Privacy Policy

1) Introduction and Information About the Data Controller

We are pleased about your visit to our website and your interest in our offerings. Below, we inform you about how personal data is processed when using our website. Personal data refers to all data that can be used to personally identify you.

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Amirhossein Tashayoee
Dibaldino
Hoffmannstraße 26
09112 Chemnitz
Germany

Phone: +49(0)15560336165
Email: support@dibaldino.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When using our website for informational purposes only, i.e. if you do not actively transmit data to us, we collect only the data that your browser automatically transmits to our server (so-called server log files). This includes in particular:

• Visited website

• Date and time of access

• Amount of data transferred

• Referrer URL

• Browser used

• Operating system used

• IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in ensuring a stable and secure operation of the website. These data are generally not shared with third parties. However, we reserve the right to subsequently review the log files if there are concrete indications of unlawful use.

2.2 SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix in your browser’s address bar and the lock symbol.

3) Hosting and Content Delivery Network

3.1 Shopify

Our website is operated via the platform of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data may also be transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

All data collected on our website are processed on the provider’s servers. A data processing agreement has been concluded with Shopify to ensure the protection of personal data. For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

To optimize loading times and enhance security, we use a content delivery network provided by:

Cloudflare Inc.
101 Townsend St.
San Francisco, CA 94107
USA

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in maintaining a stable and secure website. A data processing agreement is in place. The provider participates in the EU–US Data Privacy Framework.

4) Cookies and Tracking Technologies

Our website uses cookies to provide certain functions and to make usage more user-friendly. Cookies are small text files stored on your device.

Both session cookies (automatically deleted after the end of the session) and persistent cookies (stored for a longer period) are used. Details on storage duration can be found in your browser settings.

Where cookies process personal data, processing is carried out:

• pursuant to Art. 6(1)(b) GDPR for contract performance,

• pursuant to Art. 6(1)(a) GDPR on the basis of your consent, or

• pursuant to Art. 6(1)(f) GDPR to safeguard legitimate interests.

You can restrict or disable cookies at any time via your browser settings. In such cases, the functionality of the website may be limited.

4.1 Cookie Consent Tool (Shopify Cookie Banner)

We use the Shopify Cookie Consent Tool to obtain and manage user consent for the use of cookies and similar technologies. The cookie banner allows users to accept or decline non-essential cookies and to manage their preferences.

The processing is carried out pursuant to Art. 6(1)(c) GDPR to comply with legal obligations and Art. 6(1)(a) GDPR based on user consent. Consent decisions are stored to document compliance with legal requirements.

4.2 Google Analytics (GA4)

This website uses Google Analytics 4, a web analytics service provided by:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Analytics uses cookies and similar technologies to analyze the use of this website. The information generated about your use of this website (including truncated IP addresses) is generally transmitted to and stored on servers operated by Google.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. IP anonymization is enabled. Data may be transferred to servers of Google LLC in the USA. Google participates in the EU–US Data Privacy Framework.

You can revoke your consent at any time via the cookie settings.

4.3 Google Search Console

We use Google Search Console, a service provided by Google, to monitor the technical performance of our website and its visibility in Google search results.

Google Search Console does not use cookies and does not create user profiles. Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in optimizing website performance and search visibility.

4.4 Google Merchant Center

We use Google Merchant Center to display our products in Google Shopping and related Google services.

In this context, product data (such as product name, price, availability, and images) are transmitted to Google. No personal customer data are transmitted by us to Google Merchant Center.

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in marketing our products and improving their visibility.

5) Contact

When you contact us (e.g. via email or contact form), personal data are processed. These data are used exclusively to process your request and for related technical administration.

The legal basis is Art. 6(1)(f) GDPR. If the contact aims at concluding a contract, processing is additionally based on Art. 6(1)(b) GDPR. Data are deleted once your request has been fully processed and no statutory retention obligations apply.

6) Rights of Data Subjects

You have the following rights under the GDPR:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to notification (Art. 19 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to withdraw consent (Art. 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to Object

If we process personal data on the basis of legitimate interests, you have the right to object at any time on grounds arising from your particular situation. In the event of an objection, we will cease processing unless compelling legitimate grounds prevail.

If personal data are processed for direct marketing purposes, you may object at any time. In this case, no further processing for marketing purposes will take place.

7) Storage Duration of Personal Data

The storage duration depends on the respective legal basis, the purpose of processing, and applicable statutory retention periods.

• In the case of consent: until consent is withdrawn

• In the case of contractual processing: until expiry of statutory retention periods

• In the case of legitimate interests: until objection is exercised

Unless otherwise specified, personal data are deleted once they are no longer necessary for the purposes for which they were collected or otherwise processed.