Privacy Policy
Privacy Policy | Soyshopy®
Introduction & Controller Information
1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Soyshopy
Email: support@permacalm.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 Server Log Files
If you use our website for informational purposes only, we only collect data that your browser transmits to the page server. This includes:
- Date and time of access
- Amount of data sent (bytes)
- Source/reference (referrer)
- Browser and operating system used
- IP address (in anonymized form where applicable)
Processing is carried out according to Art. 6 (1) lit. f GDPR based on our legitimate interest in improving website stability and functionality.
2.2 Encryption
For security reasons, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" string and the lock symbol in your browser.
3) Hosting & Infrastructure
We utilize high-performance providers to ensure our site is secure and fast:
- Shopify: Operated by Shopify International Limited (Ireland). Data may be transferred to Shopify Inc. (Canada), protected by an adequacy decision of the European Commission.
- Amazon Web Services (AWS): Used for hosting and content display. For data transfers to the USA, AWS complies with the EU-US Data Privacy Framework (DPF).
4) Cookies & Consent Management
To enhance your experience, we use cookies (small text files stored on your device).
- Necessary Cookies: Processed under Art. 6 (1) lit. b GDPR for contract performance.
- Analytical/Marketing Cookies: Only processed with your explicit consent pursuant to Art. 6 (1) lit. a GDPR. You can manage or revoke your consent at any time via our Cookie Consent Tool.
5) Contact & Customer Account
Contacting Us:
When you contact us via email or contact form, your data is stored solely for processing your request (Art. 6 (1) lit. f/b GDPR).
Customer Account:
If you open a customer account (Art. 6 (1) lit. b GDPR), we store your data for future orders. You can delete your account at any time.
WhatsApp Business:
If you use our WhatsApp service, we process your number and name to respond to your inquiries.
6) Marketing & Newsletters
- Klaviyo: We use Klaviyo for email marketing. If you subscribe, your data is shared with Klaviyo (USA) under the EU-US DPF framework.
- Judge.me: With your consent, we may send you review reminders via Judge.me.
7) Payment & Shipping Providers
To fulfill your orders (Art. 6 (1) lit. b GDPR), we share necessary data with:
- Shipping: DHL (Email/Phone shared only with express consent for delivery coordination).
- Payment: Apple Pay, Google Pay, PayPal, Klarna, and Shopify Payments. Data is transferred strictly for payment processing.
8) Web Analytics & Retargeting
We use the following tools based on your explicit consent (Art. 6 (1) lit. a GDPR):
- Google Analytics 4 & Tag Manager: For behavior analysis
- Hotjar & PostHog: For heatmaps and feature testing
- Meta Pixel: For conversion tracking and targeted Instagram/Facebook ads
9) Your Rights as a Data Subject
Under the GDPR, you have the following rights:
- Right to Access (Art. 15): Know what data we hold
- Right to Rectification (Art. 16): Correct inaccurate data
- Right to Erasure (Art. 17): Request data deletion
- Right to Withdraw Consent (Art. 7): Revoke consent at any time
- Right to Object (Art. 21): YOU HAVE THE RIGHT TO OBJECT TO DATA PROCESSING BASED ON LEGITIMATE INTERESTS OR FOR DIRECT MARKETING AT ANY TIME.
10) Data Retention
We store personal data for as long as required by the respective legal basis (e.g., commercial and tax retention periods) or until you revoke your consent. If processing is based on legitimate interest, data is kept until you object, unless we demonstrate compelling grounds for further processing.