Privacy policy

 

Privacy Policy – Studio Easy

(EU GDPR-Compliant)

Last Updated: February 10, 2026

Studio Easy operates this online shop and website, including all related content, products, and services (hereinafter “Services”). Protecting your personal data is very important to us. This Privacy Policy informs you about the collection, use, and sharing of your data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Studio Easy – Schumann-Plekat GbR
Alte Königstraße 3
22767 Hamburg, Germany
Email: hello@studioeasy.de

Responsible under the GDPR (Art. 4 No. 7).

2. Personal Data Collected

We process personal data that can identify you or be linked to you, including:

  • Contact Data: Name, address, email, phone number

  • Payment & Financial Data: Payment details, bank or credit card information

  • Account Data: Username, password, security settings

  • Transaction Information: Ordered products, shopping cart, purchase history, invoice data

  • Communication: Support requests, emails, chat logs

  • Device & Usage Information: IP address, browser type, operating system, device information, website interactions, cookies

3. Data Sources

  • Directly from you: e.g., registration, purchases, newsletter sign-up, contact forms

  • Automatically via our website: cookies, tracking tools, analytics

  • Service providers processing data on our behalf: e.g., Shopify, Mailchimp

  • Marketing partners: only with your explicit consent

4. Purposes and Legal Basis for Processing

We use personal data for the following purposes (with the corresponding legal basis under GDPR, Art. 6):

  • Contract Fulfillment (Art. 6(1)(b) GDPR): Order processing, delivery, returns, account management, payment processing, customer support

  • Legal Obligations (Art. 6(1)(c) GDPR): Accounting, tax obligations, statutory record-keeping (HGB, AO)

  • Legitimate Interests (Art. 6(1)(f) GDPR): IT security, fraud prevention, improving our services, product recommendations, technical analysis

  • Consent (Art. 6(1)(a) GDPR): Marketing, newsletter, personalized advertising, tracking tools (Google Analytics, Meta Pixel, Pinterest Tag) – only with prior explicit consent

5. Sharing Data with Third Parties

We share your personal data only when necessary to fulfill contracts, with your consent, or when legally required. Your data is not sold.

5.1 Shopify (Shop System & Hosting)

  • Provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

  • Data Processed: All data collected through the shop (name, address, email, order data, IP address)

  • Legal Basis: Data processing on our behalf (Art. 28 GDPR) for contract fulfillment (Art. 6(1)(b) GDPR)

  • Privacy: Shopify Privacy Policy

5.2 Payment Providers
Depending on your chosen payment method, your payment data may be transmitted to:

  • Shopify Payments (via Stripe): Stripe Payments Europe Ltd., Dublin, Ireland

  • PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

  • Klarna: Klarna Bank AB (publ), Stockholm, Sweden
    Legal Basis: Contract fulfillment (Art. 6(1)(b) GDPR). Payment providers act as independent controllers.

5.3 Shipping Providers
To deliver your order, we share your name, delivery address, and contact details with:

  • DHL: Deutsche Post AG, Bonn, Germany

  • DHL Express: DHL Express Germany GmbH, Bonn, Germany
    Legal Basis: Contract fulfillment (Art. 6(1)(b) GDPR)

5.4 Email Marketing & Newsletter (Mailchimp)

  • Provider: Rocket Science Group LLC d/b/a Mailchimp, Atlanta, GA, USA (Intuit)

  • Data Processed: Email, name, open rates, click behavior, IP address, signup time

  • Purpose: Newsletter delivery, campaign analysis, personalization

  • Legal Basis: Consent (Art. 6(1)(a) GDPR)

  • Data Transfer: USA (EU Standard Contractual Clauses, EU-US Data Privacy Framework)

  • Opt-Out: Any time via the link in emails or by contacting hello@studioeasy.de

  • Privacy: Mailchimp Privacy Policy

5.5 Other Service Providers

  • IT services (e.g., cloud storage, hosting)

  • Customer support tools

  • Marketing partners (only with explicit consent)
    All service providers are contractually bound to comply with the GDPR (Art. 28) and process data only according to our instructions.

5.6 Data Sharing with Authorities
We share personal data with authorities if legally required or to enforce our legal rights (e.g., upon request by law enforcement or tax authorities).

