Privacy policy

Privacy Policy

Professional Rosetten Design UG

Raiffeisenstraße 8A · 61169 Friedberg · Germany

Commercial Register: HRB 8131 Friedberg · VAT: DE301154809

Managing Director: Volker Stilgenbauer

E-mail: info@prd-group.eu · Tel.: +49 6031 790809-0

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection legislation is:

Professional Rosetten Design UG Raiffeisenstraße 8A 61169 Friedberg Germany Tel.: +49 6031 790809-0 Fax: +49 6031 772840-8 E-mail: info@prd-group.eu

 

2. Legal basis for processing

The processing of personal data is carried out on the following legal bases:

• Art. 6(1)(a) GDPR — Consent: for optional cookies, commercial communications and Google Analytics.

• Art. 6(1)(b) GDPR — Performance of a contract: for order processing, delivery and invoicing.

• Art. 6(1)(c) GDPR — Legal obligation: for compliance with tax and commercial law obligations.

• Art. 6(1)(f) GDPR — Legitimate interests: for direct marketing of similar products and for server log processing.

 

3. Server log files

You can visit our website without providing personal data. On each access, your browser automatically transmits usage data which is stored in server log files:

• Name of the page accessed

• Date and time of the request

• Volume of data transmitted

• IP address (anonymised)

• Browser type and version

• Operating system of the requesting device

• Referrer URL (previously visited page)

This data is used exclusively to ensure smooth technical operation and to improve our services. It is not possible to associate this data with a specific individual. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website). Data is automatically deleted after 7 days.

 

4. Contact form and e-mail communication

When using the contact form, we collect your personal data (name, e-mail address, message text) only to the extent you provide it. Processing serves the purpose of handling your enquiry.

The legal basis is Art. 6(1)(b) GDPR where your enquiry is related to the performance of a contract, otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry).

Your data will be deleted once your enquiry has been finally resolved, unless statutory retention obligations apply or you have consented to further processing.

 

5. Customer account

When creating a customer account, we collect your personal data to the extent indicated in the registration form. Processing serves to simplify and improve order management. The legal basis is Art. 6(1)(b) GDPR (performance of the usage contract).

You may delete your customer account at any time. Your data will be deleted upon cancellation of the account, unless statutory retention obligations apply.

 

6. Data processing for orders

When placing an order, we collect and use your personal data only to the extent necessary for the fulfilment and processing of your order and for handling your enquiries. Provision of data is required for conclusion of the contract. The legal basis is Art. 6(1)(b) GDPR.

Your data is only transmitted to third parties to the extent necessary for contract fulfilment. Categories of recipients include:

• Shipping service providers (e.g. DHL, DPD) — for delivery

• Payment service providers (e.g. PayPal, Klarna) — for payment processing

• Shopify International Ltd., Gordon House, Barrow Street, Dublin 4, Ireland — as the technical platform (processor pursuant to Art. 28 GDPR)

• Tax advisors and auditors — where required by law

In all cases we strictly comply with applicable legal requirements. The scope of data transmission is limited to the necessary minimum.

 

7. Use of e-mail address for direct marketing

We use your e-mail address, obtained in connection with the sale of a product or service, to send electronic marketing communications about our own similar products or services, provided you have not objected to such use.

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in direct marketing). You may object to this use of your e-mail address at any time by notifying us at info@prd-group.eu, without incurring any costs other than transmission costs at the basic rate. Contact details for exercising the right to object are also provided in our legal notice (Impressum).

 

8. Cookies and consent management

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that allow analysis of website usage.

We distinguish the following categories:

• Strictly necessary cookies: required for the operation of the website (e.g. shopping cart, login). Legal basis: Art. 6(1)(b) and (f) GDPR. No consent required.

• Personalisation cookies: store your preferences. Legal basis: Art. 6(1)(a) GDPR (consent).

• Marketing cookies: for targeted advertising. Legal basis: Art. 6(1)(a) GDPR (consent).

