Privacy Policy
Unless otherwise specified below, the provision of your personal data is neither required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data will have no consequences. This only applies insofar as no other information is provided in the following processing operations.
“Personal data” is any information relating to an identified or identifiable natural person.
You can visit our websites without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our offering.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
Contact
Person in charge
Please contact us if you have any questions. The person responsible for data processing is: Mert Yüksel, Schützenstraße 11, 6020 Innsbruck, Austria, +436609484156, info@bulkozen.com
Proactive contact by the customer via email
If you contact us by email on your own initiative, we will only collect your personal data (name, email address, message text) to the extent that you provide it. The data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g., advice on purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. . In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) lit. f GDPR for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data processing serves the purpose of establishing contact.
If the purpose of establishing contact is to carry out pre-contractual measures (e.g., advice on purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) lit. b GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when sending images via upload
We provide an upload function for image files on our website. This allows you to send us images using encrypted data transmission. When you transmit your images, we may collect your personal data (depiction of an identifiable person) only to the extent that you provide it. The purpose of data processing is to create personalized products. The image you send us serves as a template for the product and is used for this purpose (e.g., T-shirt printing). Processing is carried out on the basis of Art. 6 (1) lit. b GDPR and is necessary for the fulfillment of a contract with you.
Your data may be passed on to service providers that we use for order processing. Your data will not be passed on to other third parties.
We only use the image you send us for the purpose of providing our services. Your data will then be deleted in accordance with the statutory retention periods, unless you have consented to further processing and use.
Customer account Orders
Customer account
When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until revocation. Your customer account will then be deleted.
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide data will result in no contract being concluded. Processing is based on Art. 6 (1) lit. b GDPR and is necessary for the performance of a contract with you.
Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to the legal requirements. The scope of data transfer is limited to a minimum.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
Advertisement
Use of email address for sending newsletters
We use your email address exclusively for our own advertising purposes to send you our newsletter, provided you have expressly agreed to this, irrespective of the contract processing. Processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.
Use of Brevo PushOwl
We use Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) as our email marketing service provider for sending newsletters within the framework of a data processing agreement.
When you subscribe to our newsletter, the information you provide (in particular your email address and, where applicable, your name) is transferred to and stored by Brevo. The processing of this data serves the purpose of sending newsletters and analyzing and optimizing our newsletter campaigns.
Emails sent through Brevo may contain technologies that enable the analysis of user behavior. This includes, in particular, measuring open rates and clicks on links contained within the email. In this context, technical information such as IP address, browser type, device type, and access time may be processed. Such analyses are carried out solely for the purpose of statistical evaluation and improvement of our services.
In addition, we use PushOwl to provide web push notifications. If you consent to receiving push notifications, technical identification data relating to your browser or device will be processed and stored in order to deliver these notifications. Push notifications may be statistically evaluated, for example with regard to delivery, opening, and interaction rates.
The processing of your data is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out prior to the withdrawal remains unaffected.
Where personal data is transferred to countries outside the European Union or the European Economic Area, such transfers are carried out in accordance with the safeguards provided under Art. 44 et seq. GDPR, including the use of Standard Contractual Clauses approved by the European Commission or an applicable adequacy decision.
Further information regarding Brevo's privacy practices:
https://www.brevo.com/legal/privacypolicy/
Further information regarding PushOwl's privacy practices:
https://www.pushowl.com/privacy
Payment service providers
Using PayPal CheckoutWe use the PayPal Check-Out payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The purpose of data processing is to enable us to offer you payment via the payment service. When you select and use payment via PayPal, credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) lit. b GDPR.
Cookies may be stored in this process, which enable your browser to be recognized. The resulting data processing is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in offering a customer-oriented range of different payment methods.
You have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation.
Credit card via PayPal, direct debit via PayPal “Pay later” via PayPal.
For certain payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right to obtain credit information based on mathematical-statistical methods using credit agencies. To this end, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of a payment default to make a balanced decision about the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes, among other things, address data. Your interests worthy of protection will be taken into account in accordance with the statutory provisions. The purpose of data processing is to check creditworthiness for the initiation of a contract. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes advance payments. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6(1)(f) GDPR by notifying PayPal. The provision of data is necessary for the conclusion of the contract with your preferred payment method. Failure to provide this data will result in the contract not being concluded with your chosen payment method.
