Privacy Policy (Draft - GDPR compliant)

1. Introduction
This Privacy Policy explains how [Company Name] (“we”, “our”, “us”) collects, uses, and protects your personal data when you visit our website or purchase our products. We comply with the General Data Protection Regulation (GDPR).

2. Data Controller
[Company Name]
[Address]
[City, Germany]
Email: [Email Address]
Phone: [Phone Number]

3. Data We Collect

• Contact details (name, email, phone, address)
• Order and payment information
• Website usage data (IP address, browser type, cookies)

4. How We Use Your Data

• To process orders and deliver products
• To provide customer service and support
• To improve our website and services
• To comply with legal obligations

5. Legal Basis for Processing
We process your personal data based on:

• Performance of a contract (Art. 6(1)(b) GDPR)
• Legal obligations (Art. 6(1)(c) GDPR)
• Legitimate interests, e.g. marketing and fraud prevention (Art. 6(1)(f) GDPR)
• Consent (Art. 6(1)(a) GDPR) where required

6. Data Sharing
We may share data with:

• Logistics and shipping partners
• Payment service providers
• IT and hosting providers
  We do not sell personal data to third parties.

7. Data Retention
We retain your data only as long as necessary for contractual, legal, or accounting purposes.

8. Data Security
We use technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

9. Your Rights
Under GDPR, you have the right to:

• Access your data
• Rectify incorrect data
• Request erasure (“right to be forgotten”)
• Restrict or object to processing
• Data portability
• Lodge a complaint with a data protection authority

10. Cookies
Our website uses cookies to improve functionality and user experience. You can adjust your browser settings to refuse cookies.

11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on our website.