Table of Contents

1. Controller and Contact Details

2. Data Collection During Website Visits

3. Hosting and Content Delivery

4. Cookies

5. Contacting Us

6. Customer Account

7. Direct Marketing and Newsletter

8. Data Processing for Order Fulfillment

9. Website Functionalities

10. Tools and Services Used

11. Rights of Data Subjects

12. Storage Duration

 

1) Controller and Contact Details

1.1 Thank you for visiting our website. The protection of your personal data is very important to us. Below, we would like to transparently inform you about which data is processed when using our services and on what basis this occurs. Personal data refers to all information that allows your personal identification.

1.2 The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Florian Geisinger

Florian Geisinger Digital Creation

Merksteiner Str. 16, 52531 Übach-Palenberg, Germany

Tel.: 017656154254

Email: floriangeisinger@gmail.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection During Website Visits

2.1 If you visit our website purely for informational purposes, without registering or otherwise actively submitting data to us, we only process technical data that your browser automatically transmits to our web server (so-called server log files). This specifically includes the following information:

–      Page accessed on our website

–      Date and time of access

–      Data volume of transferred content in bytes

–      Referrer URL (page from which you accessed us)

–      Type and version of the browser used

–      Operating system used

–      IP address (possibly in anonymized form)

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the stable and functional operation of our website. This data is generally not used for other purposes or passed on to third parties. However, we reserve the right to retrospectively evaluate log data if there are concrete indications of misuse or unlawful access.

2.2 To protect the transmission of your personal data and other confidential content – such as orders or messages to us – our website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

3) Hosting and Content Delivery

Our website is hosted by a service provider who operates its infrastructure services – including those provided by subcontractors – exclusively on servers within the European Union. All data generated on our website is processed on these servers.

We have concluded a data processing agreement with the hosting service provider in accordance with Art. 28 GDPR, which ensures the legally compliant handling of our website visitors' data and prevents unauthorized disclosure to third parties.

4) Cookies

We use cookies for the user-friendly design of our website and to provide certain functions. Cookies are small text files that are stored on your device. So-called session cookies are automatically removed after closing the browser. Persistent cookies, however, remain on your device even after restarting the browser and allow your preferences to be stored. You can find the respective storage duration in your browser's cookie settings.

Insofar as personal data is processed via individual cookies, this is done:

–      in accordance with Art. 6 para. 1 lit. b GDPR for contract fulfillment,

–      in accordance with Art. 6 para. 1 lit. a GDPR based on your consent, or

–      in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in an optimal and user-friendly website design.

You can configure your browser settings so that you are informed about the setting of cookies and can decide individually whether to accept them or generally deactivate the setting of cookies. Please note that deactivating cookies may impair the functionality of our website.

5) Contacting Us

If you contact us – whether via a contact form, email, or other means – we process the personal data you transmit solely for the purpose of handling your inquiry and only to the extent necessary for this purpose.

The processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to customer inquiries). Insofar as your contact aims at concluding a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR. The data will be deleted once the respective matter has been conclusively processed and no legal retention obligations prevent deletion.

6) Customer Account

If you create a customer account on our website, we process the personal data you provide in accordance with Art. 6 para. 1 lit. b GDPR to the extent necessary for account management and order processing. You can find out which data is requested during registration from the respective form on our website.

You can have your customer account deleted at any time by sending a message to the contact address mentioned above. After deletion, your data will be removed, provided that all contracts processed via the account have been fully fulfilled, no legal retention periods apply, and we have no legitimate interest in further storage.

7) Direct Marketing and Newsletter

Newsletter Subscription

If you subscribe to our email newsletter, we will regularly send you information about our products and offers. The only mandatory information for receiving the newsletter is your email address. All other information is voluntary and serves for personalized addressing.

We use the double opt-in procedure: After registration, you will receive a confirmation email with a verification link. Your consent to receive the newsletter only becomes effective by clicking this link. This way, we ensure that only you can subscribe to your email address.

By activating the confirmation link, you give us your consent according to Art. 6 para. 1 lit. a GDPR. We store the IP address assigned by your Internet service provider (ISP) as well as the date and time of registration in order to be able to provide the necessary evidence in the event of misuse of your email address.

