Privacy Policy (Datenschutzerklärung)

(Last updated: [Insert date])

1. Controller (Verantwortlicher)

SCHK Shop
Owner: [Your Name / Company]
[Your Address]
Email: [Your Email]
Website: https://schkshop.com

According to Art. 4(7) GDPR.

2. Data Protection Officer (Datenschutzbeauftragter)

Not required under Art. 37 GDPR.
If this changes, we will update this notice.

3. Data Processing on Our Website

3.1 Server Log Files

The hosting provider automatically collects and stores information that your browser transmits, including:

  • IP address

  • Date and time

  • Referrer URL

  • Browser type and version

  • Operating system

Purpose: technical security (Art. 6(1)(f) GDPR).
Log files are stored for up to 7–30 days depending on the hosting provider.

3.2 Cookies

Our website uses cookies required for:

  • Shopping cart

  • Login sessions

  • WooCommerce functionality

  • Vendor dashboard (Dokan)

  • Fraud prevention and security

Legal basis:

  • Necessary cookies → Art. 6(1)(b) or Art. 6(1)(f)

  • Non-essential cookies (Analytics, personalization) → Consent (Art. 6(1)(a))

A cookie banner (Germanized, Complianz, or CookieYes) is used to collect consent.

4. WooCommerce & Shop System Processing

We process data when you place an order or register an account:

  • Name, address, email

  • Payment information

  • Order history

Purpose:

  • Fulfilment of contract (Art. 6(1)(b))

  • Legal obligations (Art. 6(1)(c)) e.g. German tax law

  • Fraud prevention (Art. 6(1)(f))

4.1 Payments

We use external payment providers. They process payment data independently:

  • PayPal

  • Stripe
    (Insert others if applicable)

Their privacy policy applies.

5. Dokan – Vendor Marketplace Features

Vendor registrations and vendor pages collect:

  • Business profile

  • Store address

  • Tax information (if entered)

  • Product information

  • Uploaded media

Purpose: performance of the marketplace contract (Art. 6(1)(b)).

Vendor reviews and store comments are publicly visible.

6. Contact Form & Email

We store the data you submit through contact forms or email to process your request.
Legal basis: Art. 6(1)(b) or (f).

Data is deleted after the request is finalised unless legal retention applies.

7. Comments & Product Reviews

When you leave a comment or review, we collect:

  • Name

  • Comment

  • IP address (fraud/spam prevention)

  • Browser user agent

Legal basis: Art. 6(1)(f).
Comments remain published unless you request deletion.

8. Media Uploads

If you upload images (e.g. vendors uploading product images), avoid EXIF GPS data.
Visitors may download and extract metadata.

9. Embedded Content from Other Websites

Embedded content (e.g., Instagram, YouTube, Vimeo, etc.) behaves like visiting those websites.
These services may:

  • Collect data

  • Use cookies

  • Track interactions if you are logged in

Legal basis: Consent (Art. 6(1)(a)) where applicable via cookie banner.

10. Google Analytics (Only if activated)

If enabled, Analytics will be used with:

  • IP anonymization

  • Consent via cookie banner

Collected data includes:

  • Device information

  • Browser data

  • Interaction on our website

Legal basis: consent (Art. 6(1)(a)).
Google Ireland Ltd. is used; potential US data transfer exists (Art. 49).

You can withdraw consent at any time through the cookie settings.

11. Who We Share Data With

We share data only when necessary:

  • Hosting provider

  • Payment processors

  • Logistics/shipping companies

  • Vendor merchants (only data required to fulfil orders)

  • Anti-spam detection services (e.g., Akismet/Wordfence if active)

All processors have Art. 28 GDPR agreements.

12. How Long We Store Data

  • Orders: 10 years (German tax law)

  • Customer accounts: Until deletion

  • Vendor accounts: Until deletion

  • Comments: Indefinitely unless deleted

  • Log files: Up to 30 days

  • Contact inquiries: 6–24 months depending on context

13. Your Rights (Art. 12–23 GDPR)

You have the right to:

  • Access your data

  • Correct data

  • Delete data (“right to be forgotten”)

  • Restrict processing

  • Data portability

  • Withdraw consent

  • Object to processing (Art. 21 GDPR)

To exercise these rights:
Email: [Your Email]

14. Where Your Data is Sent

  • Spam detection services

  • Payment processors

  • Shipping service providers

  • Cloud/hosting provider

Some recipients may be outside the EU; transfer occurs only with:

  • Adequacy decision

  • Standard contractual clauses

  • Explicit consent

15. Automated Decision-Making

We do not use automated decision-making or profiling beyond:

  • Fraud prevention tools

  • Necessary shop functions

16. Security

We use SSL encryption and modern security measures to protect your data.

17. Changes to This Privacy Policy

We may update this page if legal or technical requirements change.

Shopping Basket
Scroll to Top