Privacy Policy

Holder's Handmade Heaven
Owner: Janine Holder
Rotdornweg 1
37077 Göttingen
Email: janine@holders-handmade-heaven.com

As of November 9, 2025

We appreciate your interest in our online shop. Protecting your personal data is important to us. Below, we inform you about the type, scope, and purpose of the collection, processing, and use of personal data, as well as your related rights.

1. Responsible person

The entity responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Holder's Handmade Heaven
Owner: Janine Holder
Rotdornweg 1
37077 Göttingen
Email: janine@holders-handmade-heaven.com

2. General information on data processing

Personal data is any information relating to an identified or identifiable natural person (e.g., name, address, email address, IP address). We process your data only to the extent necessary for the provision of our contractual services, for compliance with legal obligations, or based on your consent (see Art. 6 GDPR).

3. Access data, hosting and platform operator

When you visit our website, access data (e.g., IP address, page accessed, browser type, date/time) is stored in server log files. This data is used for the operation, security, and optimization of our website, as well as for defending against attacks. The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest).

Our online shop is operated via the Shopify Inc. platform (151 O'Connor Street, Ottawa, ON K2P 2L8, Canada). Shopify provides the technical infrastructure; Shopify processes personal data on our behalf. The legal basis for using Shopify is Article 6(1)(b) and (f) GDPR.

When using Shopify, data may be transferred to third countries (e.g., Canada, USA, United Kingdom). For data transfers to countries without an adequacy decision, we use appropriate safeguards (e.g., standard contractual clauses or the EU-US Data Privacy Framework), where necessary.

4. Data processing for contract fulfillment

To fulfill our contractual obligations, we process the data necessary for processing your order (e.g., name, delivery and billing address, email address, telephone number, payment information). This processing is based on Article 6(1)(b) GDPR.

  • Mandatory fields in the ordering process are marked as such.
  • After complete fulfillment of the contract, data will be stored within the framework of the tax and commercial law retention periods (e.g. § 257 HGB, § 147 AO) and subsequently deleted, unless there are legal obligations to the contrary.

5. Shipping, customs and DDP handling

For delivery purposes, we forward your order data (name, delivery address, telephone number, and, if applicable, email address) to the shipping service providers we have commissioned (e.g., DHL Paket GmbH, Hermes Germany GmbH, DPD Deutschland GmbH). The legal basis for this is Article 6(1)(b) GDPR.

For deliveries to countries outside the EU (e.g., Switzerland, United Kingdom), we transmit the data required for customs clearance (e.g., product description, value) to the relevant authorities and service providers. If you select the Delivered Duty Paid (DDP) option, we collect and transmit the necessary information to the shipping provider or customs clearance office so that the package can be cleared through customs and delivered to the recipient without additional charges.

6. Payment processing

We work with payment service providers (e.g., Shopify Payments, PayPal, Klarna) to process payments. Depending on the payment method chosen, the necessary information will be transmitted to the respective payment service provider. The legal basis for this is Article 6(1)(b) GDPR.

Please note the privacy policies of the respective payment service providers.

7. Cookies and other technologies

We use cookies and similar technologies to enable the operation of the shop (e.g., shopping cart, login), to improve user-friendliness, and to evaluate the use of the services offered. Technically necessary cookies are based on Article 6(1)(f) GDPR (legitimate interest). For cookies that are not strictly necessary, we obtain your consent (Article 6(1)(a) GDPR).

You can withdraw your consent at any time via the cookie banner or your browser settings. Please note that if you disable certain cookies, some parts of the website may no longer be fully functional.

Analytics and advertising tools used

  • Google Analytics – web analytics to improve our services. We use privacy-compliant settings (e.g., IP masking) where available. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR) for tracking cookies.
  • Meta Pixel (Facebook/Instagram) – Conversion measurement, audience targeting, and optimization of advertising campaigns. Data is transmitted to Meta Platforms Ireland Ltd. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR).
  • TikTok Pixel – Measurement and optimization of advertising campaigns via TikTok/ByteDance. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR).

For the services Google, Meta and TikTok, data may be transferred to third countries; we base such transfers on appropriate safeguards (e.g. standard contractual clauses, EU-US Data Privacy Framework or other permissible mechanisms).

8. Social Media, Integrations and Plugins

We maintain a presence on social networks (e.g., Instagram and TikTok). When visiting our social media profiles, the data protection regulations of the respective provider (e.g., Meta Platforms Ireland Ltd.) also apply.

Social media buttons on the website are integrated as simple links. Simply clicking these buttons redirects the user to our respective social media page. No data is automatically transferred to the providers.

If you are already logged in to the respective provider, the provider can associate your visit to our website with your user account after you click the button. Please refer to the privacy policies of the respective platform operators for details.

9th Newsletter

When you subscribe to our newsletter, we use your email address to regularly send you information about products, promotions, and news. This processing is based on your consent (Art. 6 para. 1 lit. a GDPR).

Registration uses a double opt-in process. Email delivery will only be activated after your confirmation via email. We use [provider name] for sending emails. Shopify Email (Shopify Inc., Canada). You can withdraw your consent at any time via the unsubscribe link at the end of a newsletter or by email to holders.handmade.heaven@gmail.com. After withdrawal, your data will be deleted for newsletter distribution, unless statutory retention periods apply.

10. Disclosure to third parties and processors

To fulfill the contract, we pass on personal data to service providers that we need for order, payment and shipping processing (data processors) or to entities that are independent controllers.

Typical recipients include:

  • Shopify Inc. (platform/hosting)
  • Shipping providers: DHL Paket GmbH, Hermes Germany GmbH, DPD Deutschland GmbH
  • Customs clearance officers for exports
  • Payment providers: PayPal, Klarna, Shopify Payments
  • Advertising and analytics providers: Google LLC, Meta Platforms Ireland Ltd., ByteDance/TikTok
  • Technical service provider for email delivery: Shopify Email

If we use processors, we conclude data processing agreements with them in accordance with Article 28 GDPR.

11. Data transfers to third countries

Data may be transferred to countries outside the EU/EEA (e.g., Canada, USA, UK) if necessary. Such transfers only occur if an adequate level of data protection exists (adequacy decision), suitable safeguards are in place (e.g., standard contractual clauses, EU-US Data Privacy Framework), or a legally permissible exception applies.

12. Your rights as a data subject

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • Right to withdraw consent (Art. 7 para. 3 GDPR) — without affecting the lawfulness of processing up to the point of withdrawal.

To assert your rights or if you have any questions about data protection, please contact:

Holder's Handmade Heaven
Email: holders.handmade.heaven@gmail.com

If you believe that the processing of your personal data is not lawful, you have the right to lodge a complaint with a supervisory authority (usually the supervisory authority of your country of residence or our location in Lower Saxony).

13. Storage duration

We only store personal data for as long as necessary to fulfill contractual or legal obligations. For example, data relevant under tax and commercial law is retained for up to 10 years (German Commercial Code) or 10 years (German Fiscal Code), where legally required.

14. Safety measures

We take technical and organizational measures to protect your data from loss, destruction, unauthorized access, or unauthorized disclosure. These include, among other things, encrypted transmission (TLS/SSL), access restrictions, and data backups.

15. Changes to this Privacy Policy

We reserve the right to update this privacy policy in the event of changes to our data processing practices or legal requirements. The current version is available on our website. The date above (last updated) indicates the date of the most recent revision.

16. Contact

If you have any questions about the processing of your personal data or about exercising your rights, please contact:

Holder's Handmade Heaven
Owner: Janine Holder
Rotdornweg 1
37077 Göttingen
Email: janine@holders-handmade-heaven.com