Third-party provider
When paying via a third-party payment provider, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. In order to carry out this payment method, the data may then be passed on by PayPal to the respective provider. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. Local third-party providers can be, for example:
Purchase on account via PayPal
When paying by purchase on account, the data required for payment processing is first transmitted to PayPal. To execute this payment method, the data is then transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; “Ratepay”) in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) lit. b GDPR. Ratepay may carry out a credit check on the basis of mathematical-statistical methods (probability or score values) using credit agencies in accordance with the procedure described above. The purpose of data processing is to check creditworthiness for the initiation of a contract. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment default if Ratepay makes advance payments. urther information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
For more information on data processing when using PayPal, please refer to the relevant privacy policy at
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the unique identification of the browser when the website is accessed again.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we point out that you may then not be able to use all functions of this website to their full extent.
You can find out how to manage (and disable) cookies in the most important browsers at:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically Necessary Cookies
Unless otherwise stated in this privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective, and secure. In addition, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.
The use of cookies or comparable technologies is based on Section 25(2) TDDDG. The processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offer. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
Use of Shopify's Consent Management Tool
We use the consent management tool provided by Shopify International Ltd. to manage and document the consent you provide regarding the use of cookies and similar technologies on our website.
This tool enables you to grant, refuse, or withdraw consent for the processing of personal data at any time with effect for the future. Your preferences are stored so that they can be recognized and applied during future visits to our website.
In this context, information regarding your consent status, the time of your decision, device and browser information, as well as an anonymized or shortened IP address may be processed.
The processing is carried out for the purpose of complying with legal obligations relating to the requirements of the GDPR and applicable ePrivacy regulations pursuant to Art. 6(1)(c) GDPR.
Further information regarding Shopify's privacy practices can be found at:
Advertising tracking
Use of TikTok Pixel
We use on our website the TikTok Pixel of TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”). Both companies are the joint controllers for the data processing (hereinafter “TikTok”).
The data processing serves the purpose of identifying and analyzing website accesses of our customers as well as for better customer targeting by placing targeted advertising and for evaluating the effectiveness of advertisements on TikTok. For this purpose, TikTok uses technologies such as cookies and pixels, which enable recognition of your browser. Among other things, the following information can be collected and transmitted to TikTok: date and time of the visit, information about the browser and device type you are using, screen resolution, IP address. TikTok can assign this information to your personal TikTok user account. From the data collected in this way, user profiles can be created using pseudonyms. However, personal identification of the users is not possible.
Your data may be transferred to third countries, such as the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. The data transfer to the USA as well as to third countries without an adequacy decision takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation.
Further information on data protection can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de und https://ads.tiktok.com/i18n/official/policy/controller-to-controller.
Plug-ins and Miscellaneous
Use of social plug-ins
We use plug-ins of social networks on our website. The integration of social plug-ins and the data processing that takes place thereby serves the purpose of optimizing the advertising for our products.
When social plug-ins are integrated, a connection is established between your computer and the servers of the providers of the social network, and the plug-in is displayed on the page by notifying your browser, provided that you have expressly consented to this. In this case, both your IP address and the information about which of our pages you have visited are transmitted to the providers’ servers. This applies regardless of whether you are registered or logged in to the social network. Transmission also takes place for non-registered or non-logged-in users. If you are simultaneously connected to one or more of your social network accounts, the collected information can also be assigned to your corresponding profiles. When using the plug-in functions (e.g. by pressing the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation.
The social networks named below are integrated into our website by means of social plug-in. Further information on the scope and purpose of the collection and use of the data as well as on your rights in this respect and options for protecting your privacy can be found in the linked data protection notices of the providers.
Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are jointly responsible for the collection of your data that takes place when the service is integrated and the transmission of this data to Facebook. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this, we are in particular responsible for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations pursuant to the agreement on joint processing. Meta Platforms Ireland is responsible for enabling the data subject rights pursuant to Art. 15 - 20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a personal data breach affects Meta Platforms Ireland’s obligations pursuant to the agreement on joint processing.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself under the TADPF and is thereby obliged to comply with European data protection principles.
Further information on the collection and use of the data by Facebook, about your rights in this respect and options for protecting your privacy can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.
Rights of data subjects and storage periodr
Duration of storage
After complete contract processing, the data will initially be stored for the duration of the warranty period, thereafter taking into account statutory, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you are entitled to the following rights pursuant to Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Art. 21 para. 1 GDPR, you have a right to object to processing based on Art. 6 para. 1 f GDPR, as well as to processing for direct marketing purposes.
Right of complaint to the supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.
Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, for reasons arising from your particular situation, to object at any time to this processing with effect for the future.
After an objection has been made, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
Last updated: 29.11.2023