.
7.2 Payment Providers
-
PayPal: Payment data is shared with PayPal (Luxembourg). They may conduct credit checks using Art. 6(1)(f) GDPR consent.
-
SOFORT (Klarna): Data is shared exclusively for payment purposes under Art. 6(1)(b) GDPR.
8. Rating Reminder Emails
If you’ve consented, we may send one reminder email requesting a product review.
Legal basis: Art. 6(1)(a) GDPR.
You can revoke consent anytime.
9. Social Media Plugins
We use a Shariff implementation for social media buttons (Facebook, Google+, Instagram).
No direct data is shared unless you click—then you're redirected externally.
Legal basis: EU–US Privacy Shield (platforms certified).
Privacy details are linked in original text.
10. Online Marketing Tools
10.1 DoubleClick by Google
Uses cookies to serve ads, prevent repetitive impressions, and measure conversions.
Legal basis: Art. 6(1)(f) GDPR.
10.2 Google Ads Conversion Tracking
Tracks clicks and conversions via non-identifying cookies for up to 30 days.
Legal basis: Art. 6(1)(f) GDPR.
You can opt out via browser settings or privacy platforms (links provided).
11. Web Analytics
We use Google Universal Analytics with IP anonymization (anonymizeIp()).
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in analyzing usage.
You can opt out via Google’s browser plugin or opt-out cookie link (links provided).
12. Retargeting / Remarketing
Facebook Pixel
We use Facebook Pixel for tracking ad performance and optimizing campaigns.
Legal basis: Art. 6(1)(a) GDPR – explicit consent needed; users under 13 need parent consent.
Data remains anonymous to us but may be linked by Facebook.
Google Ads Remarketing
Uses cookies to show interest-based ads across websites.
Legal basis: Art. 6(1)(f) GDPR.
Users can opt out via browser settings or privacy platforms (links provided).
13. Your Rights as a Data Subject
Under GDPR, you have rights to:
-
Access your personal data (Art. 15)
-
Correct incorrect data (Art. 16)
-
Delete data under conditions (Art. 17)
-
Restrict processing (Art. 18)
-
Be informed of recipient disclosures (Art. 19)
-
Data portability (Art. 20)
-
Withdraw consent (Art. 7(3))
-
Complain to a supervisory authority (Art. 77)
13.2 Right to object
If we process your data under legitimate interest, you can object at any time (Art. 21).
If you object, processing stops unless we can demonstrate overriding reasons.
You can also object to data use for direct marketing at any time; processing will cease on objection.
14. Storage Duration
We retain personal data only as long as legally or contractually required (e.g. tax/commercial law). After this period, data is routinely deleted unless further processing is legally permitted or you consented.