Privacy Policy

Privacy Policy | My Store

1. Introduction & Controller Information

1.1

We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data is any information that can personally identify you.

1.2

The controller for data processing on this website under the GDPR is:

My Store
βœ‰οΈ Email: support@permacalm.com
🌐 Website: https://hkr9vh-a3.myshopify.com/

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2. Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only, we collect only the data your browser transmits to our server, including:

  • Date and time of access
  • Amount of data sent (bytes)
  • Source/reference (referrer)
  • Browser and operating system
  • IP address (anonymized where applicable)

Processing is based on Art. 6 (1) lit. f GDPR, justified by our legitimate interest in improving website stability and functionality.

2.2 Encryption

For security, our website uses SSL/TLS encryption. Look for β€œhttps://” and the lock symbol in your browser to confirm a secure connection.

3. Hosting & Infrastructure

We utilize high-performance providers to ensure a secure and fast site:

  • Shopify: Operated by Shopify International Limited (Ireland). Data may be transferred to Shopify Inc. (Canada), protected by the EU Commission’s adequacy decision.
  • Amazon Web Services (AWS): Used for hosting and content delivery. For transfers to the USA, AWS complies with the EU-US Data Privacy Framework (DPF).

4. Cookies & Consent Management

We use cookies to enhance your browsing experience:

  • Necessary Cookies: Required to perform the contract (Art. 6 (1) lit. b GDPR).
  • Analytical & Marketing Cookies: Only processed with your explicit consent (Art. 6 (1) lit. a GDPR). You can manage or revoke consent anytime through our Cookie Consent Tool.

5. Contact & Customer Account

Contacting Us

If you contact us via email or contact form, your data is stored solely to process your request (Art. 6 (1) lit. f/b GDPR).

Customer Account

If you create an account (Art. 6 (1) lit. b GDPR), your data is stored for future orders. You may delete your account at any time.

WhatsApp Business

If you use our WhatsApp service, we process your name and number to respond to inquiries.

6. Marketing & Newsletters

  • Klaviyo: Used for email marketing. If you subscribe, your data is shared with Klaviyo (USA) under the EU-US DPF.
  • Judge.me: With your consent, we may send review reminders.

7. Payment & Shipping Providers

To fulfill orders (Art. 6 (1) lit. b GDPR), necessary data is shared with:

Shipping

  • DHL (Email/Phone shared only with your express consent for delivery)

Payment

  • Apple Pay
  • Google Pay
  • PayPal
  • Klarna
  • Shopify Payments

Data is strictly for payment processing.

8. Web Analytics & Retargeting

Based on your explicit consent (Art. 6 (1) lit. a GDPR), we use:

  • Google Analytics 4 & Tag Manager: Behavior analysis
  • Hotjar & PostHog: Heatmaps and feature testing
  • Meta Pixel: Conversion tracking and targeted Instagram/Facebook ads

9. Your Rights as a Data Subject

Under GDPR, you have:

  • Right to Access (Art. 15): Know what data we hold
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17): Request deletion
  • Right to Withdraw Consent (Art. 7): Revoke consent anytime
  • Right to Object (Art. 21): Object to processing for legitimate interests or direct marketing

10. Data Retention

We store personal data as long as required by legal obligations (e.g., commercial and tax laws) or until you revoke consent. If processing is based on legitimate interest, data is kept until you object unless we demonstrate compelling grounds for continued processing.