Handwrite Logo
Handwrite

Privacy Policy

Your privacy is important to us.

Effective date: 23 August 2025

This Privacy Policy explains how we collect, use, and share personal data when you use our website and ordering portal at https://handwrite.shopofluba.de (the “Site”) and related services for creating and shipping handwritten cards and envelopes (the “Services”).

Controller

[TO FILL legal entity name] (e.g., “Shop of Luba, [owner name]”)
[TO FILL street, postcode, city, country]
Email: [TO FILL contact email]
If you appoint a Data Protection Officer: [TO FILL DPO contact].

1) What we collect

Account & order data (you give us)

  • Name, email, billing address
  • Shipping/recipient name(s) and postal address(es)
  • Your message content to be plotted/printed
  • Optional: phone number (for delivery/contact)
  • Payment metadata (via your chosen payment provider; we don’t store full card details)

Technical & usage data (we collect automatically)

  • Log files: IP address, timestamps, pages/events, user agent
  • Device/approximate location derived from IP (country/city level)
  • Cookies or similar (see Cookies)

Support communications

  • Emails, chat messages, attachments, and related metadata

We do not intentionally collect special category data. Don’t include sensitive information (e.g., health data) in message text unless necessary.

2) Why we process your data (legal bases)

  • Provide the Service & fulfill orders (Art. 6(1)(b) GDPR): account, checkout, address labels, plotting/printing, shipping, customer support.
  • Legal obligations (Art. 6(1)(c)): invoices, tax, compliance.
  • Legitimate interests (Art. 6(1)(f)): keep the Site secure (fraud/abuse prevention, diagnostics), measure basic performance, improve UX.
  • Consent (Art. 6(1)(a)): optional analytics/marketing emails; you can withdraw anytime.

3) How we use the data

  • Create and manage your account; process and ship your orders.
  • Generate labels/envelopes and the handwritten card from your provided text.
  • Communicate about orders, support, and service notices.
  • Maintain security, debug issues, and improve the Site and workflows.
  • Send marketing updates only if you opted in (unsubscribe anytime).

4) Who receives the data (processors & recipients)

We use vetted service providers under Data Processing Agreements, only to the extent necessary:

  • Hosting & infrastructure: [TO FILL e.g., Hetzner/Vercel/Render] (EU if applicable)
  • Payments: [TO FILL e.g., Stripe/PayPal] (we receive payment status/IDs; we do not store full card numbers)
  • Email/SMS (transactional/marketing): [TO FILL ESP, e.g., Postmark/Resend/Pinpoint]
  • Analytics (optional/consent-based): [TO FILL e.g., Plausible/GA4 or “none”]
  • Printing/Plotting & Fulfilment: in-house or [TO FILL vendor name if external]
  • Shipping carriers: [TO FILL e.g., Deutsche Post/DHL/UPS] (recipient name/address and tracking info shared as required)

We may disclose data to authorities where required by law or to establish/exercise legal claims.

5) International transfers

Where providers process data outside the EU/EEA, we rely on appropriate safeguards (e.g., EU Commission adequacy decisions or Standard Contractual Clauses). Details: [TO FILL link to your list of processors or state “available on request”].

6) Retention

  • Orders & invoices: kept for statutory retention (typically 10 years under German tax law).
  • Accounts: kept while active; deleted or anonymized after inactivity [TO FILL period, e.g., 24 months] unless legal retention applies.
  • Support tickets/logs: [TO FILL, e.g., 12 months] unless needed longer for security or disputes.
  • Marketing consent data: until you withdraw consent.

We minimize and secure data; no method is 100% risk-free.

7) Your rights (GDPR)

You can request:

  • Access, rectification, deletion
  • Restriction or objection to processing based on Art. 6(1)(f)
  • Data portability (for data you provided)
  • Withdraw consent (for optional processing) at any time

To exercise rights: [TO FILL contact email].
Complaint right: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) or your local authority.

8) Cookies & similar tech

  • Essential cookies: required for login, cart, checkout, security. These run by default.
  • Optional cookies (analytics/marketing): used only with your consent via our banner/settings.
  • Embedded media (e.g., YouTube/Vimeo): loaded only after consent where applicable.

Details and choices: [TO FILL link to Cookie Policy / preferences modal].

9) Children

The Services aren’t intended for children under 16. We don’t knowingly collect data from them.

10) Business events

If we undergo a reorganization, merger, or asset transfer, personal data may transfer under the same protections described here.

11) Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. We’ll post the new version here and adjust the effective date. Material changes will be clearly signposted.

Contact

Controller: [TO FILL legal entity]
Address: [TO FILL]
Email: [TO FILL contact email]

Handwrite | Authentic Handwritten Cards for Business