Privacy Policy

Last updated: December 18, 2025

This Privacy Policy describes how Furlunie (“the Site”, “we”, “us”, or “our”) collects, uses, and discloses your personal information when you visit or make a purchase from our website.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and applicable EU and German data protection laws.

1. Data Controller

Furlunie is the data controller responsible for processing your personal data.

Contact Email: privacy@yourcompany.com
Customer Support: support@yourcompany.com
Data Protection Officer (DPO): dpo@yourcompany.com

2. Personal Information We Collect

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases.

2.1 Device Information

Examples of personal information collected:

  • Version of web browser

  • IP address (anonymized where required)

  • Time zone

  • Cookie information

  • Pages viewed and interaction data

Purpose of collection:

  • Load the Site accurately

  • Perform analytics and improve functionality

Legal basis:

  • Legitimate interests (Article 6(1)(f) GDPR)

2.2 Order Information

When you make or attempt to make a purchase, we collect:

  • Name

  • Billing and shipping address

  • Payment information (processed by third-party providers)

  • Email address

  • Phone number (if required for delivery)

Purpose of collection:

  • Fulfill contracts

  • Process payments

  • Arrange shipping

  • Provide invoices and order confirmations

Legal basis:

  • Contract performance (Article 6(1)(b) GDPR)

2.3 Customer Support Information

When you contact us, we may collect:

  • Email correspondence

  • Photos or videos submitted for quality checks, returns, or warranty claims

  • Any additional information you voluntarily provide

Purpose of collection:

  • Remote troubleshooting and customer support

  • Returns and refunds processing

Legal basis:

  • Contract performance and legitimate interests (Article 6(1)(b), 6(1)(f) GDPR)

3. Sensitive Personal Data

We do not intentionally collect special categories of personal data under Article 9 GDPR.

In rare cases (e.g. hygiene-related return claims), limited sensitive data may be processed only where strictly necessary, based on explicit consent and protected under enhanced safeguards.

4. Sharing Personal Information

We share your personal information only with trusted service providers to help us operate our business, including:

  • Shopify Inc., which hosts our online store

  • Payment processors (e.g. Shopify Payments, PayPal, Stripe)

  • Logistics and shipping providers (e.g. DHL or EU-based carriers)

  • Analytics providers (e.g. Google Analytics with IP anonymization enabled)

All third parties are GDPR-compliant and process data under Data Processing Agreements (Article 28 GDPR).

5. Shopify

Our store is hosted on Shopify Inc.
They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases, and the general Shopify application.
They store your data on secure servers behind a firewall.

6. Behavioural Advertising and Analytics

We may use analytics tools such as Google Analytics to understand how customers use the Site.

  • IP addresses are anonymized

  • Data is used only for aggregated statistics

  • No direct identification of users occurs

You can opt out of Google Analytics by adjusting your cookie preferences.

Legal basis:

  • Consent (Article 6(1)(a) GDPR)

7. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions where applicable

These safeguards ensure an equivalent level of data protection.

8. Data Retention

We retain personal data only for as long as necessary:

  • Order and transaction data: up to 6 years (German Commercial Code §257 HGB)

  • Customer support and return records: as legally required

After expiration, data is securely deleted or anonymized.

9. Cookies

We use cookies to improve your browsing experience.

  • Essential cookies: Required for site functionality

  • Analytics cookies: Used only with consent

You can manage your cookie preferences at any time via our cookie banner or browser settings.

10. Your Rights (GDPR)

You have the right to:

  • Access your personal data

  • Request correction or deletion

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact: privacy@yourcompany.com

We respond within one month.

11. Complaints

If you are not satisfied with our response, you may lodge a complaint with your local supervisory authority.

For Germany:
Bavarian State Office for Data Protection Supervision (BayLDA)

12. Data Security

We protect your data using:

  • TLS 1.3 encryption

  • Access control and authentication

  • Secure hosting infrastructure

In the event of a data breach, we will notify authorities and affected users within 72 hours, as required by Article 33 GDPR.

13. Children’s Information

The Site is not intended for individuals under the age of 16.
We do not knowingly collect personal data from children without verified parental consent.

14. Changes

We may update this Privacy Policy from time to time to reflect legal or operational changes.
Updates will be posted on this page with a revised “Last updated” date.