• Analytics cookies: for analysis of browsing behaviour. Legal basis: Art. 6(1)(a) GDPR (consent).

Consent for optional cookies is obtained via our cookie banner on your first visit to the website. You can withdraw your consent at any time via the cookie settings link in the website footer. Consent is logged and can be withdrawn at any time with effect for the future.

 

9. Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies that enable analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server and stored there. IP addresses are anonymised before transmission.

Data processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR, which you can grant via our cookie banner. Without your consent, Google Analytics will not be activated.

For data transfers to the USA, Google has concluded standard contractual clauses pursuant to Art. 46(2)(c) GDPR. Further information is available at: https://policies.google.com/privacy

You can withdraw your consent for Google Analytics at any time via the cookie settings (link in the footer).

 

10. Google Maps

Google Maps is not currently actively embedded on this website. Should this change in future, this section will be updated accordingly and users' consent will be obtained pursuant to Art. 6(1)(a) GDPR.

 

11. Shopify as platform operator

Our website operates on the Shopify platform. The provider is Shopify International Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Shopify acts as a data processor pursuant to Art. 28 GDPR. A Data Processing Agreement has been concluded with Shopify.

Shopify processes data for the technical provision of the shop, order and payment processing, and fraud prevention. Further information on Shopify's privacy practices is available at: https://www.shopify.com/legal/privacy

11a. Shopify as an independent controller (advanced features)

In addition to its role as a data processor, Shopify uses certain advanced features that involve data from your interactions with our shop, other Shopify merchants, and the Shopify platform generally. For these purposes — including cross-merchant fraud prevention, personalised advertising, and improvement of the Shopify platform — Shopify acts as an independent controller under the GDPR and not as our data processor.

Where Shopify acts as an independent controller, Shopify — and not Professional Rosetten Design UG — is responsible for the processing of your personal data for those purposes, including responding to your requests to exercise your data subject rights in connection with such processing.

Further information about how Shopify processes your personal data as an independent controller and the rights available to you can be found in Shopify's Consumer Privacy Policy: https://www.shopify.com/legal/privacy/app-users. You may also exercise your rights directly with Shopify via the Shopify Privacy Portal: https://privacy.shopify.com/en

 

12. Data Protection Officer

You can contact our Data Protection Officer at:

E-mail: info@prd-group.eu

 

13. Rights of data subjects

Subject to the applicable legal conditions, you have the following rights:

• Right of access (Art. 15 GDPR): you may request information about the personal data we process.

• Right to rectification (Art. 16 GDPR): you may request correction of inaccurate data.

• Right to erasure (Art. 17 GDPR): you may request deletion of your data, unless statutory retention obligations apply.

• Right to restriction of processing (Art. 18 GDPR).

• Right to data portability (Art. 20 GDPR).

• Right to object (Art. 21 GDPR): you have the right to object to processing based on Art. 6(1)(f) GDPR.

• Right to withdraw consent (Art. 7(3) GDPR): consent granted may be withdrawn at any time with effect for the future.

To exercise your rights, please contact: info@prd-group.eu

 

14. Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data is not lawful.

The supervisory authority with jurisdiction for Professional Rosetten Design UG is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI) Gustav-Stresemann-Ring 1 65189 Wiesbaden Germany Tel.: +49 611 1408-0 E-mail: poststelle@datenschutz.hessen.de www.datenschutz.hessen.de

For residents of other EU member states, the supervisory authority of your country of habitual residence is also competent (Art. 77(1) GDPR).

 

15. Retention periods

We store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations:

• Order data: 10 years (§ 147 German Fiscal Code (AO) and § 257 German Commercial Code (HGB) — tax and commercial law retention obligations)

• Contact enquiries: until final resolution, then deleted

• Customer account: until deletion by the user

• Server log files: 7 days

• Cookie consent records: 12 months

 

Version: January 2026