Privacy Policy

1. Data Controller

Herloons, Philipp Gerger, Krenngasse 7, 8010 Graz, Austria
Email: Herloons.shop@gmail.com

2. Data Collected

For orders: Name, email address, shipping address, billing address, payment information (processed directly by our payment providers).

For inquiries: Name, email address, message content.

Automatically: IP address, browser type, access time (server log files).

3. Legal Basis

Processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfilment), Art. 6 para. 1 lit. c GDPR (legal obligation, e.g. tax law), and Art. 6 para. 1 lit. a GDPR (consent, e.g. for analytics cookies).

4. Payment Providers

We use the following payment service providers, which process your payment data directly:

Skrill (Paysafe) — Paysafe Group, 25 Canada Square, London E14 5LQ, UK. Privacy Policy
Revolut Pay — Revolut Ltd, 7 Westferry Circus, London E14 4HD, UK. Privacy Policy

5. Cookies

Essential cookies: Shopping cart, session ID. These are necessary for the operation of the shop (Art. 6 para. 1 lit. f GDPR).

Analytics cookies: Only set with your explicit consent (Art. 6 para. 1 lit. a GDPR).

6. Retention Period

Order data is stored for the duration of the statutory retention obligation (7 years pursuant to BAO). Account data will be deleted upon request.

7. Your Rights (GDPR)

You have the right to:

Access (Art. 15 GDPR) — What data we have stored about you
Rectification (Art. 16 GDPR) — Correction of inaccurate data
Erasure (Art. 17 GDPR) — Right to be forgotten
Restriction (Art. 18 GDPR) — Restriction of processing
Data portability (Art. 20 GDPR) — Export of your data
Objection (Art. 21 GDPR) — Objection to certain processing

8. Right to Complain

You have the right to lodge a complaint with the Austrian Data Protection Authority: www.dsb.gv.at