This Privacy Policy outlines how personal data is processed when you visit our website ("https://stickz.co/"), including your use of our online shop and services. Below, we explain the type, purpose, and scope of data processing activities conducted on this website.

We are committed to protecting your personal data and strictly adhere to applicable data protection laws. To this end, we implement appropriate technical and organizational measures to safeguard your data from unauthorized access, misuse, or disclosure. These measures include regular employee training on data privacy compliance, as well as procedural and digital safeguards to ensure secure data processing.

The controller of this website and on dealing with your personal data according to Art. 4 no. 7 GDPR can be contacted concerning any questions about the data privacy through the methods below:

—

For clarity, in this Privacy Policy, "we," "us," and "our" refers to Stickz, and "you" refers to users of our website and services.

The "In plain English..." sections included throughout this Privacy Policy are provided solely for convenience and are not legally binding. They are intended to summarize key points and do not replace or modify the legally binding terms outlined in the main text.

Personal data refers to any information that relates to an identified or identifiable natural person. This includes information that directly identifies you, such as your name, address, or email address, as well as information that can indirectly identify you, such as online identifiers like IP addresses, cookies, or device IDs.

We collect personal data to provide our services, process your orders, and comply with legal obligations. All processing of personal data is conducted in accordance with applicable laws, including Art. 6 para. 1 lit. b) GDPR for contractual purposes and Art. 6 para. 1 lit. c) GDPR for compliance with legal requirements.

When you visit our website for informational purposes only (e.g., without logging in, registering, or submitting information), we automatically collect certain data to enable access to the website and ensure its functionality and security.

The following usage data is collected and stored temporarily:

• IP address
• Date and time of the request
• Duration of the website visit
• Requested webpage or file
• Access status/HTTP status code
• Data volume transferred
• Referring website (if applicable)
• Browser type, language, and version
• Operating system

For IT security reasons, we store IP addresses in our system log files for up to 7 days to identify and prevent attacks, such as distributed denial-of-service (DDoS) attacks. After this period, IP addresses are anonymized by removing the last 8 bits.

The processing of this data is based on our legitimate interest in ensuring the security and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

Cookies are small text files stored on your device when you visit our website. They allow our systems to recognize your browser and enable certain features, such as maintaining your session or saving your language preferences. Cookies are essential for providing a seamless and secure browsing experience.

We use only technically essential cookies that are necessary for the functioning of our website and services. These cookies enable features like secure login and maintaining shopping cart functionality. We do not use any marketing, retargeting, or analytical cookies.

Examples of cookies we use include:

• Session cookies: These cookies are temporary and are deleted when you close your browser. They are used to maintain your session while navigating the site.
• Preference cookies: These cookies save your language or design preferences for future visits.

You can manage or disable cookies through your browser settings. However, please note that disabling cookies may prevent you from using some features of our website, such as the shopping cart.

Since we strictly use only functional and necessary cookies, as defined under GDPR, we do not implement a cookie consent manager on our website. These cookies are essential for the website to function correctly and cannot be disabled through cookie banners. They fall under the "necessary" category in typical cookie settings and do not require user consent.

The processing of data through cookies is based on our legitimate interest in ensuring the functionality and security of our website, as per Art. 6 para. 1 lit. f GDPR.

We work with trusted third-party providers to facilitate certain services, such as payment processing, email delivery, and video embedding. Personal data is shared with these providers only to the extent necessary for performing the relevant service.

—

PayPal and Stripe

To process payments, we share information such as your purchase total, billing address, and contact information with PayPal or Stripe, depending on your chosen payment method. This data sharing is necessary to complete the transaction and fulfill our contractual obligations under Art. 6 para. 1 lit. b GDPR.

Please see the PayPal Privacy Policy for more details.

Please see the Stripe Privacy Policy for more details.

—

Flodesk

We use Flodesk to manage and send newsletters. If you sign up for our newsletter, your email address and any additional information you provide (e.g., name) are shared with Flodesk for the purpose of delivering emails. You may opt out of receiving newsletters at any time by clicking the unsubscribe link included in each email. The processing of your data for newsletters is based on your consent (Art. 6 para. 1 lit. a GDPR).

Please see the Flodesk Privacy Policy for more details.

When signing up for our newsletter, we use a double opt-in process to ensure your consent. After providing your email address, you will receive a confirmation email asking you to verify your subscription. Only after confirming your subscription will you be added to our newsletter list. This process ensures that the email address provided is valid and that you have actively chosen to receive our emails.

We may also provide you with the option to sign up for our newsletter during checkout when purchasing a product or downloading a demo or free version of our software. If you check the subscription box during checkout, your email will be added to our newsletter list, even if you had previously unsubscribed. The legal basis for this processing is Art. 7 para. 3 UWG. You may unsubscribe at any time using the link included in every email.

—

YouTube

We embed YouTube videos on our webpages. YouTube is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). When you watch a YouTube video embedded on our website, a connection to youtube.com is established. This connection is required to display the respective video on our website in your browser. Google is responsible for the processing of data and the setting of cookies by YouTube. Such processing is beyond our control.

It should be noted that YouTube records and processes at least the IP address of your device, the date and time at which you watched the video, and the webpage you visited. Furthermore, a connection to Google's DoubleClick advertising network is established. Google provides further information on Google Ads as well as on opt-out options here as well as here.

If you are logged into YouTube when accessing our website, YouTube assigns the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the relevant settings in your YouTube account.

