1 Introduction

Your privacy is important to us. This Privacy Policy outlines the types of personal data we collect, how we use it, your rights under GDPR, and the measures we take to keep your information safe. By using our Website or purchasing our Products, you agree to the practices described in this Policy.

2 Personal Data We Collect

We may collect the following categories of personal data:

• Identity Data: full name, date of birth (if required), gender (optional).
• Contact Data: email address, phone number, billing address, shipping address.
• Order Data: items purchased, transaction history, order status, invoices.
• Payment Data: encrypted payment information processed securely by third-party payment providers (we do NOT store full card details).
• Technical Data: IP address, browser type, device information, login data, cookies, and tracking technologies.
• Usage Data: pages visited, time spent on pages, referral URLs, navigation paths.
• Communication Data: messages sent to customer support, email interactions, requests, and complaints.

3 How We Collect Your Data

We collect personal data in the following ways:

• Directly from you: when you create an account, place an order, fill out forms, or contact us.
• Automatically: through cookies, analytics tools, and tracking technologies when you visit our Website.
• From third parties: payment processors (e.g., PayPal, Klarna), shipping providers, analytics tools (e.g., Google Analytics).

4 How We Use Your Personal Data

We process your personal data for the following purposes:

• To provide, operate, and manage our online store.
• To process your orders, payments, shipping, and returns.
• To communicate with you regarding orders, updates, or support requests.
• To personalize your shopping experience.
• To improve Website performance, functionality, and customer satisfaction.
• To send marketing communications (only with your explicit consent).
• To comply with legal obligations (tax, invoices, fraud prevention, consumer law).

5 Legal Basis for Processing – GDPR Compliance

We process your personal data under the following lawful bases:

• Contractual Necessity: to process payments, fulfill orders, handle shipping.
• Legitimate Interests: fraud prevention, service improvement, customer support.
• Legal Obligations: tax reporting, accounting, compliance with EU consumer laws.
• Consent: for email marketing, newsletters, cookie tracking.

6 When & Why We Share Personal Data

We may share your data with trusted third parties only when necessary:

• Payment processors: PayPal, Visa, Mastercard, Klarna.
• Shipping companies: to deliver your orders.
• IT service providers: hosting, cloud services, security tools.
• Analytics partners: Google Analytics, cookies & tracking providers.
• Legal authorities: if required by law or to enforce our Terms.

We NEVER sell your data to third parties for marketing purposes.

7 Cookies & Tracking Technologies

We use cookies and similar tracking tools to enhance your browsing experience, analyze traffic, and personalize content.

Types of cookies we use:

• Essential Cookies: required for website functionality.
• Analytics Cookies: help us understand user behavior and improve the site.
• Marketing Cookies: used to show relevant ads (only with consent).

You can modify or disable cookie usage through your browser settings at any time.

8 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law.

• Order & invoice data: 5–10 years (required by EU tax laws).
• Account information: retained until you delete your account.
• Marketing data: retained until you withdraw consent.

9 Your Rights Under GDPR

As an EU resident, you have the following rights:

• Right to Access: request a copy of your personal data.
• Right to Rectification: update incorrect or incomplete data.
• Right to Erasure: request deletion of your data (“right to be forgotten”).
• Right to Restrict Processing under certain conditions.
• Right to Data Portability: receive your data in a structured, machine-readable format.
• Right to Object: withdraw consent or opt-out of marketing.
• Rights related to automated decision-making: request human review.

To exercise your rights, contact us via the details provided at the end of this Policy.

10 Data Security

We implement technical and organizational security measures to protect your data, including:

• SSL encryption
• Secure servers
• Access controls
• Encrypted payment gateways
• Regular security audits

While we take all reasonable precautions, no online system is 100% secure. You share information at your own risk.

11 International Data Transfers

Some of our service providers may store or process data outside the EU. In such cases, we ensure:

• EU-approved Standard Contractual Clauses (SCCs)
• GDPR-compliant safeguards
• Data transfers only to trusted and compliant providers

12 Children’s Privacy

Our Website is not intended for children under the age of 16. We do not knowingly collect data from minors.

13 Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top of the page.

14 Contact Information

If you have questions, requests, or complaints regarding this Privacy Policy or how we handle your data, contact us at:

• Email: info@verdeoro.de
• WhatsApp / Phone: +49 176 81446826

We aim to respond to all GDPR-related requests within 30 days.