PRIVACY

 

1. Controller

 

 

Caelan GmbH

Kyffhäuserstraße 13

40545 Düsseldorf

Germany

Email: contact@caelan.de

Phone: +49 174 738 21 99

 

2. Hosting & Shop System (Shopify)

 

 

Our website is operated using Shopify Inc., 151 O’Connor Street, Ottawa, Ontario K2P 2L8, Canada.

 

Shopify stores data on servers in Canada and other countries.

Canada is recognized by the EU Commission as providing an adequate level of data protection under Art. 45 GDPR.

 

Legal basis: Art. 6 (1) (b) and (f) GDPR.

 

3. Server Log Files

 

 

When accessing our website, the following data is automatically collected:

  • Anonymized IP address

  • Date and time

  • Browser type

  • Operating system

  • Referrer URL

 

Retention: up to 14 days.

Legal basis: Art. 6 (1) (f) GDPR.

 

4. Cookies

 

 

We use technically necessary cookies required for the operation of the online shop (e.g., shopping cart, login status).

 

No marketing or tracking cookies are currently used.

 

Legal basis: Art. 6 (1) (f) GDPR.

 

5. Orders & Customer Accounts

 

 

For order processing, we collect:

  • Name

  • Address

  • Email address

  • Payment information

 

Legal basis: Art. 6 (1) (b) GDPR.

 

Retention: 6–10 years in accordance with legal retention obligations.

 

6. Payment Providers

 

 

 

Shopify Payments

 

 

Credit card payments are processed via Shopify Payments (Stripe Payments Europe Ltd.).

 

 

PayPal

 

 

If you choose PayPal, payment data is transferred to

PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

 

We do not store credit card data on our servers.

 

Legal basis: Art. 6 (1) (b) GDPR.

 

7. Newsletter

 

 

Currently, no newsletter service is active.

If introduced in the future, it will only be used with explicit consent (Art. 6 (1) (a) GDPR).

 

8. Data Sharing

 

 

Data is shared only:

  • For contract fulfillment

  • With payment providers

  • With shipping providers

 

No data is shared for advertising purposes.

 

9. Your Rights

 

 

Under Art. 15–21 GDPR, you have the right to:

  • Access

  • Rectification

  • Erasure

  • Restriction

  • Data portability

  • Objection

 

You may lodge a complaint with a supervisory authority.

 

10. Data Security

 

 

We use SSL/TLS encryption and appropriate technical and organizational security measures in accordance with Art. 32 GDPR.