Privacy Policy

1. Controller

The data controller for this website is:

Art Jungle
Berlin, Germany
Email: [email protected]

2. Data We Collect

We collect the following personal data when you interact with our Website:

  • Account data: Name, email address, phone number (optional), password (hashed)
  • Order data: Shipping address, billing address, order history, payment transaction IDs
  • Communication data: Messages sent via our contact form, email correspondence
  • Technical data: IP address, browser type, operating system, pages visited (collected automatically via server logs)

3. How We Use Your Data

We process your personal data for the following purposes:

  • Order fulfilment — Processing and shipping your orders (legal basis: contract performance, Art. 6(1)(b) GDPR)
  • Account management — Maintaining your user account, wishlist, and loyalty points (legal basis: contract performance)
  • Communication — Sending order confirmations, shipping notifications, password resets, and responding to enquiries (legal basis: contract performance and legitimate interest)
  • Newsletter — Sending marketing emails, only with your explicit consent (legal basis: consent, Art. 6(1)(a) GDPR). You can unsubscribe at any time.
  • Security — Bot protection via Cloudflare Turnstile, fraud prevention (legal basis: legitimate interest, Art. 6(1)(f) GDPR)

4. Third-Party Data Processors

We share personal data with the following processors, each under appropriate data processing agreements:

Stripe, Inc.

Purpose: Payment processing. Data shared: Payment details, billing address, email, IP address. Data location: USA (with Standard Contractual Clauses). Stripe Privacy Policy

Sendcloud B.V.

Purpose: Shipping label generation, carrier rate calculation. Data shared: Shipping address, package dimensions, order value. Data location: EU (Netherlands). Sendcloud Privacy Policy

Amazon Web Services (AWS)

Purpose: File storage (product images, uploads). Data shared: Uploaded image files. Data location: EU (Frankfurt, eu-central-1). AWS Privacy Policy

Resend, Inc.

Purpose: Transactional email delivery. Data shared: Email address, name, email content. Data location: USA (with Standard Contractual Clauses). Resend Privacy Policy

Cloudflare, Inc.

Purpose: Bot protection (Turnstile). Data shared: IP address, browser fingerprint, interaction data. Data location: Global CDN, EU processing where possible. Cloudflare Privacy Policy

5. Cookies

We use the following cookies:

  • Session cookie (essential) — Maintains your login session and shopping cart. Expires when you close your browser or after inactivity.
  • CSRF token cookie (essential) — Protects forms against cross-site request forgery attacks.
  • Theme preference (functional) — Remembers your light/dark mode selection. Stored in localStorage.

We do not use third-party tracking cookies, analytics cookies, or advertising cookies.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erase your data (“right to be forgotten”, Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability — Receive your data in a machine-readable format (Art. 20 GDPR)
  • Object to processing based on legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time for consent-based processing (Art. 7(3) GDPR)

To exercise these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Berlin data protection authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit.

7. Data Retention

  • Account data: Retained for as long as your account is active. Deleted upon request.
  • Order data: Retained for 10 years after the order date, as required by German tax and commercial law (§ 147 AO, § 257 HGB).
  • Communication data: Retained for 3 years after the last interaction.
  • Server logs: Automatically deleted after 30 days.

8. Data Security

We implement technical and organisational measures to protect your data, including:

  • TLS/SSL encryption for all data in transit
  • Hashed passwords (scrypt algorithm)
  • CSRF protection on all forms
  • Security headers (Content-Security-Policy, X-Frame-Options, etc.)
  • Regular software updates and security patches

Last updated: June 2025