Privacy policy

Spirit Wear – Privacy Policy

Last updated: 12.01.2025 - 2:50pm

Spirit Wear (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you visit our website, place an order, or otherwise interact with us (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Controller and Contact Details

For the purposes of applicable data protection laws (including the General Data Protection Regulation – GDPR), the data controller is:

Spirit Wear
Owner: Andrej Golubovic
Address: Woerthstrasse 44, 65343 Eltville, Hesse, Germany
Email: info@spirit-wear.shop
Website: https://www.spirit-wear.shop/

If you have any questions about this Privacy Policy or our data practices, you can contact us using the details above.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website

  • Customers purchasing our products

  • Individuals contacting us by email, contact form, or social media

  • Newsletter subscribers and marketing contacts

It does not apply to websites, services, or platforms of third parties that we do not control (e.g. Instagram, Facebook, Shopify’s own legal texts). Please refer to their privacy policies separately.

3. Categories of Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

3.1 Identification and Contact Data

  • First and last name

  • Billing and shipping address

  • Email address

  • Phone number (if provided)

3.2 Order and Transaction Data

  • Products ordered, sizes, quantities, and order history

  • Payment status and transaction reference (we do not store full card data)

  • Delivery information (e.g. tracking, delivery status)

3.3 Payment Data

Payments are processed via external payment service providers (e.g. Shopify Payments, PayPal, credit card processors).
We receive only limited payment information (e.g. payment method, result of transaction) – we do not store full credit card numbers.

3.4 Technical and Usage Data

  • IP address

  • Device type, browser type and version

  • Referrer URL

  • Date and time of access

  • Pages visited and interactions (e.g. clicks, cart actions)

  • Cookie identifiers or similar technologies

3.5 Communication and Content Data

  • Messages you send to us (e.g. email, contact form, social media)

  • Your reviews, comments, or testimonials

  • Support requests and our responses

3.6 Marketing and Preference Data

  • Newsletter opt-ins and opt-outs

  • Preferences regarding marketing communications

  • Information about your interaction with our marketing emails (e.g. open and click rates)

We do not knowingly process special categories of personal data (e.g. health data, religious belief as a data category) within the meaning of Art. 9 GDPR, even though our brand content may relate to Christian faith on an ideological level.

4. How We Collect Personal Data

We collect personal data in the following ways:

4.1 Directly from You

  • When you place an order in our online shop

  • When you create or update an account (if available)

  • When you contact us by email, form, or social media

  • When you sign up for our newsletter

  • When you submit reviews, feedback, or similar content

4.2 Automatically When You Use Our Website

  • Through cookies and similar technologies (see Section 7 – Cookies & Similar Technologies)

  • Through server logs and analytics tools

4.3 From Third Parties

  • Payment providers (e.g. confirmation of successful payment)

  • Logistics / shipping companies (e.g. delivery status)

  • Our print-on-demand provider (see Section 6.3)

  • Analytics and marketing tools (aggregated usage data)

5. Purposes and Legal Bases for Processing

We process your personal data only where a legal basis under the GDPR applies. The main purposes and legal bases are:

5.1 To Fulfil and Perform a Contract (Art. 6(1)(b) GDPR)

We process personal data to:

  • Accept, process, and deliver your orders

  • Communicate with you about your order, delivery, or returns

  • Provide customer service and handle support requests

  • Manage payments, invoices, and order confirmations

Relevant data:
Identification and contact data, order and transaction data, payment data, communication data.

5.2 To Comply with Legal Obligations (Art. 6(1)(c) GDPR)

We process personal data to:

  • Comply with tax and accounting obligations

  • Comply with retention requirements under commercial and tax law

  • Fulfil other statutory obligations (e.g. consumer protection rules)

Relevant data:
Order and transaction data, payment data, basic contact data.

5.3 Legitimate Interests (Art. 6(1)(f) GDPR)

We process personal data based on our legitimate interests, for example to:

  • Operate, maintain, and improve our website and Services

  • Prevent fraud, abuse, and security incidents

  • Enforce our terms and conditions and protect our rights

  • Analyse how customers use our website (aggregated, pseudonymised where possible)

  • Display content and offers that may be interesting to our users

We weigh our interests against your rights and freedoms. Where your interests override ours, we do not process data on this basis.

Relevant data:
Technical and usage data, communication data, marketing and preference data.

5.4 Consent (Art. 6(1)(a) GDPR)

In certain cases, we process personal data based on your consent, for example:

  • Sending newsletters and marketing emails

  • Using non-essential cookies and tracking for statistics and marketing

  • Certain types of personalised advertising (where applicable)

You may withdraw your consent at any time with effect for the future (see Section 11).

6. Sharing Personal Data with Third Parties

We only share personal data where this is lawful and necessary.

6.1 Service Providers (Processors)

We use carefully selected service providers who process personal data on our behalf and under our instructions (Art. 28 GDPR), including:

  • Hosting providers & IT infrastructure

  • Email and newsletter tools

  • Customer support tools

  • Analytics tools

  • Payment service providers (as independent controllers or joint controllers in some cases)

We conclude data processing agreements with these providers to ensure GDPR compliance.

