Privacy Policy

Last updated: March 2025

1. Controller and contact details

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Shythrelvormae
Steindamm 2
20099 Hamburg
Germany

Email: supportcenter@shythrelvormae.world
Phone: +49 40 241 243

2. Scope and purpose of this policy

This Privacy Policy describes how we collect, use, store, and protect your personal data when you visit our website https://shythrelvormae.world, use our services, or contact us. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679), the German Federal Data Protection Act (BDSG), and other applicable data protection legislation.

3. Categories of personal data we collect

3.1 Data you provide directly

When you place an order, complete a contact form, or communicate with us, we may collect:

• Name and title
• Email address
• Telephone number (if provided)
• Postal address (for order fulfilment)
• Message content and order details
• Consent records (e.g. marketing, cookie preferences)

3.2 Automatically collected data

When you access our website, we may automatically collect:

• IP address
• Browser type and version
• Operating system
• Device information
• Date and time of access
• Referrer URL
• Pages visited and duration of visit

4. Legal bases and purposes of processing

We process personal data only where we have a valid legal basis:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to fulfil orders, provide services, and communicate about your order (e.g. name, email, address, order details).
• Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as improving our website, preventing fraud, ensuring security, and defending legal claims, where these interests are not overridden by your rights.
• Consent (Art. 6(1)(a) GDPR): Processing for marketing, optional analytics, or non-essential cookies, where you have given explicit consent.
• Legal obligation (Art. 6(1)(c) GDPR): Processing required by law (e.g. tax and commercial retention obligations).

5. Data retention periods

We retain your data only for as long as necessary for the purposes described:

• Order and contract data: For the duration of the contractual relationship plus 10 years for tax and commercial law purposes (German HGB, AO).
• Contact form enquiries: Up to 3 years after the last contact, unless longer retention is required for legal claims.
• Marketing data (where consent given): Until you withdraw consent or object.
• Log data and analytics: Up to 24 months, unless a shorter period is required by law.
• Cookie consent preferences: Up to 24 months.
• Legal defence: Until the limitation period for relevant claims has expired.

6. Recipients and transfers

We may share your data with:

• Service providers: Hosting, payment processing, shipping, and email service providers that process data on our behalf (processors) under data processing agreements.
• Authorities: Where required by law (e.g. tax offices, courts).

Transfers to countries outside the European Economic Area (EEA) are made only where an adequacy decision exists or appropriate safeguards (e.g. standard contractual clauses) are in place.

7. Your rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You may request a copy of your personal data and information about how we process it.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data in certain cases (e.g. where processing is no longer necessary or was based on consent that you have withdrawn).
• Right to restriction (Art. 18 GDPR): You may request that we limit processing in certain situations.
• Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used format.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing at any time.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with a supervisory authority. In Germany, the competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit).

To exercise these rights, please contact us using the details in section 1.

8. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• SSL/TLS encryption for data transmitted via our website
• Secure hosting environments
• Access controls and authentication
• Regular security reviews and updates
• Employee training on data protection

9. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your preferences via our cookie banner and Cookie Policy.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version is always available on our website. We will indicate the date of the last update at the top of this policy.