Privacy Policy
Privacy Policy | stooshop
Introduction & Controller Information
1.1
We are delighted that you are visiting our website and thank you for your interest. This policy explains how we handle your personal data when you use our website. Personal data is any information that can be used to personally identify you.
1.2
The controller for data processing on this website under the General Data Protection Regulation (GDPR) is:
stooshop
Email: support@permacalm.com
Website: https://stooshop.com/
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 Server Log Files
When you visit our website for informational purposes only, we collect only the data your browser automatically sends to the page server. This includes:
-
Date and time of access
-
Amount of data sent (bytes)
-
Source/reference (referrer)
-
Browser and operating system used
-
IP address (anonymized where applicable)
Processing is carried out according to Art. 6 (1) lit. f GDPR based on our legitimate interest in improving website stability and functionality.
2.2 Encryption
For security, this site uses SSL/TLS encryption. You can recognize an encrypted connection by https:// and the lock icon in your browser.
3) Hosting & Infrastructure
We use high-performance providers to ensure our website is secure and fast:
-
Shopify: Operated by Shopify International Limited (Ireland). Data may be transferred to Shopify Inc. (Canada), protected by an adequacy decision of the European Commission.
-
Amazon Web Services (AWS): Used for hosting and content delivery. For data transfers to the USA, AWS complies with the EU-US Data Privacy Framework (DPF).
4) Cookies & Consent Management
We use cookies (small text files stored on your device) to enhance your experience:
-
Necessary Cookies: Processed under Art. 6 (1) lit. b GDPR for contract performance.
-
Analytical/Marketing Cookies: Only processed with your explicit consent (Art. 6 (1) lit. a GDPR). Consent can be managed or revoked via our Cookie Consent Tool.
5) Contact & Customer Account
Contacting Us
Data collected via email or contact forms is used solely to process your request (Art. 6 (1) lit. f/b GDPR).
Customer Account
If you open an account (Art. 6 (1) lit. b GDPR), your data is stored for future orders. Accounts can be deleted at any time.
WhatsApp Business
If you use our WhatsApp service, we process your number and name to respond to inquiries.
6) Marketing & Newsletters
-
Klaviyo: Used for email marketing. Your data is shared with Klaviyo (USA) under the EU-US DPF framework.
-
Judge.me: With your consent, we may send review reminders.
7) Payment & Shipping Providers
To fulfill orders (Art. 6 (1) lit. b GDPR), necessary data is shared with:
Shipping
-
DHL (Email/Phone shared only with express consent for delivery coordination).
Payment
-
Apple Pay
-
Google Pay
-
PayPal
-
Klarna
-
Shopify Payments
Data is transferred strictly for payment processing.
8) Web Analytics & Retargeting
We use the following tools based on your explicit consent (Art. 6 (1) lit. a GDPR):
-
Google Analytics 4 & Tag Manager: Behavior analysis
-
Hotjar & PostHog: Heatmaps and feature testing
-
Meta Pixel: Conversion tracking and targeted Instagram/Facebook ads
9) Your Rights as a Data Subject
Under GDPR, you have the following rights:
-
Right to Access (Art. 15): Know what data we hold
-
Right to Rectification (Art. 16): Correct inaccurate data
-
Right to Erasure (Art. 17): Request data deletion
-
Right to Withdraw Consent (Art. 7): Revoke consent at any time
-
Right to Object (Art. 21): Object to data processing based on legitimate interests or for direct marketing
10) Data Retention
Personal data is stored only as long as required by law (e.g., commercial and tax retention periods) or until consent is revoked. Data processed based on legitimate interest is retained until you object, unless there are compelling grounds for continued processing.