6.2 Payment Service Providers

When you pay in our shop, payment is processed via external payment providers (e.g. Shopify Payments, PayPal, credit card processors). These providers are usually independent controllers for the processing of your payment data. Please also review their own privacy policies.

We receive only limited information (e.g. success/failure of payment, payment method, partial details for reconciliation).

6.3 Printful as Fulfilment Partner

We work with Printful (print-on-demand and fulfilment provider) to produce and ship our products. For this purpose, we transmit personal data necessary to fulfil your order, such as:

  • Name

  • Shipping address

  • Possibly phone number and email address for delivery updates

Printful acts as our data processor within the meaning of Art. 28 GDPR. We have concluded appropriate data processing agreements with Printful to ensure that personal data is processed solely according to our instructions and in line with applicable data protection laws.

6.4 Logistics and Shipping Companies

To deliver your order, we share the necessary data with logistics and shipping partners (e.g. name, address, tracking).

6.5 Legal Obligations and Protection of Rights

We may disclose personal data:

  • Where required by law, court order, or authority

  • To enforce our rights, assert or defend legal claims

  • To prevent fraud and misuse of our Services

7. Cookies & Similar Technologies

Our website may use cookies and similar technologies to:

  • Operate and secure the website (necessary cookies)

  • Improve user experience (e.g. remembering language, cart)

  • Analyse usage patterns (statistics)

  • Display relevant marketing content (where applicable)

Where required by law, we use a cookie consent banner that allows you to choose which non-essential cookies you agree to. You can change your cookie settings at any time via the banner or your browser settings.

Further details (types of cookies, retention periods) can be provided in a separate Cookie Policy or within the banner.

8. International Data Transfers

Some of our service providers (including Printful and certain IT or analytics providers) may be located outside the European Economic Area (EEA) or may process data in third countries, such as the United States.

Where personal data is transferred outside the EEA, we ensure an appropriate level of protection in accordance with GDPR, for example by:

  • An adequacy decision of the European Commission, or

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and

  • Additional technical and organisational measures where necessary.

You may contact us for more information on safeguards in place for specific transfers.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described above or as required by law.

General rules (unless otherwise stated):

  • Order and transaction data: retained for the duration of statutory retention periods (usually 6–10 years under tax and commercial law).

  • Customer communication and support requests: retained as long as necessary to process your request and for documentation of our business relationship.

  • Newsletter data: retained until you unsubscribe or withdraw consent.

  • Technical and analytics data: retained for the period defined in our analytics tools or until anonymised.

After expiry of the relevant retention period, we delete or anonymise the personal data unless further processing is required to assert, exercise, or defend legal claims.

10. Data Security

We use appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

These measures include, for example:

  • Encrypted data transmission (HTTPS/SSL)

  • Access controls and authorisation concepts

  • Regular updates and security patches

  • Restricted access to personal data on a need-to-know basis

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security but we continually work to maintain a high level of protection.

11. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

If you are under 18, please do not use our Services and do not provide us with personal data.

If we become aware that we have collected personal data from a minor without appropriate consent, we will delete such data without undue delay.

12. Your Rights under GDPR

If you are located in the European Union, the European Economic Area, or the United Kingdom, you have the following rights regarding your personal data, subject to the conditions and limitations set out in GDPR:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we process personal data about you and to receive a copy of such data.

  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.

  • Right to erasure (Art. 17 GDPR): You can request deletion of personal data, e.g. where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis.

  • Right to restriction of processing (Art. 18 GDPR): You can request limitation of processing in certain cases.

  • Right to data portability (Art. 20 GDPR): You can request to receive the personal data you provided in a structured, commonly used and machine-readable format, and to have this data transmitted to another controller where technically feasible.

  • Right to object (Art. 21 GDPR): You can object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests. If you object to processing for direct marketing, we will stop such processing immediately.

  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time with effect for the future.

13. How to Exercise Your Rights

To exercise any of your rights, please contact us using the contact details in Section 1:

  • By email: info@spirit-wear.shop

  • By post:
    Spirit Wear
    Andrej Golubovic
    Woerthstrasse 44, 65343 Eltville, Hesse, Germany

To protect your data, we may need to verify your identity before we can respond to your request.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

14. Marketing Communications

If you have subscribed to our newsletter or otherwise consented to receive marketing communications, we may use your email address to send you information about our products, offers, and updates.

You can unsubscribe at any time by:

  • Clicking the unsubscribe link in any newsletter, or

  • Contacting us via email and requesting to opt out.

Even if you opt out of marketing communications, we may still send you transactional or service-related messages (e.g. order confirmations, important information about your purchases).

15. Links to Third-Party Websites

Our website may contain links to external websites, services, or content that we do not control. We are not responsible for the privacy practices of such third parties.

We recommend reviewing the privacy policies of any third-party websites you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, Services, or legal requirements.

The latest version is always available on our website. The “Last updated” date at the top indicates when this Privacy Policy was last revised.

Where required by law, we will inform you of material changes and, where necessary, request your consent.

17. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, you can contact us at:

Spirit Wear
Owner: Andrej Golubovic
Address: Woerthstrasse 44, 65343 Eltville, Hesse, Germany
Email: info@spirit-wear.shop
Website: https://www.spirit-wear.shop/