We appreciate your interest in our shop. The protection of your personal data is very important to us. In the following, we inform you according to Art. 13 GDPR about the nature, scope and purpose of the processing of personal data on chillneck.shop.

1. Controller

Pryme Marketing UG (haftungsbeschränkt)
Am Winterhafen 24
55131 Mainz
Germany

Phone: +49 (0) 681 770 10 165
Email: brrr@chillneck.shop

2. Shop Platform & Hosting

Our shop is operated via Shopify International Limited (Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland). Shopify processes data from our visitors and customers for the provision of the shop, the processing of orders and payments, and fraud prevention. Hosting takes place on servers secured according to industry standards (PCI-DSS, ISO 27001, SOC 2).

Shopify Privacy Policy: shopify.com/legal/privacy

3. Collection and Storage of Personal Data

We collect and process personal data only to the extent permitted by law or if you have given your consent. In particular, the following data is processed:

• IP address and browser information
• Date and time of access
• Referrer URL and pages viewed
• Order data (name, delivery & billing address, email, phone, payment information)
• Communication data upon contact
• Newsletter data (email address, time of consent)

4. Legal Basis for Processing

• Art. 6 para. 1 lit. a GDPR — Consent (Newsletter, optional cookies)
• Art. 6 para. 1 lit. b GDPR — Performance of a contract (order processing, shipping)
• Art. 6 para. 1 lit. c GDPR — Legal obligation (e.g., tax law retention)
• Art. 6 para. 1 lit. f GDPR — Legitimate interest (fraud prevention, technical function)

5. Data Transfer to Third Parties

Data will only be transferred to third parties if this is necessary for processing your order or if we are legally obliged to do so.

Payment Service Providers

• Shopify Payments — Credit cards, Apple Pay, Google Pay (Shopify International Ltd., Ireland)
• PayPal — PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
• Klarna — Klarna Bank AB, Sweden (Sofort, Invoice, Installment purchase)

During payment, the data required for processing will be transmitted to the respective provider. Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract).

Shipping Service Providers

For delivery, we transmit name, address and, if applicable, phone number/email to DHL (Deutsche Post DHL Group) and shipping partners in Spain.

6. Analytics & Marketing Tools

If you have given your consent, we use the following services for analysis and marketing purposes:

Shopify Analytics

Shopify provides us with aggregated and pseudonymized analytics data on shop visits, conversion, and performance. Legal basis: Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest for aggregated statistics). Data protection: shopify.com/legal/privacy

Meta Pixel (Facebook / Instagram)

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Use only with consent via the cookie banner. Data protection: facebook.com/privacy/policy

TikTok Pixel

TikTok Technology Ltd., 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Use only with consent. Data protection: tiktok.com/legal/privacy-policy

7. Cookies & Cookie Consent

Our shop uses Shopify's native cookie consent mechanism (Customer Privacy API), which complies with the requirements of the GDPR and the ePrivacy Directive. The first time you visit, a cookie banner appears, through which you can agree to or reject the use of optional cookies (Analytics & Marketing).

Technically Necessary Cookies (always active)

These cookies are required for the shop to function (shopping cart, login, language selection, security, fraud prevention). They are set without consent on the basis of Art. 6 para. 1 lit. f GDPR or § 25 para. 2 no. 2 TTDSG.

Examples: _shopify_y, _shopify_s (Shopify session), cart, cart_currency (shopping cart), localization (language), _shopify_essential (security).

Analysis Cookies (consent required)

These cookies help us understand how the shop is used. Examples: _shopify_sa_p (Shopify Analytics).

Marketing Cookies (consent required)

These cookies are used to show you relevant advertising. Examples: _fbp (Meta Pixel), tt_* (TikTok Pixel).

You can adjust your cookie settings at any time — via the cookie banner or browser settings.

8. Newsletter

We use Mailchimp (Intuit Inc., USA) for sending our newsletter. Data processing is only carried out after your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR (double opt-in procedure). You can unsubscribe at any time via the unsubscribe link in every newsletter email. Mailchimp Data Protection: intuit.com/privacy/statement

9. Product Reviews

We use Judge.me (Webcomet Pte. Ltd., Singapore) to collect and display product reviews. After a purchase, you may receive an email requesting a review. Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Data protection: judge.me/privacy

10. Contact Form & Email

When you contact us (e.g., via email or contact form), your details will be stored for the purpose of processing the request and for possible follow-up questions. Processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest).

11. Your Rights

You have the following rights under the GDPR:

• Right to information (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw granted consents (Art. 7 para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent data protection supervisory authority: Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Postfach 30 40, 55020 Mainz, datenschutz.rlp.de

12. Storage Duration

We store personal data only as long as it is necessary for the purposes mentioned above or as required by statutory retention periods (e.g., § 257 HGB, § 147 AO — usually 6 to 10 years for business documents).

13. Data Security

This site uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the padlock symbol in the address bar and the "https://" prefix. Orders, payments, and communication with our shop are encrypted.

14. Changes to this Declaration

We reserve the right to adapt this privacy policy if the legal situation or our processing activities change. The current version will always be found on this page.