Privacy policy

PRIVACY POLICY

Effective date: 29th November 2025

1. Controller

The controller responsible for data processing on this website is:

WANNADO.ROCKS UG (haftungsbeschränkt)
Grossbeerenstr. 56D
10965Berlin
Germany
Email:  contact@wannado.rocks

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2. General information on data processing

When you use this website or our online shop, various personal data are processed. Personal data is any data that can be used to identify you personally.

We treat your personal data confidentially and in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), as well as this Privacy Policy.

Please note that data transmission over the internet (e.g. when communicating by email) can have security gaps. Complete protection of data from access by third parties is not possible.

3. Hosting, shop operation and platforms (Shopify & Webflow)

3.1 Shopify

Our online shop is operated on the e-commerce platform Shopify. The provider is:

Shopify International Ltd.
Victoria Buildings
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Shopify processes personal data that are required for the technical operation of the shop system and for order processing (e.g. IP address, browser and device information, order data, payment data, log data).

The use of Shopify is based on:

  • Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures), and
  • Art. 6(1)(f) GDPR (our legitimate interest in a secure, fast and efficient provision of our online offer).

Further information on data protection at Shopify can be found at:
https://www.shopify.com/legal/privacy

Data may be transferred to Canada and the USA. Such transfers are based on appropriate safeguards, in particular the EU Standard Contractual Clauses (SCCs).

3.2 Webflow

For certain web and landing pages we use the service Webflow as a hosting and content delivery platform. The provider is:

Webflow, Inc.
398 11th Street, Floor 2
San Francisco, CA 94103
USA

Webflow processes technical usage data (e.g. IP address, date and time of access, browser type, operating system) and may use a global Content Delivery Network (CDN) to deliver content quickly and securely.

The use of Webflow is based on:

  • Art. 6(1)(f) GDPR (legitimate interest in the technically secure, fast and efficient provision of our online offer), and
  • Art. 6(1)(a) GDPR where cookie-based tracking or similar technologies requiring consent are used.

Data transfers to the USA are based on the EU Standard Contractual Clauses (SCCs).

4. Purposes of processing and legal bases

We process personal data for the following purposes and on the basis of the corresponding legal grounds of the GDPR:

Purpose of processing

Legal basis

Processing and fulfilment of orders, payments and contractual obligations

Art. 6(1)(b) GDPR

Customer service, support and communication relating to orders

Art. 6(1)(b) GDPR

Fraud prevention, misuse detection, IT and legal security and compliance with legal obligations

Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR

Analysis, statistical evaluation, optimization and improvement of our services and website

Art. 6(1)(f) GDPR

Sending newsletters and other marketing communications

Art. 6(1)(a) GDPR

Establishment, exercise or defense of legal claims

Art. 6(1)(f) GDPR

We do not sell personal data.

5. Profiling and automated decision-making

For certain transactions, Shopify may use automated systems and fraud detection mechanisms (risk scoring) to identify potentially fraudulent or abusive activity.

The legal basis for this is Art. 6(1)(f) GDPR (our legitimate interest in protecting ourselves and our customers from fraud and abuse).

We do not make any automated decisions with legal effect on the basis of profiling within the meaning of Art. 22 GDPR. 

6. Storage period

Unless a more specific storage period is stated in this Privacy Policy, we store personal data only for as long as necessary to fulfil the respective purpose.

If you assert a legitimate request for erasure or withdraw your consent to processing, your data will be deleted unless we are obliged or entitled to further storage due to legal retention periods (e.g. under tax or commercial law). In such cases, the data will be deleted once the relevant retention period has expired.

7. Rights of data subjects under the GDPR

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

You can exercise your rights at any time by contacting us at contact@wannado.rocks.

8. Right to object under Art. 21 GDPR

8.1 Right to object on grounds relating to your particular situation

Where data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you; this also applies to profiling based on these provisions.

We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

8.2 Right to object to processing for direct marketing

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object, your personal data will no longer be used for direct marketing purposes.

9. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL/TLS encryption.

You can recognize an encrypted connection by the address line of the browser changing from "http://" to "https://" and by the lock symbol in your browser bar.

If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser.

We use:

  • Technically necessary cookies (e.g. for the shopping cart, login, language settings)
  • Optional analytics and marketing cookies (e.g. to measure reach, conversions and ad performance)

Technically necessary cookies are used on the basis of Art. 6(1)(f) GDPR (legitimate interest in the technically error-free and optimized provision of our website).

Analytics and marketing cookies are used only with your consent on the basis of Art. 6(1)(a) GDPR. Consent can be withdrawn at any time via the cookie settings.

You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or in general, and to enable automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

11. Google Analytics / Google Ads / YouTube tracking

We use Google Analytics and Google Ads conversion tracking, including related YouTube tracking technologies, provided by:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

with the parent company:

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

These services use cookies and similar technologies to collect information about the use of our website and to measure the effectiveness of advertising campaigns. The following types of data may be processed:

  • IP address (shortened/anonymised where possible)
  • Device and browser information
  • Interaction data (e.g. page views, clicks, video plays)
  • Conversion data (e.g. completed purchases, submitted forms)

The use of Google Analytics and Google Ads is based on your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw this consent at any time via the cookie settings.

