Privacy Policy

1. Data Controller

The data controller responsible for this website is:

[YOUR FULL LEGAL NAME]

[YOUR STREET AND HOUSE NUMBER]

[YOUR POSTAL CODE] [YOUR CITY]

Germany

Email: privacy@contact.simplexim.shop

2. Data We Collect

When you use simplexim, we may collect the following information:

• Name and email address (at registration and checkout)
• Shipping address (at checkout)
• Order history and transaction details
• Session data (for authentication)
• Contact form submissions

3. Legal Basis for Processing

We process your personal data on the following legal bases (Art. 6 GDPR):

• Contract performance (Art. 6(1)(b)) — to process your orders, manage your account, and provide customer support
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and commercial record-keeping obligations
• Legitimate interest (Art. 6(1)(f)) — for fraud prevention, security, and improving our services

4. How We Use Your Data

Your data is used to:

• Process and fulfill your orders
• Send order confirmation and transactional emails
• Manage your account
• Comply with legal obligations

We do not sell your personal data to third parties.

5. Third-Party Processors

We share data with the following processors to operate our service:

• Stripe — payment processing. stripe.com/privacy
• Resend — transactional email. resend.com/legal/privacy-policy
• Printful — order fulfillment. printful.com/policies/privacy

6. Data Transfer to Third Countries

Some of our processors (Stripe, Printful, Resend) are based in the United States. Data transfers to the US are safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) in accordance with Art. 44–49 GDPR. Each processor listed above maintains a Data Processing Agreement (DPA) with us.

7. Your Rights (GDPR)

If you are located in the European Union, you have the following rights under the GDPR:

• Right of access (Art. 15) — obtain a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate data
• Right to erasure (Art. 17) — request deletion of your data
• Right to restrict processing (Art. 18) — limit how we use your data
• Right to data portability (Art. 20) — receive your data in a machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interest

To exercise any of these rights, contact us at privacy@contact.simplexim.shop. You can also delete your account directly from your profile page.

8. Cookies

We use a single session cookie to keep you logged in. We do not use tracking or advertising cookies.

9. Data Retention

• Order data: retained for 10 years to comply with German tax and commercial record-keeping obligations (AO §147, HGB §257)
• Account data: retained until you request account deletion
• Session data: cleared on logout

10. Data Protection Officer

Under Art. 37 GDPR, we are not required to appoint a Data Protection Officer as our core business activity does not involve large-scale systematic monitoring or processing of special categories of data. For privacy enquiries, please contact us directly.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for our business is:

[YOUR STATE DATA PROTECTION AUTHORITY]

12. Contact

Privacy enquiries: privacy@contact.simplexim.shop