Privacy Policy

As of June 2026 · Template – please have this reviewed by a lawyer before publishing.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Thomas Langer

Adlzreiterstraße 14, 80337 Munich, Germany

Email: muclanger@gmail.com

2. General information and legal basis

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

The processing of your personal data is based on the following legal grounds under the GDPR:

  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(b) GDPR – Contract performance and pre-contractual measures
  • Art. 6(1)(c) GDPR – Legal obligation
  • Art. 6(1)(f) GDPR – Legitimate interests of the controller

3. Hosting (server log files)

This website is hosted on a VPS (Virtual Private Server) provided by Hostinger. The server is located within the EU/EEA. When you visit our website, your browser automatically transmits information that is saved in server log files. This includes:

  • IP address of the requesting device (anonymised)
  • Date and time of the request
  • URL accessed
  • Referrer URL (if applicable)
  • Data volume transferred and HTTP status code
  • Browser type and operating system

These data are not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. Our legitimate interest is the technical operation and security of the website. Where a data processing agreement with Hostinger is required, this has been concluded.

4. Plausible Analytics

We use Plausible Analytics to analyse website traffic. Plausible Analytics is a privacy-friendly analytics tool that sets no cookies and does not collect or process personal data.

Plausible Analytics collects only aggregated statistics (e.g. page views, time on site) without creating individual user profiles. No IP addresses are stored and no browser fingerprinting is performed. Plausible Analytics servers are located exclusively in the EU. As no personal data is processed and no cookies are used, no cookie consent is required for this analysis.

Further information: https://plausible.io/privacy

5. Payment processing via Stripe

We use Stripe for payment processing (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland; for certain services: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA).

When you make a payment, the required data (name, card details or payment method, billing address, order data) are transmitted directly to Stripe and processed there. We ourselves do not store complete payment instrument data.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses (Art. 46(2)(c) GDPR). The legal basis for processing is Art. 6(1)(b) GDPR (contract performance).

Stripe's privacy policy: https://stripe.com/privacy

6. Order processing and data storage

When you place an order, we process the following data to fulfil the contract:

  • Name and delivery address
  • Email address (for order confirmation)
  • Order details (products, quantities, prices)
  • Payment status (technical reference from Stripe)

The legal basis is Art. 6(1)(b) GDPR (contract performance). Tax-relevant data are retained for 10 years in accordance with statutory commercial and tax law retention obligations (§ 147 AO, § 257 HGB).

7. Contact form

If you send us a message via the contact form, your details (name, email address, message) will be stored for the purpose of processing the enquiry and in case of follow-up questions.

We do not pass on this data without your consent. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in communication) or Art. 6(1)(b) GDPR where your enquiry is aimed at concluding a contract.

The data you submit will remain with us until you request deletion, revoke your consent or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions remain unaffected.

8. Your rights as a data subject

You have the following rights regarding personal data concerning you:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. For Bavaria (Munich) this is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 27, 91522 Ansbach, Germany

www.lda.bayern.de

9. SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.