Privacy policy

Privacy Policy

Last updated: April 14, 2026

1. Controller

The controller responsible for data processing on this website is:

Petrya
Bahnhofstr. 23
31234 Edemissen
Germany
Email: info@petrya.de

2. General Information on Data Processing

We process personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act (TDDDG).

Personal data means any information relating to an identified or identifiable natural person.

3.1 Hosting and Shop System (Shopify)

Our online shop is operated via Shopify (Shopify Inc., 151 O’Connor Street, Ottawa, Ontario, Canada).

Shopify provides the technical infrastructure for operating the online shop and processes personal data on our behalf (data processing agreement pursuant to Art. 28 GDPR).

Processing may also take place in third countries (in particular Canada and the USA). Appropriate safeguards pursuant to Art. 44 et seq. GDPR are used, in particular:

  • EU Standard Contractual Clauses
  • Adequacy decisions (e.g. Canada, where applicable)
  • EU-U.S. Data Privacy Framework (where applicable)

Further information: https://privacy.shopify.com

3.2 Server Log Files (Automatic Collection)

As part of operating the platform, Shopify automatically collects server log files (e.g. IP address, time of access, accessed pages, and technical information) in order to ensure the security and stability of the platform.

4. Data Collected

We process personal data particularly in the following categories:

  • Master data (name, address, email address, telephone number)
  • Order data (products, order history, shopping cart contents)
  • Payment data (payment method, transaction information; no full credit card data)
  • Account data (user account / login information)
  • Communication data (support requests, emails)
  • Technical data (IP address, browser type, device data, access times, usage behavior)
  • Shopify system data (e.g. session and security data)

5. Purposes of Processing

Data processing is carried out for the following purposes:

  • Processing orders and contracts
  • Provision and operation of the online shop
  • Customer communication and support
  • IT security and abuse prevention

6. Legal Bases for Processing

Personal data is processed on the basis of:

  • Art. 6(1)(b) GDPR – performance of a contract
  • Art. 6(1)(c) GDPR – legal obligation
  • Art. 6(1)(f) GDPR – legitimate interest (e.g. security, technical stability)

7. Cookies and Consent Management

As part of using the Shopify platform, cookies may be set for technical reasons, which may be required for functionality, security, statistics, and possibly marketing.

Insofar as non-essential cookies are used, this takes place exclusively after the user's consent via the consent tool used (cookie banner), which also provides detailed information about the individual cookies.

We do not independently use any additional analytics or marketing tools.

8. Analytics and Marketing Services

No proprietary analytics or marketing services are used. However, statistical processing may take place within the scope of the Shopify platform.

9. Disclosure of Data

Personal data is only disclosed where necessary, in particular to:

  • Payment service providers
  • Shipping service providers
  • Shopify (hosting & platform)
  • IT and support service providers

No further disclosure takes place.

10. Data Transfers to Third Countries

Personal data may be transferred to countries outside the EU/EEA (e.g. Canada, USA through Shopify or other services).

This only takes place under the conditions of Art. 44 et seq. GDPR, in particular through:

  • EU Standard Contractual Clauses
  • Adequacy decisions (e.g. Canada, where applicable)
  • Where applicable, the EU-U.S. Data Privacy Framework

It cannot be ruled out that U.S. authorities may access data.

11. Storage Duration

We only store personal data for as long as necessary for the respective purposes:

  • Contract and order data: according to statutory retention periods (generally 6–10 years under the German Commercial Code and Fiscal Code)
  • Customer account data: until deletion by the user
  • Communication data: until completion of processing

12. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Withdrawal of consent given (Art. 7(3) GDPR)

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority.

The competent authority is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hanover

14. Data Security

We implement technical and organizational security measures to protect your data against loss, manipulation, and unauthorized access.

15. Changes to This Privacy Policy

We reserve the right to amend this privacy policy where necessary in order to adapt it to legal or technical developments.