We use this service given our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in the user-friendly design of our website.

For further information on the collection and use of data as well as on your rights and protection options, refer to the Google Privacy Policy.

—

Links to Third-Party Providers

Our website may contain links to third-party providers or other external websites. When you click on these links, you will be redirected to the respective third-party website. Please note that we have no control over the content or data processing practices of these external websites. The processing of your personal data on these websites is the sole responsibility of the respective provider. For more information on how they handle your personal data, please refer to their privacy policies.

Retargeting is a variant of online targeting in which suppliers mark users of an online service via the retargeting function. This function serves to present visitors to a website with interest-based advertisements as part of the advertising networks. To do this, your browser stores cookies which make it possible to recognize you as a visitor when you access websites that belong to the corresponding supplier’s advertising network. These pages display advertisements for products based on your previous internet activity, including products in which you have shown an interest on other websites which use the corresponding provider’s remarketing function.

We do not use any retargeting technologies or services on our website. This means you will not see advertisements from us on other websites based on your browsing activity here.

Analytics help website owners understand how visitor use their websites by collecting data anonymously like which site was visited, which browser was used by the visitor, which country the visitor is from, and more.

To better understand how users interact with our website and improve its functionality, we use an anonymous analytics tool. This tool operates without the use of cookies or any other identifiers that could be linked to individual users.

The processing of analytics data is based on our legitimate interest in improving website performance and user experience, as permitted under Art. 6 para. 1 lit. f GDPR.

Email

If you contact us by email, we will use your email address and your name so we can respond to your request.

To allow you to access and manage your order history, download purchased products, and view the status of your purchases, we automatically create a user account for you during checkout. This account enables you to manage your interactions with us more efficiently.

The mandatory information we require to create and maintain your account includes your name, email address, and billing address. This data is collected during your first purchase and updated automatically when you place additional orders. Any other data you provide, such as phone numbers, are optional and marked as such.

The processing of this data is necessary for fulfilling our contractual obligations (Art. 6 para. 1 lit. b GDPR) and for our legitimate interest in providing a convenient and efficient user experience (Art. 6 para. 1 lit. f GDPR).

You can delete your account and all associated data at any time through your account settings. However, please note that deleting your account will result in the permanent loss of access to your order history, product downloads, and other account-related data.

Certain information, such as invoices or transaction records, may be retained even after account deletion if required to comply with legal obligations (e.g., tax or commercial record-keeping requirements). This data will only be stored for the required retention period and will be securely deleted afterward.

When you place an order through our online shop, we collect the personal data necessary to process your order. This includes your name, billing and shipping addresses, email address, and payment information. Any additional information you provide is optional and marked accordingly.

The processing of this data is necessary for fulfilling our contractual obligations under Art. 6 para. 1 lit. b GDPR. We use this data to manage your order, process payments, and provide updates on your purchase status.

Payment details provided during the checkout process are securely handled by third-party payment providers (e.g., PayPal or Stripe). We do not store your payment details directly on our servers.

Order-related data, including invoices and transaction records, is retained for as long as required by German tax and commercial record-keeping laws. This period is typically 10 years, in accordance with Section 257 HGB and Section 147 AO. After this period, the data is securely deleted.

We share your personal data with third parties only when it is necessary to provide our services, fulfill contractual obligations, or comply with legal requirements. This includes sharing data with payment providers, shipping companies, or other service providers as outlined in this Privacy Policy.

In certain circumstances, we may be legally required to share your data with public authorities or law enforcement agencies. This applies, for example, in cases of suspected criminal activity or when required by a court order. Such sharing is conducted in compliance with Art. 6 para. 1 lit. c GDPR.

We do not share your personal data with third parties for marketing or commercial purposes.

Further details about data sharing with specific third-party providers (e.g., PayPal, Stripe, Flodesk) are provided in the relevant sections of this Privacy Policy.

As a user of our services, you have the following rights under the General Data Protection Regulation (GDPR):

—

Right to Access (Art. 15 GDPR):

You have the right to request confirmation as to whether we process your personal data. If we do, you may request access to the specific data being processed, the purposes of processing, and the parties with whom your data has been shared.

—

Right to Rectification (Art. 16 GDPR):

If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or updated without undue delay.

—

Right to Erasure (Art. 17 GDPR):

You may request the deletion of your personal data. We will comply with your request unless retention is required for compliance with legal obligations (e.g., tax regulations) or for the establishment, exercise, or defense of legal claims.

—

Right to Restriction of Processing (Art. 18 GDPR):

Under certain circumstances, you have the right to request that the processing of your personal data be restricted. This may apply if you contest the accuracy of your data, object to its processing, or need the data retained for legal claims.

—

Right to Data Portability (Art. 20 GDPR):

You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format. You may also request that we transfer this data to another service provider, where technically feasible.

—

Right to Object (Art. 21 GDPR):

You may object to the processing of your personal data on grounds relating to your particular situation, particularly if the processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR).

—

Right to Withdraw Consent (Art. 7 para. 3 GDPR):

If you have provided consent for the processing of your personal data, you may withdraw it at any time with future effect. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

—

Right to Lodge a Complaint (Art. 77 GDPR):

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside or where the alleged violation occurred.

—

How to Exercise Your Rights:

To exercise any of these rights, please contact us via the email address below. We will respond to your request as required under GDPR within one month. In many cases, we aim to respond within 48 hours.