Privacy policy

Last updated: September 15, 2025

 

 

 

1) Controller

 


Hendrik Wolkewitz / Sole Proprietorship

Döblinger Hauptstraße 32/10

1190 Vienna, Austria

Email: datenschutz@wolkewitz.at

Web: www.wolkewitz.atAttachment.tiff


Supervisory authority:

Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, www.dsb.gv.atAttachment.tiff


Hendrik Wolkewitz operates this shop and website, including all related information, content, features, tools, products, and services, to provide you as a customer with a personalized shopping experience (the “Services”).

The site is based on Shopify, which enables us to provide these Services.


This Privacy Policy describes how we collect, use, and share personal data when you visit or use the website, make a purchase or other transaction through the Services, or otherwise communicate with us. If there is a conflict between our Terms and Conditions and this Privacy Policy, this Privacy Policy prevails in relation to the collection, processing, and sharing of your personal data.


Please read this Privacy Policy carefully. By accessing or using any of the Services, you confirm that you have read and agree to the collection, use, and disclosure of your data as described herein.

 

 

 

Which personal data do we collect or process?

 


“Personal data” means information that identifies you or can be directly linked to you. It does not include anonymized or de-identified data that cannot be associated with you.

Depending on how you interact with our Services, where you live, and what applicable law permits or requires, we may collect or process the following categories of personal data, including inferences derived from them:

 

  • Contact data: name, postal address, billing address, shipping address, phone number, and email address

  • Financial data: credit/debit card numbers, financial account numbers, payment information, transaction details, payment confirmation, and other payment details

  • Account data: username, password, security questions, configurations, and settings

  • Transaction data: items viewed, added to cart, wishlisted, purchased, returned, exchanged, or canceled, as well as previous transactions

  • Communication data: information you provide when contacting us, e.g., customer support requests

  • Device data: information about your device, browser, or network connection, IP address, and other unique identifiers

  • Usage data: information about how and when you interact with or browse the Services

 

2) Purpose and legal basis of processing

Purpose

Data categories

Legal basis

Contract & Delivery (orders, payments, shipping, customer account)

Basic, contact, delivery, and payment data

Art. 6(1)(b) GDPR

Customer Service & Communication

Contact, content, support, and device data

Art. 6(1)(b) and (f) GDPR

Legal obligations & Accounting

Billing and transaction data

Art. 6(1)(c) GDPR

Security & Fraud prevention

IP address, log files, usage data

Art. 6(1)(f) GDPR

Newsletter & Marketing automations (Omnisend)

Email, name, purchase behavior, interaction, and device data

Consent (Art. 6(1)(a) GDPR / §165(3) TKG 2003); for existing customers Art. 6(1)(f) GDPR in conjunction with §174(4) TKG 2003

Analytics & Segmentation (Customer Analytics, GA4, Shopify Audiences)

Usage, purchase, and interaction data, pseudonymous IDs

Consent (Art. 6(1)(a) GDPR)

Personalized Advertising (Meta Pixel, Google Ads)

Cookie, device, IP, and browser data

Consent (Art. 6(1)(a) GDPR in conjunction with §165(3) TKG 2003)

 

 

3) Cookies & Analytics

 


We use cookies and similar technologies to:

 

  • ensure the functionality of our shop (necessary),

  • analyze visitor behavior,

  • display personalized content and offers.

 


You can manage these tools via the cookie banner.

You may withdraw consent anytime via those settings or by clearing your browser data.


Legal basis: Art. 6(1)(a) GDPR in conjunction with §165(3) TKG 2003.


Services used (examples):

 

  • Google Analytics 4 – web analytics, IP anonymization enabled

  • Meta Pixel (Meta Platforms Ireland Ltd.) – conversion tracking & advertising

  • Shopify Audiences – segment-based campaign analysis

  • Omnisend – email analytics and automation

 


Data may be transferred outside the EU. Safeguards include Standard Contractual Clauses (Art. 46 GDPR) and/or the EU–US Data Privacy Framework.

 

 

 

4) Newsletter / Marketing Automations (Omnisend)

 


For email campaigns, newsletters, product recommendations, and abandoned-cart reminders, we use Omnisend UAB, Verkių g. 25C-1, Vilnius, Lithuania.


Omnisend processes data such as:

 

  • email address, name, order behavior, opens, clicks, interests,

  • technical information (IP address, device type, time of access).

 


These data are used for personalized communication and measuring campaign effectiveness.


You can withdraw your consent anytime via the unsubscribe link in any email or by emailing datenschutz@wolkewitz.at.


Omnisend may use sub-processors (including outside the EU, e.g., the USA).

Data protection is ensured via Standard Contractual Clauses (SCCs).

 

 

 

5) Hosting / Payment / Shipping

 


Hosting / Shop platform:

Shopify International Ltd., 2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Processing includes website operation, shopping cart, order, and checkout functions.

Shopify may transfer data to Canada/USA — protected via DPF/SCCs.

More info: www.shopify.com/legal/privacyAttachment.tiff


Payment:

Shopify Payments (Stripe Payments Europe Ltd., Ireland) / PayPal (Europe S.à r.l., Luxembourg).

Payment data are transmitted directly to these services for processing.


Shipping:

Delivery data are shared with our shipping partners (e.g., Österreichische Post AG, DHL Parcel AT, DPD).

 

 

 

6) Data retention

Data type

Retention period

Contract and billing data

7 years (§132 BAO)

Support requests

up to 12 months after resolution

Marketing data (newsletter/tracking)

until withdrawal + 3-year proof period

Server logs

30 days

Cookies: 

Type

Purpose

Typical retention

Necessary cookies (Shopify)

session control, cart, checkout, fraud prevention

1 day – 2 years

Preference cookies

save language or region

6–12 months

Analytics cookies (GA4)

visit statistics, user behavior

up to 14 months

Marketing cookies (Meta Pixel / Google Ads)

remarketing, conversion tracking

6 months – 2 years

Omnisend cookies / tracking pixels

open & click statistics, campaign attribution

up to 1 year

Consent cookie

stores your cookie preferences

12 months

 

 

7) Your rights

 


You have the right to access, rectification, erasure, restriction, data portability, objection (Art. 21 GDPR), and to withdraw consent at any time.

To exercise these rights, simply email datenschutz@wolkewitz.at.

Complaints can be lodged with the Austrian Data Protection Authority (see above).

 

 

 

8) Data security

 


Your data are transmitted via TLS/SSL encryption.

We take technical and organizational measures to prevent loss, misuse, and unauthorized access.

 

 

 

9) Minors

 


Our website and products are intended exclusively for adults.

We do not knowingly collect or process personal data from persons under 18 years of age.


If we become aware that data of a minor were collected without parental consent, we will delete them immediately.

Parents or legal guardians may contact datenschutz@wolkewitz.at at any time to request deletion or correction.

 

 

 

10) Changes

 


We update this Privacy Policy whenever our processes or applicable laws change.

The current version is always available at www.wolkewitz.at/datenschutzAttachment.tiff.

 

 

 

Contact

 


If you have questions about our data protection practices or this Privacy Policy, or wish to exercise your rights, please contact us at datenschutz@wolkewitz.at.

Under applicable data protection laws, we are the data controller for your personal data.