Further information: https://policies.google.com/privacy

Data transfers to the USA are based on the EU Standard Contractual Clauses (SCCs).

12. Meta Pixel (Facebook & Instagram) 

We plan to use the Meta Pixel in the future to measure and optimize advertising campaigns on Facebook and Instagram.

Provider:

Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

The Meta Pixel will only be activated once it has been technically implemented and you have provided your consent via the cookie/consent banner.

After activation, processing will be based on Art. 6(1)(a) GDPR (consent). Data transfers to the USA will be based on the EU Standard Contractual Clauses (SCCs). You will be informed in more detail about the use of the Meta Pixel and your objection and opt-out options at that time.

Until activation, no data is processed by the Meta Pixel.

13. Newsletter and Mailchimp

If you subscribe to our newsletter, we use your email address to send you regular updates about our products, drops and offers.

Newsletter distribution may take place via:

Mailchimp – The Rocket Science Group LLC
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
USA

Mailchimp processes:

  • email address
  • technical data about email delivery and usage (e.g. open and click rates, IP address, browser and device information)

The sending of newsletters and related performance measurement takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw consent at any time via the "unsubscribe" link in each newsletter or by contacting us.

Further information: https://mailchimp.com/legal/privacy/

Data transfer to the USA is based on the EU Standard Contractual Clauses (SCCs).

14. Contact form, email and telephone enquiries

If you contact us by contact form, email or telephone, the data you provide (e.g. name, email address, content of the enquiry) will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on:

  • Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures, or
  • Art. 6(1)(f) GDPR (our legitimate interest in processing enquiries efficiently) in all other cases, and
  • Art. 6(1)(a) GDPR if we have requested your consent for specific purposes.

The data will be deleted once the enquiry has been conclusively answered and there are no statutory retention obligations.

15. Logistics provider

For the purpose of delivering your orders, we transfer necessary personal data (name, delivery address, and where applicable email address for shipment tracking) to our logistics partner:

TEXTILDRUCK EUROPA GmbH
Grenzstraße 15
06112 Halle (Saale)
Germany
Commercial Register: HRB 33832

The legal basis for this is Art. 6(1)(b) GDPR (performance of a contract).

16. Social media plugins

16.1 Twitter

Functions of the Twitter service may be integrated on this website. Provider:

Twitter International Company
One Cumberland Place
Fenian Street, Dublin 2
D02 AX07
Ireland

By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data may be transferred to Twitter in the process.

The use of the Twitter plugin is based on Art. 6(1)(f) GDPR (legitimate interest in the widest possible visibility in social media). Where we ask for consent, processing is based on Art. 6(1)(a) GDPR.

Data transfers to the USA are based on the EU Standard Contractual Clauses (SCCs).
Privacy policy: https://twitter.com/privacy

16.2 Instagram

Functions of the Instagram service may be integrated on this website. Provider:

Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. Instagram can then associate your visit to this website with your user account.

The use of the Instagram plugin is based on Art. 6(1)(f) GDPR (legitimate interest in broad visibility and interaction) and, where consent is required, on Art. 6(1)(a) GDPR.

Insofar as data is collected on our website and forwarded to Meta, we and Meta Platforms Ireland Limited may be jointly responsible for this data processing in accordance with Art. 26 GDPR. The joint responsibility is limited to the collection and transmission of data. Subsequent processing by Meta is carried out under its own responsibility.

The key contents of the joint controllership agreement can be found at:
https://www.facebook.com/legal/controller_addendum

Further information on data protection at Instagram:
https://instagram.com/about/legal/privacy/

17. Data transfers to the USA and other third countries

We may use tools from providers based in the USA or other third countries that are not considered to provide an adequate level of data protection under EU law. When these tools are active, your personal data may be transferred to and processed in these third countries.

In such countries, authorities may have broad access rights to personal data, and you may not have effective legal remedies. We have no direct influence on these processing operations. Data transfers are, where possible, based on the EU Standard Contractual Clauses (SCCs) or your explicit consent in accordance with Art. 49 GDPR.

18. Additional privacy rights for individuals in the United States of America (including California)

For individuals resident in the United States of America, especially in the State of California, additional rights may apply under state privacy laws (such as the California Consumer Privacy Act, CCPA, as amended by the California Privacy Rights Act, CPRA).

Subject to applicable law, such individuals may have in particular:

  • the right to request information about the categories of personal information collected,
  • the right to request access to and deletion of personal information,
  • the right to information about the disclosure of personal information to third parties,
  • the right to object to certain types of processing.

We do not sell personal information within the meaning of the CCPA/CPRA.

Requests under US state privacy laws can be addressed to: contact@wannado.rocks
We may request proof of identity to process such requests.

19. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy in order to comply with current legal requirements or to reflect changes in our services (e.g. the introduction of new tools or functions).

The latest version of this Privacy Policy is always available on this website.

20. Contact for data protection matters

For questions regarding data protection and to exercise your rights, you can contact us at:

WANNADO.ROCKS UG (haftungsbeschränkt)
Grossbeerenstr. 56D
10965 Berlin
Germany
Email: contact@wannado.rocks