Privacy Policy
Last updated: May 1, 2026
1. Controller
The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Angelina Hordt
Harzstr. 11
90491 Nuremberg
Germany
Email: info@angelsign.shop
2. General Information on Data Processing
2.1 Scope of Processing
We collect and process personal data of our users only insofar as this is necessary to provide a functional website, our content, our services, and to process orders.
Personal data is any information relating to an identified or identifiable natural person, such as name, address, email address, IP address, order data, or payment information.
The processing of personal data takes place only where there is a legal basis for doing so, in particular where processing is necessary for the performance of a contract, to comply with legal obligations, based on consent, or based on our legitimate interests.
2.2 Legal Basis for Processing
Where we obtain consent from the data subject for processing operations, Art. 6 (1) lit. a GDPR serves as the legal basis.
Where processing is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
Where processing is necessary for the purposes of our legitimate interests or those of a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis.
2.3 Data Erasure and Storage Duration
Personal data will be deleted or restricted as soon as the purpose of storage no longer applies.
Storage may also take place if required by European or national law, EU regulations, or other legal provisions to which we are subject.
Data will also be deleted or restricted if a legally prescribed storage period expires, unless further storage is necessary for the conclusion or performance of a contract.
Retention obligations under commercial and tax law are generally six to ten years, for example for invoices, accounting documents, and business correspondence.
3. Hosting and Provision of the Website
3.1 Provider: Shopify
This website is operated via the Shopify platform, a service provided by:
Shopify International Limited
2nd Floor, 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland
When you visit our website, Shopify may process technical data, including server log files and IP addresses.
The processing is carried out for the purpose of providing, securing, maintaining, and improving the website and the Shopify services.
Legal basis:
Art. 6 (1) lit. b GDPR, insofar as processing is necessary for the performance of a contract or pre-contractual measures.
Art. 6 (1) lit. f GDPR, based on our legitimate interest in the secure and efficient provision of our online store.
We have concluded a Data Processing Agreement with Shopify pursuant to Art. 28 GDPR.
Further information can be found in Shopify’s privacy policy:
https://www.shopify.com/legal/privacy
3.2 Data Transfers to Third Countries
Shopify is an internationally active company. Processing of personal data may also take place outside the European Union or the European Economic Area, in particular in Canada and the United States.
For Canada, an adequacy decision by the European Commission exists.
For data transfers to the United States and other third countries, Shopify uses appropriate safeguards, such as EU Standard Contractual Clauses or other legally recognized transfer mechanisms. Where applicable, transfers may also be based on an adequacy decision, such as the EU-U.S. Data Privacy Framework.
Further information can be found in Shopify’s privacy policy:
https://www.shopify.com/legal/privacy
3.3 Server Log Files
Every time our website is accessed, technical information may be collected automatically. This may include:
IP address of the requesting device
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request, such as the specific page accessed
HTTP status code
Amount of data transferred
Website from which the request originated
Browser type and version
Operating system and interface
Language and version of the browser software
This data is processed to provide the website securely, to ensure system stability, and to defend against attacks.
Legal basis:
Art. 6 (1) lit. f GDPR.
Server log files are generally deleted after a short period, unless longer storage is required for security or evidentiary purposes.
4. Cookies and Similar Technologies
4.1 General
We use cookies and similar technologies on our website. Cookies are small text files that are stored on your end device.
Some cookies are technically necessary for the operation of the website. Other cookies are used only with your consent, for example for analytics, marketing, or personalization purposes.
4.2 Strictly Necessary Cookies
Strictly necessary cookies are required for the operation of the online store. They enable basic functions such as shopping cart, checkout, secure login, fraud prevention, and payment processing.
These cookies are used without consent where they are technically necessary.
Legal basis:
Art. 6 (1) lit. b GDPR, insofar as they are necessary for the performance of the contract.
Art. 6 (1) lit. f GDPR, based on our legitimate interest in the secure and functional operation of the website.
Section 25 (2) No. 2 TDDDG.
Examples of strictly necessary cookies may include:
_shopify_y
_shopify_s
cart
_secure_session_id
checkout-related cookies
payment-related cookies
4.3 Cookies and Technologies Requiring Consent
Cookies and similar technologies that are not strictly necessary are used only if you have given your consent via our cookie banner.
These may include:
Analytics cookies, for example for measuring website traffic and user behavior
Marketing cookies, for example for conversion tracking and advertising purposes
Personalization cookies, for example for product recommendations and customized content
Legal basis:
Art. 6 (1) lit. a GDPR.
Section 25 (1) TDDDG.
You can withdraw or adjust your consent at any time via the cookie settings on our website.
5. Order Processing
5.1 Processed Data
When you place an order in our online store, we process the data necessary to complete and handle your order.
