Privacy Notice

Privacy Policy

1) Information About the Collection of Personal Data and Controller Details

Thank you for visiting our website. This Privacy Policy explains how Viloa (“we”, “us”, “our”) collects and processes your personal data when you use our website and services.

“Personal data” means any information that can be used to identify you directly or indirectly.

Controller (GDPR):
Viloa
Email: Info@viloa.de
(If you have a business address, insert it here as well for best Shopify Payments approval.)

---

2) Website Hosting (Shopify)

Our store is hosted on Shopify Inc. Shopify provides the e-commerce platform that allows us to sell products and services to you. Your data may be stored through Shopify’s data storage, databases, and general Shopify applications. Shopify stores your data on secure servers behind a firewall.

---

3) Data Collection When You Visit Our Website (Server Log Files)

When you visit our website for informational purposes only, we collect the data your browser transmits to our server (“server log files”), such as:

• Visited page(s)

• Date and time of access

• Amount of data transmitted

• Referrer URL

• Browser type and version

• Operating system

• IP address (in anonymized form where possible)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating, securing, and improving our website).
We do not use this data to identify you. We may review log files if there are indications of unlawful use.

---

4) Cookies and Consent Management

We use cookies and similar technologies to enable core website functions, improve user experience, and (where applicable) support analytics and marketing.

Cookies may include:

• Session cookies (deleted when you close your browser)

• Persistent cookies (stored for a defined period)

You can manage cookie settings in your browser and (where provided) through our cookie consent tool/banner. Please note that blocking cookies may limit website functionality.

Legal bases (depending on cookie type):

• Art. 6(1)(b) GDPR for essential cookies required to provide the service (e.g., cart, checkout)

• Art. 6(1)(f) GDPR for strictly necessary security/performance cookies

• Art. 6(1)(a) GDPR for analytics/marketing cookies (where consent is required)

---

5) Contacting Us

If you contact us (e.g., email or contact form), we process the data you provide (such as name, email, and message content) to respond to your inquiry.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding) or Art. 6(1)(b) GDPR if your request relates to a contract.
We delete inquiries after completion unless legal retention obligations apply.

---

6) Customer Account and Contract Processing

When you place an order, create an account, or provide information for contract performance, we process personal data such as:

• Name, billing/shipping address

• Contact details (email, phone where applicable)

• Order details

• Payment-related data (processed by payment providers)

Legal basis: Art. 6(1)(b) GDPR (contract performance).
You may request deletion of your customer account at any time by contacting us. We retain order-related records in accordance with applicable commercial and tax retention requirements.

---

7) Newsletter and Direct Marketing

7.1 Newsletter Subscription (Double Opt-In)

If you subscribe to our newsletter, we will send you updates and offers. We use a double opt-in procedure. We store subscription confirmation data (e.g., time, IP address where applicable) to document consent.

Legal basis: Art. 6(1)(a) GDPR (consent).
You can unsubscribe at any time via the unsubscribe link in each email or by contacting us.

7.2 Email Marketing to Existing Customers

If you provided your email address when purchasing, we may send you offers for similar products where permitted by law.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in direct marketing), subject to applicable rules.
You may object at any time by contacting us or using the unsubscribe link.

---

8) Processing Data for Order Fulfillment and Shipping

To deliver your order, we share necessary personal data with shipping and logistics providers (e.g., name, address, tracking details where applicable).

Legal basis: Art. 6(1)(b) GDPR (contract performance).

---

9) Payment Providers

We use payment service providers to process payments. Depending on the method selected, payment data is transmitted to the relevant provider.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

PayPal
If you choose PayPal, your payment data may be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. PayPal may conduct credit checks where permitted and necessary for certain payment methods.

Sofort (Klarna)
If you choose Sofort, the payment is processed by Sofort GmbH (Klarna Group). Data is transmitted for payment processing purposes.

(You should ensure your checkout shows only the payment providers you actually offer.)

---

10) Review Reminder Emails

If you have explicitly consented, we may send you a one-time email reminder to leave a review.

Legal basis: Art. 6(1)(a) GDPR (consent).
You may withdraw consent at any time.

---

11) Social Media Links

Our website may contain links to social networks (e.g., Facebook, Instagram). If you click such links, you will be redirected to the relevant platform. The data processing on those platforms is governed by their privacy policies.

---

12) Online Advertising, Remarketing, and Analytics (If Enabled)

Where enabled, we may use tools such as Google services (e.g., conversion tracking/remarketing) and Meta/Facebook technologies (e.g., pixel) to measure performance and show relevant advertising.

Where required by law, these tools are activated only after your consent via our cookie banner.

Legal basis: Art. 6(1)(a) GDPR (consent) for marketing/analytics cookies where required.

---

13) International Data Transfers

Some service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards, such as:

• Adequacy decisions by the European Commission, or

• Standard Contractual Clauses (SCCs), and additional protective measures where necessary.

---

14) Your Rights Under the GDPR

You have the right to:

• Access your personal data (Art. 15 GDPR)

• Rectify inaccurate data (Art. 16 GDPR)

• Erase data where applicable (Art. 17 GDPR)

• Restrict processing (Art. 18 GDPR)

• Data portability (Art. 20 GDPR)

• Object to processing based on legitimate interests (Art. 21 GDPR)

• Withdraw consent at any time (Art. 7(3) GDPR)

Right to object to direct marketing: You may object to processing for direct marketing at any time. We will stop processing your data for that purpose.

Right to lodge a complaint: You may lodge a complaint with a supervisory authority, particularly in your EU country of residence, workplace, or where an alleged infringement occurred (Art. 77 GDPR).

---

15) Data Retention

We retain personal data only for as long as necessary for the purposes described above and in accordance with legal retention obligations (e.g., commercial and tax law). After the applicable retention period ends, data is routinely deleted unless further retention is legally permitted or required.

---

16) Contact

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:
Info@viloa.de