Privacy policy

Last updated: 13 February 2026

1. Controller

This website and online store are operated by:

EQ Colors UG (haftungsbeschränkt)
Albert-Einstein-Straße 1
95028 Hof
Germany
Email: info@eqcolors.com

For the purposes of the General Data Protection Regulation (GDPR), we are the data controller of your personal data.

A Data Protection Officer has not been appointed, as there is no legal requirement to do so.

2. Hosting via Shopify

Our online store is hosted by:

Shopify Inc.
151 O’Connor Street
Ottawa, ON K2P 2L8
Canada

Shopify provides the e-commerce platform that allows us to offer our products and services. Shopify processes personal data on our behalf pursuant to Article 28 GDPR (data processing agreement).

In certain cases, Shopify may process data as an independent controller (e.g. for platform security or fraud prevention).

For more information, please see:
https://privacy.shopify.com

3. Categories of Personal Data

We may process the following categories of personal data:

  • Identity data (name)
  • Contact data (address, email address, phone number)
  • Order data (products purchased, order history)
  • Payment data (payment method, transaction details)
  • Communication data (customer inquiries)
  • Usage data (IP address, browser type, access time)

4. Purposes and Legal Bases for Processing

a) Performance of a Contract (Art. 6(1)(b) GDPR)

We process personal data to:

  • process orders
  • manage payments
  • arrange shipping
  • handle returns
  • provide customer support

Without this data, we cannot fulfill your order.

b) Legal Obligation (Art. 6(1)(c) GDPR)

We process and retain certain data to comply with statutory obligations under German commercial and tax law (e.g. accounting and record-keeping obligations).

c) Legitimate Interests (Art. 6(1)(f) GDPR)

We process data where necessary for:

  • ensuring IT security
  • preventing fraud and abuse
  • maintaining and improving our online store

Our legitimate interest lies in operating a secure and economically viable online shop.

d) Consent (Art. 6(1)(a) GDPR)

Where you consent to the use of non-essential cookies (e.g. analytics or marketing cookies), processing is based on your consent.

You may withdraw your consent at any time via the cookie settings tool.

5. Cookies and Similar Technologies

Our website uses cookies and similar technologies.

Strictly necessary cookies are stored based on Section 25(2) of the Telecommunications-Telemedia Data Protection Act (TTDSG).

Analytics and marketing cookies are only used with your explicit consent pursuant to Section 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR.

You can manage or withdraw your consent at any time via the cookie banner settings.

6. Payment Providers

For payment processing, we share payment data with the selected payment provider. Processing is based on Art. 6(1)(b) GDPR (contract performance).

Depending on your chosen method, this may include:

  • Shopify Payments
  • PayPal
  • Credit card providers

The respective provider’s privacy policy applies in addition.

7. Shipping Providers

To deliver your order, we share your shipping address with the selected shipping company.

Legal basis: Art. 6(1)(b) GDPR.

8. Data Retention

We retain personal data only as long as necessary for the respective purpose.

Statutory retention periods under German law include:

  • Accounting records and invoices: 10 years
  • Commercial correspondence: 6 years

After expiration of these periods, data will be deleted unless further retention is legally required.

Marketing-related data is stored until consent is withdrawn.

9. International Data Transfers

Shopify may process data outside the European Union.

Where data is transferred to third countries, appropriate safeguards are used, including:

  • EU Standard Contractual Clauses
  • Adequacy decisions of the European Commission

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time

To exercise your rights, please contact:
info@eqcolors.com

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority in Bavaria, Germany, is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

12. Data Security

We implement appropriate technical and organizational measures to protect your data against loss, misuse, or unauthorized access.

However, complete security of data transmission over the internet cannot be guaranteed.

13. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy if legal, regulatory, or technical changes require it.

The current version is available on our website.