Data protection

1. Responsible person

Florian Umbreit
Sole proprietorship
Bahnhofstraße 3b
53340 Meckenheim
Germany

Email: info@radicalwarehouse.com

2. Collection and storage of personal data as well as the type and purpose of processing

a) When visiting our website

When you access our Shopify store, the Shopify server automatically collects information that is technically necessary to display the website:

  • IP address

  • Date and time of access

  • Browser type and version

  • Operating system used

  • Referrer URL

  • Device information

  • Log data from the Shopify system

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure, stable shop operation).

b) When placing an order

When you place an order, we collect the following data:

  • First and Last Name

  • Billing and delivery address

  • E-mail address

  • Payment information (not full credit card details – these are processed exclusively by the payment provider)

  • Order and transaction data

Purposes of processing:

  • Order processing

  • Shipment

  • Invoicing

  • Customer service

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract).

c) When making contact

If you contact us by email, we will process the transmitted data solely for the purpose of handling your request.

Legal basis: Art. 6 para. 1 lit. a or b GDPR.

3. Hosting via Shopify

Our shop is operated by Shopify International Limited , 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify stores and processes personal data on our behalf. This may involve transferring data to third countries (particularly Canada and the USA). Shopify uses recognized safeguards such as standard contractual clauses for this purpose.

Legal basis: Art. 6 para. 1 lit. f and lit. b GDPR.

More information: https://www.shopify.com/legal/privacy

4. Data Sharing

We only share personal data if this is necessary for the fulfillment of the contract:

to shipping service providers

(e.g. DHL, DPD, UPS)
– Name and delivery address for delivery.

to payment service providers

(see next section)

Furthermore, no data will be shared except where legally required.

5. Payment service providers

PayPal

When paying via PayPal, name, email address, IP address, payment amount and other transaction-related data are transmitted to

PayPal (Europe) S.à rl et Cie, SCA
transmitted.

PayPal carries out independent data processing over which we have no influence.

PayPal Privacy Statement:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Credit card payment via Shopify Payments

Credit card payments are processed via Shopify Payments , technically operated by Stripe Inc.

Data processed:

  • Payment information

  • IP address

  • Invoice data

  • Transaction data

Stripe privacy policy:
https://stripe.com/privacy

Legal basis: Art. 6 para. 1 lit. b GDPR.

Klarna

When selecting Klarna payment methods, personal data is transmitted to Klarna to enable risk assessment, identity verification and payment processing.

Klarna Bank AB (publ)
Sveavägen 46, 111 34 Stockholm, Sweden

Klarna privacy policy:
https://www.klarna.com/de/datenschutz/

Legal basis: Art. 6 para. 1 lit. b and lit. f GDPR.

6. Cookies

Our Shopify store uses only technically necessary cookies (e.g. shopping cart, session management).
Since no analytics or marketing cookies are used, only a basic cookie notice function is required.

Legal basis: Art. 6 para. 1 lit. f GDPR.

7. No analytics or marketing tools

We do not use tools such as Google Analytics, Meta Pixel, TikTok Pixel or similar services .

8. Storage duration

Personal data is stored:

  • as long as they are necessary for processing the order

  • in accordance with statutory retention periods (6–10 years for tax data)

9. Rights of data subjects

You have the following rights at any time:

  • Right of access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

Complaints can be addressed to the responsible data protection authority in North Rhine-Westphalia.

10. Right to object

You can object to the processing of your personal data at any time for reasons arising from your particular situation.

11. Data security

We use SSL encryption and other technical and organizational measures to protect your data from loss, misuse and unauthorized access.

12. Updates and changes to this privacy policy

This privacy policy is currently valid. Changes may occur due to technical or legal adjustments.