Privacy policy
Privacy Policy
Effective Date: 18.06.2026
Woolfie Yarn (“we”, “us”, “our”) operates the website woolfieyarn.com and is responsible for the processing of personal data in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
Woolfie Yarn
Owner: Anton Diundik
Metzinger Str. 23
72622 Nürtingen
Germany
Email: woolfie.yarn@gmail.com
Phone: +49 151 189 71 911
2. General Information on Data Processing
We process personal data only to the extent necessary to provide a functional website, process orders, and improve our services.
Personal data includes, for example:
- name
- address
- email address
- telephone number
- payment data (processed by providers)
- order information
- IP address and usage data
3. Purpose and Legal Basis of Processing
We process personal data based on the following legal grounds under GDPR:
- Contract fulfillment (Art. 6(1)(b) GDPR): order processing, delivery, customer service
- Legal obligation (Art. 6(1)(c) GDPR): tax and accounting requirements
- Consent (Art. 6(1)(a) GDPR): newsletter and marketing communication
- Legitimate interest (Art. 6(1)(f) GDPR): website security, analytics, and improvement
4. Hosting and Shopify
Our online store is hosted by Shopify International Ltd.
Shopify processes personal data on our behalf, including:
- order processing
- customer account management
- website hosting
- analytics and security functions
Data may be transferred to Canada and the United States. Shopify relies on Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards.
Shopify Privacy Policy: https://www.shopify.com/legal/privacy
5. Payment Providers
We use the following payment service providers:
- Shopify Payments (Stripe infrastructure)
- PayPal
- Klarna
- bank transfer (optional)
Payment data is processed directly by these providers. We do not store full payment card details.
These providers may process data independently as data controllers.
6. Shipping and Logistics
For order fulfillment, we share necessary data with:
- DHL
- DPD
- Deutsche Post
- Packlink PRO
This includes name, address, and order details for delivery purposes.
7. Marketing, Email and CRM
We use Klaviyo for email marketing and customer communication.
Klaviyo may process:
- email address
- purchase history
- website interaction data (if consent is given)
Klaviyo is based in the United States. Data transfers are protected via Standard Contractual Clauses.
You may unsubscribe from marketing emails at any time.
8. Reviews and Social Proof Tools
We use Trusted Shops Reviews to collect and display customer reviews.
Trusted Shops may process:
- name
- email address
- order information
- review content
We also use social media and content tools such as:
- Instafeed (Instagram integration)
- Sauce (Instagram / TikTok UGC integration)
These tools may process IP address and usage data when embedded content is displayed.
9. Website Analytics and Functional Tools
We use Shopify analytics and Search & Discovery functionality to improve our store and product visibility.
Depending on consent, we may use cookies and similar technologies for:
- store functionality
- analytics
- marketing performance measurement
10. Cookies
We use cookies that are necessary for the operation of the website (shopping cart, checkout, security).
Additional cookies (analytics, marketing) are only used with your explicit consent, where required by law.
You may withdraw consent at any time via cookie settings.
11. International Data Transfers
Some of our service providers are located outside the European Union, particularly in the United States and Canada (e.g. Shopify, Klaviyo).
Where personal data is transferred outside the EU, we ensure appropriate safeguards such as:
- EU Standard Contractual Clauses (SCCs)
- adequacy decisions (where applicable)
- contractual data protection agreements
12. Data Retention
We store personal data only as long as necessary:
- Order and invoice data: 10 years (legal obligation)
- Customer account data: until deletion request or inactivity
- Marketing data: until consent is withdrawn
- Technical logs: limited retention period for security purposes
13. Your Rights Under GDPR
You have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
14. Data Security
We use technical and organizational measures to protect personal data, including:
- SSL encryption
- access control
- secure hosting infrastructure (Shopify)
- restricted internal access to customer data
15. Automated Decision-Making
We may use automated systems (e.g. fraud prevention tools by payment providers or Shopify) to ensure transaction security. These systems do not produce legal effects without human involvement.
16. Changes to This Privacy Policy
We may update this privacy policy to reflect legal or technical changes. The current version is always available on our website.