Privacy Policy

Sofio's Candle Stand: May 2026

Data Processing Officer ​ ​ ​ ​ ​ ​Andreas-Maximilian Sachse

​ ​ ​ ​ ​ ​ ​ ​ ​ ​Rheinstraße 32

​ ​ ​ ​ ​ ​ ​ ​ ​ 64283 Darmstadt

Phone: ​ ​ ​ ​ ​ ​ ​ ​ +49 176 346 90 90 6

E-Mail:  ​ ​ ​ ​ ​ ​ ​ ​ ​andreassachse1988@gmail.com

1. General Information

The protection of your personal data is our highest priority. We process your data exclusively in accordance with the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

2. Purposes and Legal Bases of Processing

We process your personal data:

• for the fulfillment of contracts (Art. 6 para. 1 lit. b GDPR) – e.g. order processing, delivery, payment processing
• based on legitimate interest (Art. 6 para. 1 lit. f GDPR) – e.g. fraud detection, improvement of our services, advertising for our own similar products
• based on your consent (Art. 6 para. 1 lit. a GDPR) – e.g., for newsletters or non-essential cookies

3. What data we collect

• Order details: Name, delivery address, email address, phone number (optional), payment information
• Technical data: IP address, browser type, access times (server log files)
• Payment data: Processed directly through Stripe (we do not store full credit card details)

4. Recipient of your data

• Stripe (Payment Processing) – USA
• Odoo (Shop System / Hosting)
• Shipping service providers (e.g., DHL)
• Financial Accounting (Tax Consultant)

5. Data transfer to third countries (USA)

Stripe is a US service provider. The transmission is based on EU Standard Contractual Clauses (SCC) and Stripe's Data Processing Agreement.

6. Storage duration

• Contract data: Until processing + statutory retention periods (e.g., 6–10 years for accounting documents)
• Server log files: Maximum 7–14 days

7. Your Rights

You have the right at any time to:

• Information, Correction, Deletion, Restriction of Processing
• Objection to processing
• Revocation of a given consent
• Data portability
• Complaint to a supervisory authority (e.g., Hessian Commissioner for Data Protection and Freedom of Information)

8. Cookies and Tracking

We use cookies to ensure the basic functionality of our website.

• Essential Cookies These are technically necessary for the operation of the online shop. Legal basis: legitimate interest (Art. 6 para. 1 lit. f GDPR).
• Comfort and analysis cookies These cookies are set exclusively with your explicit consent. They help us improve the user experience. Legal basis: Consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time via the "Cookie Settings" link in the footer.

9. Payment Provider Stripe

The payment processing is done through Stripe. You can find Stripe's privacy policy here:https://stripe.com/de/privacy. We have concluded a Stripe Data Processing Agreement (DPA).

10. No newsletter / marketing

We are currently not sending out a newsletter. If this changes in the future, we will obtain your consent beforehand.

11. Contact

If you have questions about data protection, please feel free to contact us at the email address mentioned above.

12. Change to this Privacy Policy

We reserve the right to adjust this privacy policy as needed. The current version can always be found on our website.