You can unsubscribe from the newsletter at any time via the corresponding unsubscribe link in the newsletter or by notifying us. Your email address will be immediately deleted from our distribution list after unsubscribing, unless you have explicitly consented to other use.

8) Data Processing for Order Fulfillment

8.1 Insofar as it is necessary for contract and payment processing, we transmit your personal data in accordance with Art. 6 para. 1 lit. b GDPR to the commissioned shipping company and the responsible credit institution.

If we owe you updates for goods with digital elements or digital products on a contractual basis, we will use your contact details provided during the order exclusively for this informational purpose in accordance with Art. 6 para. 1 lit. c GDPR.

8.2 For order delivery, we work with external shipping service providers. They receive from us exclusively your name, delivery address and – if required for delivery – your telephone number, and exclusively for the purpose of goods delivery in accordance with Art. 6 para. 1 lit. b GDPR.

8.3 Billbee

We use the service of Billbee GmbH, Arolser Str. 10, 34477 Twistetal, for processing orders. Name, address, and possibly other personal data are transferred to this provider exclusively for the purpose of order processing in accordance with Art. 6 para. 1 lit. b GDPR. The data transfer is limited to the extent absolutely necessary for order processing.

8.4 Contrado

For the production and shipping of print-on-demand orders, we use the service of Contrado Imaging Ltd. (address: 17 Sunbeam Rd, London NW10 6JP, United Kingdom). Name, delivery address, and any other personal data necessary for production are passed on to this provider exclusively for the fulfillment of the purchase contract in accordance with Art. 6 para. 1 lit. b GDPR. If data is transferred to a third country (outside the EU/EEA), this is secured by appropriate guarantees in accordance with Art. 46 GDPR (e.g., EU standard contractual clauses).

8.5 Shopify Digital Download

For the delivery of digital content, we use the service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Name, address, and possibly other order data are transmitted in accordance with Art. 6 para. 1 lit. b GDPR only to the extent necessary for the provision of the digital content.

8.6 Payment service providers used

Adyen

Payment methods from the provider Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands, are available on our website. When choosing a payment method requiring advance payment (e.g., credit card), your payment data (name, address, account and card information, currency, transaction number) and order information are forwarded to this provider exclusively for payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple Pay

If "Apple Pay" from Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, is selected, payment processing takes place via the Apple Pay function of your iOS, watchOS or macOS device. Apple Pay uses device-integrated security mechanisms (Face ID, Touch ID, device PIN) for payment authorization. Your order data is transmitted to Apple in encrypted form, re-encrypted there with a developer-specific key, and then forwarded to the card provider. After the transaction, Apple only stores anonymized transaction data (approximate amount, approximate date, status result) for its own product improvements. Tracing back to your person is therefore not possible. Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Data protection information for Apple Pay: https://support.apple.com/de-de/HT203027

Google Pay

When "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is selected, payment is made via the Google Pay app on your Android device (Android 4.4 or higher with NFC) by charging a payment method stored there. For amounts over €25, prior device unlocking (e.g., via fingerprint or PIN) is required. Google transmits a uniquely valid transaction number (token) to your order website, which does not contain any real data of your payment methods. Google acts exclusively as a technical payment intermediary. Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Transaction-related data (date, amount, merchant information) is also stored by Google for service optimization based on legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Data protection information: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

iDEAL

For payments via iDEAL from Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands, your payment and order data will be transmitted to this provider exclusively for transaction processing in accordance with Art. 6 para. 1 lit. b GDPR.

Klarna

For payments via Klarna (Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden), your payment data will be transmitted for processing in accordance with Art. 6 para. 1 lit. b GDPR for payment methods requiring advance payment. For subsequent payment methods (purchase on account, installment purchase, direct debit), additional information (name, address, date of birth, email, phone) will be transmitted to Klarna for a credit check in accordance with Art. 6 para. 1 lit. f GDPR. Klarna may involve credit agencies for this purpose; a list can be found at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies. The results of such checks may include score values that are based on scientifically recognized statistical procedures. You can object to this processing at any time, insofar as it is based on Art. 6 para. 1 lit. f GDPR.

