Privacy policy

Privacy Policy

1) Introduction & Contact Details of the Data Controller
1.1 We’re pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. “Personal data” means all data that can personally identify you.

1.2 The controller for data processing on this website under the EU General Data Protection Regulation (GDPR) is: “LAVIVE LIMITED”. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When You Visit Our Website
If you only use our website for informational purposes—i.e., you do not register or provide us with other information—we collect only those data that your browser transmits to our web server (“server log files”). When you access our website, we collect:

  • The website you visited

  • Date and time of access

  • Amount of data sent in bytes

  • Referrer (the page from which you came)

  • Browser type

  • Operating system used

  • IP address (possibly anonymized)

Processing is based on Art. 6(1)(f) GDPR, our legitimate interest in improving the stability and functionality of our website. We do not share or use this data for any other purpose. However, we reserve the right to review server logs later if there are concrete indications of unlawful use.

3) Hosting & Content Delivery Network – Shopify
We use Shopify International Limited (Dublin, Ireland) and Shopify Inc. (Ottawa, Canada) for hosting and content delivery. All data collected via our website are processed on Shopify’s servers. We have concluded a data processing agreement ensuring data protection and prohibiting unauthorized third-party transfers.

Transfers to Canada are safeguarded by an EU adequacy decision.

4) Cookies
We use cookies—small text files stored on your device—to make your website visit more attractive and enable certain functions. Some cookies are session cookies (deleted when the browser closes); others are persistent and store settings. You can find cookie duration in your browser’s cookie settings.

If any cookies process personal data, the processing is legally based on:

  • Art. 6(1)(b) GDPR (contract fulfillment),

  • Art. 6(1)(a) GDPR (consent), or

  • Art. 6(1)(f) GDPR (legitimate interests for functionality and user-friendly design).

You can configure your browser to inform you about cookie usage and accept or reject cookies individually or entirely. Disabling cookies may restrict the functionality of our website.

5) Contact
When you contact us (e.g., via contact form or email), we process your personal data solely to handle and respond to your inquiry, and only to the extent necessary. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, Art. 6(1)(b) GDPR also applies. Your data will be deleted once the matter is resolved unless legal retention periods apply.

6) Data Processing for Order Fulfillment

6.1 Shipping & Payment
To fulfill contracts (delivery and payment), the personal data you provide are shared with the transport company and financial institution under Art. 6(1)(b) GDPR. If updates to goods with digital elements or digital products are owed, we process your contact data to inform you under our legal obligations (Art. 6(1)(c) GDPR). This data is used strictly for this purpose.

6.2 Shipping Providers
For shipping, we provide your name, delivery address, and, if needed, phone number to a chosen shipping partner strictly for delivery purposes (Art. 6(1)(b) GDPR).

6.3 Use of Payment Service Providers

  • Apple Pay
    Payment via Apple Pay is handled through your Apple device using encrypted transmission (Art. 6(1)(b) GDPR). Transaction data (e.g., device account number, dynamic security code) are sent to our site only so the site can recognize the purchase. Apple retains anonymized transaction data (e.g., approximate purchase amount and time) to improve Apple Pay—no personal data is retained.

  • Masterpayment
    For payment through Masterpayment LTD (London, UK), your payment information and order details are transferred under Art. 6(1)(b) GDPR for payment processing. For deferred payment (e.g., invoice, installment, direct debit), additional personal data (e.g., name, address, birth date, etc.) may be collected. These data may be used under our legitimate interest (Art. 6(1)(f) GDPR) for creditworthiness checks via credit agencies (Creditreform Boniversum, CRIF, SCHUFA). You may object at any time, but some processing may continue if legally required.

  • PayPal
    We offer payment via PayPal (Luxembourg) under Art. 6(1)(b) GDPR. If deferred payment is chosen, additional data may be required. Under Art. 6(1)(f) GDPR, your data may be forwarded for creditworthiness assessment to credit agencies. You can object, but PayPal may still process data if needed for contract fulfillment.

  • PayPal Checkout
    PayPal Checkout may use PayPal-owned and third‑party local payment methods. Payment details are shared under Art. 6(1)(b) GDPR. For credit, direct debit, or “Pay Later” options, credit checks are performed under Art. 6(1)(f) GDPR, potentially involving companies like Ratepay. Data may be forwarded to relevant third parties as required.

  • Shopify Payments
    For Shopify Payments (operated by Shopify International Limited, Ireland), your payment data and order details are shared under Art. 6(1)(b) GDPR solely for payment processing.

7) Your Rights as a Data Subject
7.1 GDPR grants you the following rights regarding your personal data:

  • Right of access (Art. 15),

  • Right to rectification (Art. 16),

  • Right to erasure (“right to be forgotten”; Art. 17),

  • Right to restrict processing (Art. 18),

  • Right to notification (Art. 19),

  • Right to data portability (Art. 20),

  • Right to withdraw consent (Art. 7(3)),

  • Right to lodge a complaint (Art. 77).

7.2 Right to Object
If we process your data based on our legitimate interests, you have the right to object at any time for reasons arising from your particular situation. If you object, we will stop processing your data unless we can prove compelling legitimate grounds or are using it for legal claims.

If your data is used for direct marketing, you may object at any time, and we will cease using your data for such purposes.

8) Data Retention Period
The retention period for personal data depends on the legal basis and processing purpose (e.g., tax and commercial retention periods).

  • Data processed with consent (Art. 6(1)(a)) will be retained until consent is withdrawn.

  • Data for contract performance (Art. 6(1)(b)) will be retained as required by law, then deleted.

  • Data processed under legitimate interests (Art. 6(1)(f)) will be retained until you object or compelling grounds require further retention.

  • Data for direct marketing will be retained until objection.

In other cases, data is deleted when it is no longer required for the purpose for which it was collected.