6. Cookies and Tracking Tools

We use cookies and tracking technologies to analyze usage, improve the website, and personalize advertising. This occurs only with your explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

6.1 Cookie Consent Tool (Pandectes)

  • Provider: Pandectes GDPR Compliance (Shopify app)

  • Purpose: Display cookie banner, store consent, control tracking tools

  • Legal Basis: Legal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f))

6.2 Google Analytics 4

  • Provider: Google Ireland Limited, Dublin, Ireland

  • Purpose: Analyze user behavior, generate website statistics, optimize website

  • Data Processed: Anonymized IP, device info, browser type, page views, clicks, time on site

  • Legal Basis: Consent (Art. 6(1)(a))

  • Data Transfer: USA (EU Standard Contractual Clauses, EU-US Data Privacy Framework)

  • Retention: Up to 14 months

  • Privacy: Google Privacy

  • Opt-Out: Google Analytics Opt-Out

6.3 Meta Pixel (Facebook & Instagram)

  • Provider: Meta Platforms Ireland Limited, Dublin, Ireland

  • Purpose: Retargeting, conversion tracking, custom audiences, ad optimization

  • Data Processed: IP, device info, browser, pages visited, purchase behavior, cookies

  • Legal Basis: Consent (Art. 6(1)(a))

  • Data Transfer: USA (EU Standard Contractual Clauses, EU-US Data Privacy Framework)

  • Retention: Up to 90 days

  • Privacy: Meta Privacy

  • Opt-Out: Ad Settings

6.4 Pinterest Tag

  • Provider: Pinterest Europe Ltd., Dublin, Ireland

  • Purpose: Conversion tracking, retargeting, ad optimization

  • Data Processed: IP, device info, browser, pages visited, click behavior, cookies

  • Legal Basis: Consent (Art. 6(1)(a))

  • Data Transfer: USA (EU Standard Contractual Clauses)

  • Retention: Up to 365 days

  • Privacy: Pinterest Privacy

  • Opt-Out: Pinterest Privacy Settings

6.5 Shopify Analytics

  • Provider: Shopify International Limited

  • Purpose: Shop performance, order analysis, cart abandonment, error diagnosis

  • Data Processed: IP, browser info, page views, order data

  • Legal Basis: Legitimate interest (Art. 6(1)(f))

  • Used only for technical operation, not for advertising.

6.6 Consent & Withdrawal
You can withdraw consent to cookies and tracking tools at any time via:

  • Our cookie banner (footer link)

  • Browser settings (delete/block cookies)

  • Email: hello@studioeasy.de

Note: Website use may be limited if cookies are disabled.

7. Your Rights as a European Data Subject

Under the GDPR, you have the following rights:

  • Access (Art. 15): Request information about your personal data

  • Rectification (Art. 16): Correct inaccurate data

  • Erasure (Art. 17): Delete data, if no legal retention obligations exist

  • Restriction (Art. 18): Restrict processing

  • Data Portability (Art. 20): Receive data in a structured, machine-readable format

  • Objection (Art. 21): Object to processing based on legitimate interests

  • Withdrawal of Consent (Art. 7(3)): Revoke consent at any time

Contact to exercise your rights: hello@studioeasy.de

7.1 Complaint to Supervisory Authority
You may lodge a complaint with a data protection authority, especially in your EU member state of residence, work, or alleged violation (Art. 77 GDPR).

Supervisory Authority for Studio Easy:
Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 20459 Hamburg
https://datenschutz-hamburg.de

Full list of EU authorities: EDPB Members

8. Data from Minors

Our services are not directed to persons under 16. Persons under 16 may not place orders or register without parental consent. We do not knowingly collect personal data from children under 16. If discovered, such data will be deleted immediately. Parents may request deletion at any time.

9. Data Retention

We retain personal data only as long as necessary or required by law:

  • Contract data: During contract term + 10 years after (per §§ 147 AO, 257 HGB)

  • Invoices & accounting: 10 years (§ 147(3) AO)

  • Newsletter data: Until consent is withdrawn

  • Tracking data: See each tool’s retention policy (Section 6)

  • Customer account: Until account deletion or 3 years of inactivity

10. International Data Transfers

Some data is transferred outside the EEA (especially to the USA). We ensure adequate protection via:

  • EU Standard Contractual Clauses (Art. 46(2)(c) GDPR)

  • EU-US Data Privacy Framework (certified US companies: Google, Meta)

  • Countries recognized by the EU as having adequate protection (Art. 45 GDPR) are exempt from additional safeguards

11. Data Security

We implement technical and organizational measures to protect your data:

  • SSL/TLS encryption

  • Encrypted storage of sensitive data

  • Access restrictions & controls

  • Regular security checks & updates

Complete security cannot be guaranteed. Keep your login credentials confidential.

12. Changes to Privacy Policy

We may update this Privacy Policy to reflect legal or operational changes. The latest version is always on our website. Significant changes affecting your rights will be communicated.

13. Links to Third-Party Websites

Our website may contain links to external sites (social media, partner sites). We have no control over their content or privacy practices. Please review the privacy policies of linked sites.

14. Contact & Questions

For questions regarding privacy or exercising your rights, contact:
Studio Easy – Schumann-Plekat GbR
Alte Königstraße 3, 22767 Hamburg, Germany
Email: hello@studioeasy.de

Last Updated: February 10, 2026