This may include:
First and last name
Billing address
Delivery address
Email address
Phone number, if provided
Order details
Payment information
Shipping information
Communication related to the order
5.2 Purpose and Legal Basis
We process this data to:
Process your order
Deliver the purchased goods
Handle payment
Provide customer service
Process returns, exchanges, complaints, or withdrawal requests
Fulfill legal retention obligations
Legal basis:
Art. 6 (1) lit. b GDPR for contract processing.
Art. 6 (1) lit. c GDPR for legal retention obligations.
Art. 6 (1) lit. f GDPR for our legitimate interest in efficient customer service and order management.
5.3 Recipients
In order to process your order, your personal data may be transmitted to the following categories of recipients:
Shipping service providers, for the delivery of your order
Payment service providers, for payment processing
Shopify, as our shop system provider
Tax consultants or accounting service providers, for bookkeeping and tax compliance
IT service providers, where necessary for the operation and maintenance of our systems
Only the data necessary for the respective purpose is transmitted.
5.4 Storage Duration
Order data is stored for the duration necessary to process the order and to fulfill legal obligations.
Due to commercial and tax law retention obligations, order-related data is generally stored for six to ten years.
6. Payment Service Providers
Depending on the payment methods offered in our store and selected by you during checkout, payment data is transmitted to the respective payment service provider.
The respective payment service providers process payment data under their own responsibility, unless they act as processors on our behalf.
Payment service providers may include, depending on availability in checkout:
Shopify Payments
PayPal
Klarna
Credit card providers
Apple Pay
Google Pay
Shop Pay
Bank transfer providers
The data transmitted may include:
Name
Billing address
Email address
Order amount
Payment method
Transaction data
Other information necessary for payment processing
Legal basis:
Art. 6 (1) lit. b GDPR, as the processing is necessary for payment and contract performance.
Art. 6 (1) lit. f GDPR, based on our legitimate interest in offering secure and efficient payment methods.
6.1 Payment in Advance / Bank Transfer
If payment in advance or bank transfer is offered and selected, no payment data is transmitted by us to an external payment provider. You transfer the amount directly to our bank account.
Your bank and our bank process the payment data independently.
7. Contacting Us
If you contact us by email, contact form, or other communication channels, we process the data you provide in order to handle your inquiry.
This may include:
Name
Email address
Message content
Order number, if provided
Other information voluntarily provided by you
Legal basis:
Art. 6 (1) lit. b GDPR, if the inquiry relates to a contract or pre-contractual measures.
Art. 6 (1) lit. f GDPR, based on our legitimate interest in responding to inquiries.
The data will be deleted once the inquiry has been conclusively processed, unless legal retention obligations prevent deletion.
8. Newsletter
If you subscribe to our newsletter, we process your email address and, where applicable, your name in order to send you promotional emails, product updates, offers, and news about our brand.
Subscription to the newsletter takes place only with your consent.
Legal basis:
Art. 6 (1) lit. a GDPR.
You can withdraw your consent at any time with effect for the future by using the unsubscribe link in the newsletter or by contacting us at:
info@angelsign.shop
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If we use a newsletter service provider, your data may be transmitted to this provider for the purpose of sending and analyzing newsletters. Such processing is carried out on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR, where required.
9. Customer Account
If we offer customer accounts and you create a customer account, we process the data required for registration and account management.
This may include:
Name
Email address
Password
Billing and delivery addresses
Order history
The customer account allows you to view previous orders and place future orders more conveniently.
Legal basis:
Art. 6 (1) lit. b GDPR.
You can request deletion of your customer account at any time by contacting:
info@angelsign.shop
Legal retention obligations remain unaffected.
10. Marketing and Analytics
With your consent, we may use analytics and marketing tools to understand how visitors use our website, to improve our offer, and to measure the success of advertising campaigns.
This may include the processing of:
IP address
Device information
Browser information
Pages visited
Time spent on the website
Click behavior
Purchases or checkout events
Referrer URL
Legal basis:
Art. 6 (1) lit. a GDPR.
Section 25 (1) TDDDG.
You can withdraw or adjust your consent at any time via the cookie settings on our website.
11. Rights of the Data Subject
You have the following rights regarding your personal data:
Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to object to processing pursuant to Art. 21 GDPR
Right to withdraw consent pursuant to Art. 7 (3) GDPR, with effect for the future
To exercise your rights, please contact us at:
info@angelsign.shop
12. Right to Object
If we process your personal data based on legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object to this processing at any time. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
13. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.
The competent supervisory authority for private companies based in Bavaria is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Postal address:
Postfach 1349
91504 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de
14. Data Security
We use appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Our website uses encryption, such as SSL or TLS, to protect the transmission of confidential content, for example orders or inquiries sent to us via the website.
15. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy in order to comply with current legal requirements or to reflect changes to our services.
The version available on our website at the time of your visit applies.