Privacy Policy – Déan

For orders and contract processing, we process necessary customer data (e.g. delivery address, payment data). External service providers (e.g. shipping companies, payment providers) may be used for delivery and payment. Data is shared only to the extent necessary.
Used Service Providers and Services
To organize and carry out our business activities, we use external providers (e.g. tools, plugins, platforms). These support us in particular in shop operations, communication, marketing, and internal processes.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Payment Service Providers
For secure and efficient payments, we use external payment service providers (e.g. PayPal, Klarna, Apple Pay, Google Pay, Visa, Mastercard). Payment data is processed directly by the respective providers. We usually receive only a payment confirmation or rejection, but no full card or account details. Depending on the provider, an identity or credit check may be carried out. The data protection provisions of the respective payment service providers apply. Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract).
Depending on the provider, an identity or credit check may be performed. The data protection regulations of the respective payment service providers also apply.
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract).

Web Hosting and Server Log Files
To provide our website, we process technical access data (e.g. IP address, browser type, time of access). This data is used in particular for security, stability, and error analysis.
Log files are generally stored for a maximum of 30 days and then deleted or anonymized.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Contact
If you contact us (e.g. by email, contact form, or social media), we process your information to handle the inquiry and for communication.
Legal bases: Art. 6 para. 1 lit. b GDPR (inquiry/contract), Art. 6 para. 1 lit. f GDPR (organization & communication).

Chat Functions / Chatbots
If you use our chat functions, we process the content of your messages as well as technical usage data. Depending on the platform, metadata (e.g. time, device data) may also be collected.
You can withdraw consent or object to processing at any time.
Legal bases: consent (Art. 6 para. 1 lit. a), contract (Art. 6 para. 1 lit. b), legitimate interest (Art. 6 para. 1 lit. f GDPR).

Newsletter & Marketing Communication
We only send newsletters with your consent (double opt-in). You can unsubscribe at any time via the unsubscribe link.
We can store deregistration data for up to 3 years for verification purposes.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (proof/organization).
Web analysis & tracking
We use analytics and tracking tools (e.g., Google Analytics, Meta Pixel) to measure reach, user behavior, and advertising effectiveness. Pseudonymous user profiles may be created in the process. IP addresses are shortened (IP masking) wherever possible.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR) or legitimate interest (Art. 6 para. 1 lit. f GDPR).

Ratings & Reviews
We may use external services (e.g., Judge.me) to display and manage customer reviews. This may involve processing technical data (e.g., IP address) and order information for verification purposes.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

Social media presences
We maintain profiles on social networks (e.g., Instagram, Facebook) to communicate with users and provide content. Data may also be processed outside the EU. These providers often create user profiles for advertising and market research purposes.
For details and opt-out options, please refer to the privacy policies of the respective platforms.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)