This English version of our Privacy Policy is provided for your convenience.
The legally binding version is the German one, which you can find here → Datenschutzerklärung.

The controller within the meaning of the GDPR is:

SERIFA GmbH
Am Hüllfeld 7
83607 Holzkirchen
Germany

Managing Director: Christian Otto
Phone: +49 152 26113726
E-mail: hello@serifa.com

Our online store is operated on the platform Shopify.

Provider:

Shopify International Ltd.
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32, Ireland

Data processing may also be carried out by:

Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada,
and Shopify Commerce Singapore Pte. Ltd., as well as Shopify Data Processing (USA) Inc.

Data transfer to Canada is based on an adequacy decision of the European Commission. Data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46 GDPR).

Further information: https://www.shopify.com/legal/privacy

a) When visiting the store

Automatically collected “Device Information”:

- IP address
- Browser type/version
- Operating system
- Referrer URL
- Date/time of access
- Cookies

Legal basis: Art. 6 (1) lit. f GDPR (operation, security).

b) When placing orders

“Order Information” collected:
- Name, billing and shipping address
- Payment data (encrypted via payment providers)
- E-mail address, phone number
- Order details

Legal basis: Art. 6 (1) lit. b GDPR (contract performance).

We use external payment providers such as PayPal, Klarna, credit cards, Apple Pay, Google Pay.
Data is processed directly by the respective providers.

Examples:

- PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full
- Klarna: https://www.klarna.com/uk/privacy/

Legal basis: Art. 6 (1) lit. b GDPR.

To deliver goods, we share address data with carriers such as DHL, Hermes, etc.
Legal basis: Art. 6 (1) lit. b GDPR.

Shopify uses cookies to enable shopping cart and session functionality.
Additional analytics or marketing tools (e.g. Google Analytics, Facebook Pixel) may be used if you have consented.

Legal basis: Art. 6 (1) lit. a GDPR in conjunction with § 25 TTDSG (consent).
You may revoke your consent at any time.

7.1. Our monthly newsletter is delivered via Substack (Substack, Inc., 548 Market St #43819, San Francisco, CA 94104, USA). Details: https://substack.com/privacy.

7.2. Data processed: e-mail address (required), optional name; signup/confirmation timestamps, interactions (opens/clicks), and technical metadata (e.g., IP, browser) for delivery and analytics.

7.3. Legal basis: Art. 6 (1) lit. a GDPR (consent). You may withdraw consent at any time via the unsubscribe link in each e-mail or by contacting hello@serifa.com.

7.4. International transfers: Processing may occur in Canada and the U.S.; transfers rely on EU Standard Contractual Clauses (Art. 46 GDPR).

7.5. Consent records: Substack logs consent to demonstrate compliance.

We store personal data only as long as necessary or as required by statutory retention obligations.

You have the right to:

- access,
- rectification,
- erasure,
- restriction of processing,
- data portability,
- objection.

To exercise your rights, contact: hello@serifa.com

You may lodge a complaint with a supervisory authority:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany

We implement appropriate technical and organizational measures to protect your data.

Our central contact point pursuant to Art. 11, 12 DSA:

E-mail: hello@serifa.com
Phone: +49 152 26113726
Languages available: German, English