Skip to content
Close (esc)

Newsletter

The best way to keep in touch and to be informed of our sales and good deals.

Privacy policy

Privacy Policy

Effective Date: 18.06.2026

Woolfie Yarn (“we”, “us”, “our”) operates the website woolfieyarn.com and is responsible for the processing of personal data in accordance with the EU General Data Protection Regulation (GDPR).


1. Data Controller

Woolfie Yarn
Owner: Anton Diundik
Metzinger Str. 23
72622 Nürtingen
Germany
Email: woolfie.yarn@gmail.com
Phone: +49 151 189 71 911


2. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional website, process orders, and improve our services.

Personal data includes, for example:

  • name
  • address
  • email address
  • telephone number
  • payment data (processed by providers)
  • order information
  • IP address and usage data

3. Purpose and Legal Basis of Processing

We process personal data based on the following legal grounds under GDPR:

  • Contract fulfillment (Art. 6(1)(b) GDPR): order processing, delivery, customer service
  • Legal obligation (Art. 6(1)(c) GDPR): tax and accounting requirements
  • Consent (Art. 6(1)(a) GDPR): newsletter and marketing communication
  • Legitimate interest (Art. 6(1)(f) GDPR): website security, analytics, and improvement

4. Hosting and Shopify

Our online store is hosted by Shopify International Ltd.

Shopify processes personal data on our behalf, including:

  • order processing
  • customer account management
  • website hosting
  • analytics and security functions

Data may be transferred to Canada and the United States. Shopify relies on Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards.

Shopify Privacy Policy: https://www.shopify.com/legal/privacy


5. Payment Providers

We use the following payment service providers:

  • Shopify Payments (Stripe infrastructure)
  • PayPal
  • Klarna
  • bank transfer (optional)

Payment data is processed directly by these providers. We do not store full payment card details.

These providers may process data independently as data controllers.


6. Shipping and Logistics

For order fulfillment, we share necessary data with:

  • DHL
  • DPD
  • Deutsche Post
  • Packlink PRO

This includes name, address, and order details for delivery purposes.


7. Marketing, Email and CRM

We use Klaviyo for email marketing and customer communication.

Klaviyo may process:

  • email address
  • purchase history
  • website interaction data (if consent is given)

Klaviyo is based in the United States. Data transfers are protected via Standard Contractual Clauses.

You may unsubscribe from marketing emails at any time.


8. Reviews and Social Proof Tools

We use Trusted Shops Reviews to collect and display customer reviews.

Trusted Shops may process:

  • name
  • email address
  • order information
  • review content

We also use social media and content tools such as:

  • Instafeed (Instagram integration)
  • Sauce (Instagram / TikTok UGC integration)

These tools may process IP address and usage data when embedded content is displayed.


9. Website Analytics and Functional Tools

We use Shopify analytics and Search & Discovery functionality to improve our store and product visibility.

Depending on consent, we may use cookies and similar technologies for:

  • store functionality
  • analytics
  • marketing performance measurement

10. Cookies

We use cookies that are necessary for the operation of the website (shopping cart, checkout, security).

Additional cookies (analytics, marketing) are only used with your explicit consent, where required by law.

You may withdraw consent at any time via cookie settings.


11. International Data Transfers

Some of our service providers are located outside the European Union, particularly in the United States and Canada (e.g. Shopify, Klaviyo).

Where personal data is transferred outside the EU, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • adequacy decisions (where applicable)
  • contractual data protection agreements

12. Data Retention

We store personal data only as long as necessary:

  • Order and invoice data: 10 years (legal obligation)
  • Customer account data: until deletion request or inactivity
  • Marketing data: until consent is withdrawn
  • Technical logs: limited retention period for security purposes

13. Your Rights Under GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

14. Data Security

We use technical and organizational measures to protect personal data, including:

  • SSL encryption
  • access control
  • secure hosting infrastructure (Shopify)
  • restricted internal access to customer data

15. Automated Decision-Making

We may use automated systems (e.g. fraud prevention tools by payment providers or Shopify) to ensure transaction security. These systems do not produce legal effects without human involvement.


16. Changes to This Privacy Policy

We may update this privacy policy to reflect legal or technical changes. The current version is always available on our website.

Shopping Cart

Announce discount codes, free shipping etc