Revolut Pay

For payments via Revolut Pay from Revolut Bank UAB, Konstitucijos ave. 21B, 08130 Vilnius, Lithuania, your payment and order data will be transmitted to this provider exclusively for payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Shopify Payments

For payments via Shopify Payments from Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, your payment and order data will be transmitted exclusively for payment processing in accordance with Art. 6 para. 1 lit. b GDPR when selecting a payment method requiring advance payment.

Skrill

For payments via Skrill (Skrill Ltd., Floor 27, 25 Canada Square, London E14 5LQ, England), your payment data will be transmitted in accordance with Art. 6 para. 1 lit. b GDPR. An adequate level of data protection for transfers to the provider's location is ensured by an adequacy decision of the European Commission.

SOFORT

For payments via SOFORT from SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany, your payment and order data will be transmitted exclusively for transaction processing in accordance with Art. 6 para. 1 lit. b GDPR.

9) Website functionalities

Google Sign-In

Our website integrates the Single Sign-On function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data may also be transmitted to Google LLC, USA.

If you have a Google account, you can register or log in on our website using it. Even when you access the page, a direct connection can be established between your browser and Google's servers – even without your own Google account or active login. Google thus receives the information that our page has been visited. Your IP address and other browser-side information are transmitted directly to Google servers and stored there, but not used for personal identification and not passed on to third parties. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in a convenient login option).

If you click the Google login button, Google will provide us with the public profile information stored in your account (user ID, name, address, email, age, gender) based on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. We use this data exclusively to set up your user account. You can withdraw your consent at any time with effect for the future.

Data transfers to the USA are secured by Google's participation in the EU-US Data Privacy Framework, which is based on an adequacy decision by the European Commission.

Further information on data protection at Google: https://business.safety.google/intl/de/privacy/

10) Tools and services used

10.1 Billbee (Accounting)

For our business accounting, we use the cloud-based service of Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany. Billbee processes incoming and outgoing invoices as well as bank transactions to automatically create financial accounting. Insofar as personal data is processed, this is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient and proper accounting).

10.2 Cookie Consent Management

Our website uses a cookie consent tool to obtain legally compliant consent for cookies and similar technologies that require consent. This tool is presented to you on your first visit in the form of an interactive user interface, through which you can grant or deny consent for individual cookie categories. Cookies requiring consent are only set if you have actively agreed.

The tool itself sets technically necessary cookies to store your consent decisions. The processing of any personal data (e.g., IP address) within the scope of consent management is carried out on the basis of Art. 6 para. 1 lit. f GDPR and Art. 6 para. 1 lit. c GDPR (legal obligation for verifiable consent management).

We have concluded a data processing agreement with the tool provider, where necessary. Further information on the setting options can be found directly in the tool's user interface on our website.

11) Rights of data subjects

11.1 In accordance with the applicable data protection regulations, you have the following data subject rights vis-à-vis the controller:

–      Right of access according to Art. 15 GDPR

–      Right to rectification according to Art. 16 GDPR

–      Right to erasure according to Art. 17 GDPR

–      Right to restriction of processing according to Art. 18 GDPR

–      Right to notification according to Art. 19 GDPR

–      Right to data portability according to Art. 20 GDPR

–      Right to withdraw consent given according to Art. 7 para. 3 GDPR

–      Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR

 

11.2 Right to object

 

12) Storage period of personal data

The storage period depends on the respective legal basis, the purpose of processing, and the relevant legal retention periods (especially from commercial and tax law):

–      Data based on consent (Art. 6 para. 1 lit. a GDPR) will be stored until consent is withdrawn.

–      Contractually required data (Art. 6 para. 1 lit. b GDPR) will be routinely deleted after the statutory retention periods have expired, provided they are no longer required for contract execution.

–      Data based on a balancing of interests (Art. 6 para. 1 lit. f GDPR) will be deleted as soon as you effectively exercise your right to object in accordance with Art. 21 para. 1 GDPR, provided no compelling legitimate grounds for processing can be demonstrated.

–      Data stored for direct marketing purposes will be deleted immediately after the right to object is exercised in accordance with Art. 21 para. 2 GDPR.

Unless otherwise specified in this declaration, personal data will be deleted as soon as the purpose for which it was collected or processed has ceased to apply and no legal retention obligations prevent its deletion.

 

As of: 05.05.2026