Privacy Policy

Last updated: 2025-12-12

1. DATA CONTROLLER

Karya Levni

Postfach 2 99 74 10132 Berlin, Germany

Email: karyalevni@gmail.com

2. WHAT DATA WE COLLECT

We collect personal data depending on how you interact with us:

When you purchase through our website:

  • Name

  • Email address

  • Billing address

  • Phone number

  • For business customers: Tax ID, VAT ID

When you pay via invoice and bank transfer:

  • All data listed above, plus:

  • IBAN

  • Account holder name

When you subscribe to our mailing list:

  • Email address

When you contact us via email:

  • Email address

  • Content of your message

3. PURPOSES AND LEGAL BASIS FOR PROCESSING

We process your personal data for the following purposes:

a) Contract performance (Art. 6(1)(b) GDPR)

  • Processing purchases and payments

  • Delivering products or services

  • Issuing invoices

b) Legal obligations (Art. 6(1)(c) GDPR)

  • Tax and accounting requirements

  • Retention of business records as required by German law

c) Consent (Art. 6(1)(a) GDPR)

  • Sending marketing communications via our mailing list

    You may withdraw consent at any time by clicking the unsubscribe link in any email or contacting us directly

d) Legitimate interests (Art. 6(1)(f) GDPR)

  • Website analytics to improve our services

  • Responding to your inquiries

4. DATA RECIPIENTS AND THIRD-PARTY SERVICES

We use the following third-party service providers who may process your data:

Squarespace Inc. (USA)

  • Website hosting and e-commerce platform

  • Processes purchase data

  • Privacy Policy: https://www.squarespace.com/privacy

Mailchimp / Intuit Inc. (USA)

  • Email marketing platform

  • Processes mailing list subscriber data

  • Privacy Policy: https://www.intuit.com/privacy/statement/

Google LLC (USA)

  • Google Analytics for website statistics

  • Email services (data stored on EU servers)

  • Privacy Policy: https://policies.google.com/privacy

Payment processors

  • As applicable through Squarespace's payment integration

5. INTERNATIONAL DATA TRANSFERS

Some of our third-party service providers are based in the United States. Data transfers to the US are conducted based on:

  • The EU-US Data Privacy Framework (for certified companies)

  • Standard Contractual Clauses approved by the European Commission

You may request a copy of the applicable safeguards by contacting us.

6. DATA RETENTION

We retain your data for the following periods:

  • Purchase and payment data: 10 years (German tax law requirements)

  • Mailing list data: Until you unsubscribe

  • Email correspondence: As long as necessary for the purpose, then deleted.

    • In the case of purchase-related correspondence, German tax law requires 10 year retention.

  • Analytics data: 14 months (Google Analytics default)

7. YOUR RIGHTS

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): Obtain confirmation and a copy of your personal data

  • Right to rectification (Art. 16 GDPR): Correct inaccurate data

  • Right to erasure (Art. 17 GDPR): Request deletion of your data

  • Right to restriction (Art. 18 GDPR): Restrict processing in certain circumstances

  • Right to data portability (Art. 20 GDPR): Receive your data in a portable format

  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests

  • Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, contact us at the email address above.

You also have the right to lodge a complaint with a supervisory authority. The competent authority in Germany is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219 10969 Berlin

Email: mailbox@datenschutz-berlin.de

Website: https://www.datenschutz-berlin.de

Phone: +49 30 13889-0

8. COOKIES AND TRACKING

Our website uses cookies for:

  • Essential website functionality (Squarespace)

  • Analytics (Google Analytics)

Google Analytics collects anonymised data about website usage, including pages visited, time on site, and referral sources. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

9. REQUIREMENT TO PROVIDE DATA

Providing personal data for purchases is necessary to fulfil the contract. Without this data, we cannot process your order.

Providing your email for the mailing list is voluntary and based on your consent.

10. AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal effects concerning you.

11. CHANGES TO THIS POLICY

We may update this privacy policy from time to time. The current version will always be available on our website with the date of the last update.

Last updated: 2025-12-12