Privacy policy

Last Updated: October 23, 2025

Haeina GbR
Lerchenauer Street 15
80809 Munich
Email: support@haeina.de

A data protection officer is not required for our company under applicable law. However, you may contact us at any time with questions regarding data protection.

HAEINA operates this shop and website, including all related information, content, functions, tools, products, and services, to provide you, as a customer, with a personalized shopping experience (the “Services”).
This Privacy Policy describes how we collect, use, and share personal data when you visit, use, or make a purchase or other transaction through the Services, or otherwise communicate with us.
If there is a conflict between our Terms and Conditions and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing, and disclosure of your personal data.

Please read this Privacy Policy carefully. By accessing or using any of our Services, you confirm that you have read this Privacy Policy and agree to the collection, use, and disclosure of your data as described herein.

What Personal Data Do We Collect or Process?

When we refer to “personal data,” we mean information that identifies you or can be directly associated with you.
Personal data does not include information collected anonymously or anonymized in such a way that identification is no longer possible.

Depending on how you interact with our Services, we may collect the following types of data:

  • Contact Information such as name, address, phone number, email address, billing and shipping address

  • Payment Information including credit or debit card details, account numbers, payment method, payment confirmations (via providers such as PayPal or Klarna)

  • Account Information such as username, password, preferences, saved favorites

  • Transaction Data such as purchased, returned, or viewed products, order history

  • Communication Data such as the content of your inquiries (email or contact form)

  • Device and Usage Data including IP address, browser type, device type, log data, access times, referrer URLs

  • Marketing Data such as newsletter consents, advertising preferences, or interactions with ads

Sources of Data

We collect personal data from the following sources:

  • Directly from you (e.g., when placing an order, contacting us, or creating an account)

  • Automatically through our website (cookies and similar technologies)

  • From our service providers (e.g., payment or shipping providers)

  • From third parties (e.g., marketing or analytics tools, where legally permitted)

Legal Bases for Processing (Art. 6 GDPR)

  • Contract Performance (e.g., order processing, payments, shipping, returns): Art. 6(1)(b) GDPR

  • Legal Obligations (e.g., tax and commercial record-keeping): Art. 6(1)(c) GDPR

  • Legitimate Interests (e.g., IT security, fraud prevention, analytics, marketing optimization): Art. 6(1)(f) GDPR

  • Consent (e.g., newsletters, tracking, marketing cookies): Art. 6(1)(a) GDPR

You may withdraw your consent at any time with future effect.

How We Use Your Personal Data

We process personal data primarily for the following purposes:

  • Processing orders, payments, shipping, and returns

  • Managing customer accounts

  • Communicating with customers (e.g., support, inquiries)

  • Providing and optimizing our Services

  • Marketing, analytics, and personalized advertising (e.g., Meta or TikTok Ads)

  • Fulfilling legal obligations

  • Ensuring security, fraud prevention, and legal compliance

Cookies and Consents (TTDSG §25, GDPR)

Our website uses cookies and similar technologies for functional purposes (e.g., cart, login), analytics (e.g., visitor counts), convenience, and marketing (e.g., Meta Pixel, TikTok Pixel).
Non-essential cookies are only set with your consent via our cookie banner. You can adjust or withdraw your consent at any time in the cookie settings.

Recipients and Service Providers (Art. 28 GDPR)

We only share personal data when necessary for contract performance, legal compliance, or legitimate interests.

Categories of recipients include:

  • Shop Platform: Shopify (hosting, technical infrastructure)

  • Payment Providers: PayPal, Klarna

  • Shipping Providers: DHL, Hermes (receive contact and delivery details for shipments)

  • Marketing and Advertising Partners: Meta (Facebook/Instagram Ads), TikTok (advertising and analytics)

  • Newsletter Tools: Email newsletter dispatch (based on consent)

  • IT, Cloud, and Support Providers: Technical maintenance, hosting, backups

  • Legal advisors and authorities where required by law

All data processors are bound by contracts pursuant to Art. 28 GDPR.

Relationship with Shopify

Our online store is operated through Shopify International Ltd., Ireland.
Shopify processes personal data partly on our behalf (hosting, payment processing, security features) and partly as an independent controller (e.g., platform optimization, fraud prevention).
For details, see: https://privacy.shopify.com

International Data Transfers

Shopify and some providers (e.g., Meta, TikTok, PayPal, Klarna) process data outside the EEA (including the USA and Canada).
Appropriate safeguards, particularly the EU Commission’s Standard Contractual Clauses (SCCs), are used.
However, a residual risk (e.g., access by authorities) cannot be fully excluded.

Data Retention

We store personal data only as long as necessary for the stated purposes or as required by law:

  • Contract and order data: 6–10 years (tax and commercial obligations)

  • Account data: Until the account is deleted

  • Marketing data: Until withdrawal of consent or after 24 months of inactivity

  • Log and security data: 7–30 days (longer in case of incidents)

Security

We implement appropriate technical and organizational measures (TLS encryption, access controls, backups, monitoring) to protect your data.
However, absolute security cannot be guaranteed.

Children’s Data

Our Services are not intended for minors under 16 years of age.
We do not knowingly process such data. Parents or guardians may request deletion using the contact details below.

Your Rights (Art. 15–22 GDPR)

You have the following rights:

  • Access, rectification, deletion, restriction of processing, and data portability

  • Objection to processing based on legitimate interests, especially direct marketing (Art. 21 GDPR)

  • Withdrawal of consent (Art. 7(3) GDPR)

  • The right not to be subject to solely automated decision-making (Art. 22 GDPR)

To exercise your rights, please contact us at info@haeina.de.
We respond to all inquiries within one month.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection authority.
For Bavaria, the competent authority is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

Changes to This Privacy Policy

We may update this Privacy Policy from time to time due to legal or technical changes.
The “Last Updated” date will be modified accordingly.

Contact

Haeina GbR
80809 Munich
Email: support@haeina.de

For the purposes of applicable data protection laws, we are the data controller responsible for your personal data.