PRIVACY POLICY

1. Identity of the Controller
Smilva GbR – Partners: Baraa & Serjane
Contact: smilva.official@gmail.com

2. Categories of Data We Collect

• Name, address, email, phone number

• Order and payment data (payments via PayPal, Klarna, Apple Pay, Shop Pay, card providers – we do not store full card details)

• Technical data (IP address, browser, device)

• Usage data and cookies

• Messages you send us

3. Purposes of Processing and Legal Basis

• To process and deliver orders (Art. 6(1)(b) GDPR)

• To comply with legal obligations (e.g., invoices, tax records)

• To keep our website secure and prevent fraud (legitimate interest)

• For analytics and marketing only with your consent

4. Recipients and Disclosure of Data

• Payment service providers

• Shopify (hosting platform)

• Shipping and courier services

• Authorities where required by law

5. Data Retention and Deletion

• Orders/payments: up to 10 years

• Communication: up to 3 years

• Cookies/technical data: until deleted or consent withdrawn

6. Your Rights as a Data Subject
You have the right to:

• Access your data

• Correct or delete it

• Restrict or object to processing

• Request data transfer

• Withdraw consent at any time

Requests: smilva.official@gmail.com

7. Cookies and Tracking Technologies

• Essential cookies: required for the shop to work

• Analytics/marketing cookies: only with your consent

8. Data Security
We take strong measures to protect your personal data. This includes secure servers, encryption, and limited access for authorized staff only. While no online system can be completely risk-free, we regularly review and update our security practices to keep your information safe in line with GDPR requirements.

9. Complaints to Authorities
If you believe your rights have been violated, you may complain to your local data protection authority. In Germany, this is the Landesdatenschutzbehörde.