Privacy Notice
1. Information on the Collection of Personal Data and Controller Contact Details
1.1 Introduction
We appreciate your visit to our website and your interest in our company. This Privacy Policy informs you about how your personal data is collected, processed, and protected when using our website. Personal data refers to any information that can identify you personally.
This Privacy Policy explains:
- What personal data we collect and why
- How and where we process it
- Which partners we work with (hosting, payments, marketing)
- Your rights under GDPR
- How you can contact us or file a complaint
1.2 Controller
The controller responsible for the data processing within the meaning of Article 4(7) GDPR is:
Oxolot Distribution GmbH
Osterather Str. 7, 50739 Köln, Germany
Tel.: +49 221 29 282 640
E-mail: accounting@bluntumbrellas.de
1.3 Encryption
This website uses SSL/TLS encryption to protect your data. An encrypted connection is indicated by “https://” and the padlock symbol in your browser address bar.
2. Data Collection During Website Use
When you use our website for informational purposes only (i.e., without registering or otherwise transmitting information), we collect only the data that your browser automatically transmits to our server (server log files). This includes:
- Visited page(s)
- Date and time of access
- Amount of data transferred
- Referring URL
- Browser and operating system used
- IP address (anonymized if applicable)
Processing is based on Article 6(1)(f) GDPR, serving our legitimate interest in ensuring website stability and security. Log data is not disclosed or used for other purposes unless misuse is suspected.
3. Hosting and Content Delivery
Shopify Hosting
Our website is hosted on the Shopify platform (Shopify International Ltd., Ireland). Data may also be processed by affiliated companies, including Shopify Inc. (Canada) and Shopify entities in the USA. Transfers to Canada are covered by an EU adequacy decision. Data transfers to the USA are safeguarded by standard contractual clauses.
For more, see: Shopify Privacy Policy
4. Use of Cookies
We use cookies to optimize your browsing experience and enable essential functions. These include:
- Session cookies: Deleted when the browser is closed.
- Persistent cookies: Remain stored and allow us to recognize your browser.
Cookies may collect data such as IP address, browser type, and location, and are used based on:
- Article 6(1)(b) GDPR for contract-related purposes.
- Article 6(1)(f) GDPR for legitimate interests (e.g., usability, analytics).
- Article 6(1)(a) GDPR if consent is explicitly given.
You can manage your cookie preferences through your browser or via our Cookie Consent Tool. Disabling cookies may limit website functionality.
5. Contacting Us
If you contact us (e.g., via email or contact form), your data will be processed to respond to your inquiry. The legal basis is:
- Article 6(1)(f) GDPR (legitimate interest).
- Article 6(1)(b) GDPR (if pre-contractual actions are required).
Your data will be deleted once the inquiry is resolved, unless legal obligations require retention.
6. Direct Marketing and Newsletters
6.1 Email Newsletters
Newsletters are sent only after your explicit consent (double opt-in, Art. 6(1)(a) GDPR). You may unsubscribe at any time, and we will delete your email address unless you consent to further use.
6.2 Service Provider: Klaviyo
Email campaigns are managed by Klaviyo (USA). Transfers are covered under a Data Processing Agreement and standard contractual clauses.
7. Data Processing for Orders
7.1 General
Personal data is processed for fulfilling contracts and deliveries (Art. 6(1)(b) GDPR). If required, we will also inform you about digital product updates under Art. 6(1)(c) GDPR.
7.2 Service Providers
7.3 Shipping Providers (e.g., DHL)
We only transmit your data (e.g., email for delivery notifications) with your consent (Art. 6(1)(a) GDPR) or for fulfilling contracts (Art. 6(1)(b) GDPR).
7.4 Payment Providers
Depending on the selected method, payment data may be shared with:
-
Mollie
Privacy -
PayPal
Privacy -
Shopify Payments via Stripe
Stripe Privacy
Transfers outside the EU are protected by appropriate safeguards.
8. Online Marketing
Marketing tools like Google AdSense and Microsoft Advertising are used only with your consent (Art. 6(1)(a) GDPR). You may revoke this via our Cookie Consent Tool at any time.
9. Web Analytics
Google Analytics 4
We use Google Analytics 4 with IP anonymization and in consent mode (Art. 6(1)(a) GDPR). No cookies or tracking occur unless you explicitly accept them.
More info:
10. Integrated Services
10.1 Vimeo
Vimeo videos may process personal data in the USA. Tracking tools like Google Analytics may also be integrated. Use is based on your consent (Art. 6(1)(a) GDPR).
Vimeo Privacy
10.2 Google reCAPTCHA
Used to protect forms from misuse (Art. 6(1)(f) GDPR).
Google Privacy
11. Tools and Plug-ins
11.1 Cookie Consent Tool
Used to manage user preferences. Technically required cookies are always active. Additional cookies are only enabled with user consent (Art. 6(1)(a), Art. 6(1)(c), and (f) GDPR).
11.2 Google Maps
Maps may transmit data to the USA. Consent required under Art. 6(1)(a) GDPR.
Google Maps Terms
Google Privacy
11.3 Lexoffice
Used for accounting and invoicing under Art. 6(1)(f) GDPR.
Lexoffice Privacy
12. Data Subject Rights (Chapter III GDPR)
You have the following rights:
- Right of Access (Art. 15 GDPR): You can request confirmation of whether we are processing your data and obtain a copy of the data.
- Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.
- Right to Erasure (Art. 17 GDPR): You may request the deletion of your data under certain conditions.
- Right to Restrict Processing (Art. 18 GDPR): You can request that we limit processing if certain conditions are met.
- Right to Data Portability (Art. 20 GDPR): You can receive the data you provided in a commonly used format and have it transmitted to another controller.
- Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing at any time.
- Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you may withdraw it at any time with future effect.
- Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority in your member state or where the alleged infringement occurred.
Right to Object
You may object to data processing based on legitimate interest or direct marketing at any time (Art. 21 GDPR).
13. Data Retention
Data is stored only as long as necessary:
- Based on consent: until revoked (Art. 6(1)(a) GDPR)
- Based on legal obligations: for statutory retention periods (Art. 6(1)(c) GDPR)
- Based on legitimate interest: until objection is exercised (Art. 6(1)(f) GDPR)
- Based on contracts: as long as required for contract performance (Art. 6(1)(b) GDPR)