1. Controller
Chang Deng
Rabengasse 2-10/61/23
1030 Wien
Austria
[email protected]
2. What data we collect and why
| Data | Purpose | Legal basis (Art 6 GDPR) |
|------|---------|--------------------------|
| Account & order data (name, address, items, UID) | Contract fulfilment & delivery | 1 (b) |
| Payment data (tokenised) via **PayPal** & **Stripe** | Secure payment processing | 1 (b), 1 (f) |
| Newsletter e‑mail address | Marketing with consent | 1 (a) |
| Server logs (IP, date/time) | IT security | 1 (f) |
| Cookies / analytics | Shop functionality & statistics | Consent banner 1 (a) |
3. Recipients
- **Big Cartel Inc.** (shop hosting – USA)
- **PayPal (Europe) S.à r.l. et Cie** – Luxembourg
- **Stripe Payments Europe Ltd.** – Ireland
- **Mailchimp (The Rocket Science Group LLC)** – USA *(newsletter)* :contentReference[oaicite:1]{index=1}
All providers work on the basis of EU Standard Contractual Clauses or an adequacy decision.
4. Newsletter
If you subscribe, we store your e‑mail until you opt out. Every newsletter contains an unsubscribe link.
5. International transfers
Mailchimp and Big Cartel servers are in the USA. Data is protected by Standard Contractual Clauses (Art 46 GDPR).
6. Retention
Contract data = 7 yrs (tax law). Newsletter data = until withdrawal. Server logs = 30 days.
7. Your rights
Access, rectification, erasure, restriction, portability, objection, complaint (DSB Österreich).
8. Contact for privacy issues
E‑mail: [email protected] – Attn. Data Protection Officer
Last updated: [01 Jul 2025]
