1. Information on the Collection of Personal Data and Controller Contact Details

1.1 Introduction

We appreciate your visit to our website and your interest in our company. This Privacy Policy informs you about how your personal data is collected, processed, and protected when using our website. Personal data refers to any information that can identify you personally.

This Privacy Policy explains:

• What personal data we collect and why
• How and where we process it
• Which partners we work with (hosting, payments, marketing)
• Your rights under GDPR
• How you can contact us or file a complaint

1.2 Controller

The controller responsible for the data processing within the meaning of Article 4(7) GDPR is:
Oxolot Distribution GmbH
Osterather Str. 7, 50739 Köln, Germany
Tel.: +49 221 29 282 640
E-mail: accounting@bluntumbrellas.de

1.3 Encryption

This website uses SSL/TLS encryption to protect your data. An encrypted connection is indicated by “https://” and the padlock symbol in your browser address bar.

2. Data Collection During Website Use

When you use our website for informational purposes only (i.e., without registering or otherwise transmitting information), we collect only the data that your browser automatically transmits to our server (server log files). This includes:

• Visited page(s)
• Date and time of access
• Amount of data transferred
• Referring URL
• Browser and operating system used
• IP address (anonymized if applicable)

Processing is based on Article 6(1)(f) GDPR, serving our legitimate interest in ensuring website stability and security. Log data is not disclosed or used for other purposes unless misuse is suspected.

3. Hosting and Content Delivery

Shopify Hosting

Our website is hosted on the Shopify platform (Shopify International Ltd., Ireland). Data may also be processed by affiliated companies, including Shopify Inc. (Canada) and Shopify entities in the USA. Transfers to Canada are covered by an EU adequacy decision. Data transfers to the USA are safeguarded by standard contractual clauses.

For more, see: Shopify Privacy Policy

4. Use of Cookies

We use cookies to optimize your browsing experience and enable essential functions. These include:

• Session cookies: Deleted when the browser is closed.
• Persistent cookies: Remain stored and allow us to recognize your browser.

Cookies may collect data such as IP address, browser type, and location, and are used based on:

• Article 6(1)(b) GDPR for contract-related purposes.
• Article 6(1)(f) GDPR for legitimate interests (e.g., usability, analytics).
• Article 6(1)(a) GDPR if consent is explicitly given.

You can manage your cookie preferences through your browser or via our Cookie Consent Tool. Disabling cookies may limit website functionality.

5. Contacting Us

If you contact us (e.g., via email or contact form), your data will be processed to respond to your inquiry. The legal basis is:

• Article 6(1)(f) GDPR (legitimate interest).
• Article 6(1)(b) GDPR (if pre-contractual actions are required).

Your data will be deleted once the inquiry is resolved, unless legal obligations require retention.

6. Direct Marketing and Newsletters

6.1 Email Newsletters

Newsletters are sent only after your explicit consent (double opt-in, Art. 6(1)(a) GDPR). You may unsubscribe at any time, and we will delete your email address unless you consent to further use.

6.2 Service Provider: Klaviyo

Email campaigns are managed by Klaviyo (USA). Transfers are covered under a Data Processing Agreement and standard contractual clauses.

See: Klaviyo Privacy Policy

7. Data Processing for Orders

7.1 General

Personal data is processed for fulfilling contracts and deliveries (Art. 6(1)(b) GDPR). If required, we will also inform you about digital product updates under Art. 6(1)(c) GDPR.

7.2 Service Providers

• Easybill: Used for invoicing
  Privacy
• SendCloud: Used for shipping
  Privacy

7.3 Shipping Providers (e.g., DHL)

We only transmit your data (e.g., email for delivery notifications) with your consent (Art. 6(1)(a) GDPR) or for fulfilling contracts (Art. 6(1)(b) GDPR).

7.4 Payment Providers

Depending on the selected method, payment data may be shared with:

• Mollie
  Privacy
• PayPal
  Privacy
• Shopify Payments via Stripe
  Stripe Privacy

Transfers outside the EU are protected by appropriate safeguards.

8. Online Marketing

Marketing tools like Google AdSense and Microsoft Advertising are used only with your consent (Art. 6(1)(a) GDPR). You may revoke this via our Cookie Consent Tool at any time.

• Google Privacy
• Microsoft Privacy

9. Web Analytics

Google Analytics 4

We use Google Analytics 4 with IP anonymization and in consent mode (Art. 6(1)(a) GDPR). No cookies or tracking occur unless you explicitly accept them.

More info:

• Google Privacy Policy
• Partner Sites Data

10. Integrated Services

10.1 Vimeo

Vimeo videos may process personal data in the USA. Tracking tools like Google Analytics may also be integrated. Use is based on your consent (Art. 6(1)(a) GDPR).
Vimeo Privacy

10.2 Google reCAPTCHA

Used to protect forms from misuse (Art. 6(1)(f) GDPR).
Google Privacy

11. Tools and Plug-ins

11.1 Cookie Consent Tool

Used to manage user preferences. Technically required cookies are always active. Additional cookies are only enabled with user consent (Art. 6(1)(a), Art. 6(1)(c), and (f) GDPR).

11.2 Google Maps

Maps may transmit data to the USA. Consent required under Art. 6(1)(a) GDPR.
Google Maps Terms
Google Privacy

11.3 Lexoffice

Used for accounting and invoicing under Art. 6(1)(f) GDPR.
Lexoffice Privacy

12. Data Subject Rights (Chapter III GDPR)

You have the following rights:

• Right of Access (Art. 15 GDPR): You can request confirmation of whether we are processing your data and obtain a copy of the data.
• Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17 GDPR): You may request the deletion of your data under certain conditions.
• Right to Restrict Processing (Art. 18 GDPR): You can request that we limit processing if certain conditions are met.
• Right to Data Portability (Art. 20 GDPR): You can receive the data you provided in a commonly used format and have it transmitted to another controller.
• Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing at any time.
• Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you may withdraw it at any time with future effect.
• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority in your member state or where the alleged infringement occurred.

Right to Object

You may object to data processing based on legitimate interest or direct marketing at any time (Art. 21 GDPR).

13. Data Retention

Data is stored only as long as necessary:

• Based on consent: until revoked (Art. 6(1)(a) GDPR)
• Based on legal obligations: for statutory retention periods (Art. 6(1)(c) GDPR)
• Based on legitimate interest: until objection is exercised (Art. 6(1)(f) GDPR)
• Based on contracts: as long as required for contract performance (Art. 6(1)(b) GDPR)