Privacy policy
This English translation is provided for convenience only. In case of discrepancies, the German version prevails
1) Introduction and Controller Contact Details
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when using our website. Personal data refers to all data with which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is c.w.design GmbH, Harderstr. 22a, 85049 Ingolstadt, Germany, Tel.: +49 841 1428240, Email: hello@blooming3d.shop. The controller is the natural or legal person who alone or jointly determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 Server Log Files
When using our website for informational purposes only, we collect only the data transmitted by your browser to our server (so-called “server log files”). When you access our website, we collect the following data technically required to display the website:
- Website visited
- Date and time of access
- Amount of data transferred in bytes
- Referrer URL (previously visited page)
- Browser used
- Operating system used
- IP address (possibly anonymised)
Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. No disclosure or other use of the data takes place. However, we reserve the right to review server log files if there are concrete indications of unlawful use.
2.2 SSL / TLS Encryption
For security reasons and to protect the transmission of personal data, this website uses SSL or TLS encryption. You can recognise an encrypted connection by “https://” and the lock symbol in your browser.
3) Hosting & Content Delivery Network
3.1 Shopify Hosting
We use the following provider for hosting and website display:
Shopify
Shopify International Limited, Dublin, Ireland
Data may also be processed in Canada via Shopify Inc.
We have concluded a data processing agreement ensuring the protection of visitor data. Canada has an adequacy decision by the European Commission.
3.2 Content Delivery Network (CDN)
We also use a CDN provided by Shopify, with data possibly transferred to Shopify Inc. (Canada) and Cloudflare Inc. (USA).
Transfers to the USA are protected under the EU–US Data Privacy Framework.
4) Cookies
We use cookies to make our website more user-friendly and functional. These may be session cookies (deleted after browser close) or persistent cookies.
If personal data is processed via cookies, this is based on:
- Art. 6(1)(b) GDPR (contract execution)
- Art. 6(1)(a) GDPR (consent)
- Art. 6(1)(f) GDPR (legitimate interest)
You can configure your browser to control cookies. Disabling cookies may limit functionality.
5) Contacting Us
When contacting us (e.g. via email or form), personal data is processed solely to handle your request.
Legal basis:
- Art. 6(1)(f) GDPR (legitimate interest)
- Art. 6(1)(b) GDPR (contract-related requests)
Data is deleted once the matter is resolved and no legal retention obligations exist.
6) Customer Account
When opening a customer account, personal data is processed pursuant to Art. 6(1)(b) GDPR. You may delete your account at any time unless legal retention obligations apply.
7) Newsletter & Marketing
7.1 Newsletter Registration
We use a double opt-in system. Only your email is required. Legal basis: Art. 6(1)(a) GDPR.
You may unsubscribe at any time.
7.2 Shopify Email
Newsletter services are provided via Shopify. Statistical tracking (e.g. opens, clicks) may occur based on consent.
8) Order Processing
8.1 General Processing
Personal data may be shared with delivery and payment providers for contract fulfilment (Art. 6(1)(b) GDPR).
8.2 Payment Providers
We use:
- Amazon Pay
- Klarna
- PayPal
- Shopify Payments
Data is shared only as required for payment processing and credit checks where applicable.
9) Website Features
9.1 Google Maps
Used to display interactive maps. Data may be transferred to Google servers in the USA.
9.2 Google Web Fonts
Fonts are loaded from Google servers, which may transfer IP data.
9.3 Google reCAPTCHA
Used to protect against spam and bots by analysing user behaviour.
10) Tools & Consent Management
We use a cookie consent tool to manage user permissions for cookies and tracking technologies.
11) Data Subject Rights
You have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Withdraw consent (Art. 7 GDPR)
- Lodge a complaint (Art. 77 GDPR)
Right to object (Art. 21 GDPR)
You may object to processing based on legitimate interests or direct marketing at any time.
12) Duration of Storage of Personal Data
The duration for which personal data is stored is determined by the respective legal basis, the purpose of processing, and—where applicable—also by the relevant statutory retention periods (e.g. commercial and tax law retention periods).
Where personal data is processed on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.
Where statutory retention periods exist for data processed within the scope of contractual or quasi-contractual obligations based on Art. 6(1)(b) GDPR, such data will be routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfilment or initiation and/or there is no legitimate interest on our part in further storage.
Where personal data is processed on the basis of Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Where personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the specific processing situations described in this privacy policy, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.