Privacy Policy - Gigi Room Ceramics

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Gigi Room Ceramics
Gizem Sirmali
Kunigundenstrasse 34
80805, Munich, Germany
E-mail: gigiroomceramics@gmail.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When You Visit Our Website

2.1 Server log files

When using our website for information only, we only collect data that your browser transmits to our server (so-called “server log files”). This includes:

  • Visited pages

  • Date and time of access

  • Amount of data sent

  • Referrer URL

  • Browser type and version

  • Operating system

  • IP address (processed in anonymised form where possible)

The processing is carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the technical stability and security of the website.

2.2 SSL/TLS encryption

This website uses SSL or TLS encryption to protect the transmission of personal data. You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

3) Hosting & Content Delivery Network

Squarespace

For the hosting of our website and the display of page content, we use the services of:

Squarespace, Inc.
225 Varick Street, 12th Floor
New York, NY 10014
USA

All data collected on our website is processed on Squarespace servers. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR.

Data may be transferred to the USA. Appropriate safeguards pursuant to Art. 46 GDPR (e.g. standard contractual clauses) are in place.

4) Domain Registration

GoDaddy

Our domain is registered with GoDaddy. GoDaddy processes technical data in connection with domain administration and DNS services.
The processing is based on our legitimate interest in the secure and reliable operation of our website in accordance with Art. 6 (1) point f GDPR.

5) Cookies

We use cookies, which are small text files stored on your end device, to ensure the proper functioning of our website and to enable certain features.

  • Essential cookies are required for the operation of the website and cannot be disabled.

  • Optional cookies (e.g. for marketing emails) are only used with your consent.

The legal basis is:

  • Art. 6 (1) point f GDPR (essential cookies)

  • Art. 6 (1) point a GDPR (consent-based cookies)

You can manage or revoke your consent at any time via the cookie settings.

6) Contacting Us

When you contact us via contact form or email, personal data (such as name, email address and message content) is collected and processed solely for the purpose of responding to your inquiry.

Legal basis:

  • Art. 6 (1) point f GDPR (general inquiries)

  • Art. 6 (1) point b GDPR (contract-related inquiries)

Your data will be deleted after final processing of your request, provided no legal retention obligations apply.

7) Customer Accounts and Order Processing

When you place an order in our online shop or create a customer account, we process personal data such as:

  • Name

  • Billing and shipping address

  • Email address

  • Order details

  • Payment information (processed via payment providers)

Processing is carried out pursuant to Art. 6 (1) point b GDPR for the performance of the contract.

Customer accounts can be deleted at any time upon request. Data will be deleted once contractual and legal retention obligations have been fulfilled.

8) Shipping Service Providers

To deliver your orders, we pass on necessary personal data (name, address) to shipping service providers.

Example:

  • DHL / Deutsche Post AG, Bonn, Germany

Legal basis: Art. 6 (1) point b GDPR.

If you consent, your email address or telephone number may be shared for delivery notifications (Art. 6 (1) point a GDPR). Consent can be withdrawn at any time.

9) Payment Service Providers

Payment processing is carried out by external payment service providers. Depending on the payment method selected, your payment data is transmitted to the respective provider solely for the purpose of payment processing (Art. 6 (1) point b GDPR).

Providers may include:

  • Stripe

  • PayPal

  • Apple Pay / Google Pay (via Stripe)

We do not store payment card details ourselves.

10) Newsletter (Squarespace Email Campaigns)

If you subscribe to our newsletter, we use Squarespace Email Campaigns to send you information about new products, studio updates and events.

  • The only mandatory data is your email address

  • Registration takes place via a double opt-in procedure

Legal basis: Art. 6 (1) point a GDPR (consent)

You can unsubscribe at any time via the unsubscribe link in each email. After unsubscribing, your email address will be deleted from the distribution list unless legal retention obligations apply.

11) Web Analytics – Squarespace Analytics

This website uses Squarespace Analytics, a built-in analytics service provided by:

Squarespace, Inc.
225 Varick Street, 12th Floor
New York, NY 10014
USA

Squarespace Analytics is used to collect statistical information about the use of our website. This helps us understand how visitors interact with our website and improve its functionality, content, and user experience.

Data processed may include:

  • Pages visited

  • Referrer URLs

  • Browser type and device information

  • Operating system

  • Date and time of access

  • IP address (processed in anonymised or truncated form)

Squarespace Analytics does not allow us to personally identify individual users and is used exclusively for aggregated, statistical analysis.

Legal basis

The processing is carried out on the basis of our legitimate interest in analysing and optimising our website pursuant to Art. 6 (1) point f GDPR.

Data transfer to third countries

Data may be transferred to servers located in the United States. Squarespace uses appropriate safeguards in accordance with Art. 46 GDPR (e.g. standard contractual clauses).

12) Rights of the Data Subject

You have the right to:

  • Access your data (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent at any time (Art. 7 (3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

13) Right to Object

If we process your personal data based on our legitimate interest, you have the right to object at any time pursuant to Art. 21 GDPR.

If you object to processing for direct marketing purposes, your data will no longer be processed for such purposes.

14) Duration of Storage

Personal data is stored only as long as necessary for the respective purpose or as required by statutory retention obligations. After expiry, the data is routinely deleted.