Privacy policy

1. Controller (Verantwortlicher)

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Uday3.com
Kolonnenstraße 8  
10827 Berlin  
Germany  
Email: support@uday3.com

2. Overview of Data Processing

We process personal data only to the extent necessary to provide a functional website, our services, and to fulfill contractual and legal obligations.

Personal data includes any information that can identify you directly or indirectly.

3. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data based on the following legal grounds:

  • Art. 6(1)(b) GDPR (Contract performance)
    For processing orders, payments, and account management.
  • Art. 6(1)(c) GDPR (Legal obligation)
    For compliance with tax and commercial laws in Germany.
  • Art. 6(1)(f) GDPR (Legitimate interest)
    For website functionality, security, fraud prevention, and business optimization.
  • Art. 6(1)(a) GDPR (Consent)
    For marketing, tracking, and cookies that are not strictly necessary.

4. Hosting and Platform

This website is operated using Shopify.

Shopify processes personal data on our behalf and acts as a data processor under Art. 28 GDPR.

Data may be transferred to third countries (e.g., Canada, USA). Shopify relies on recognized safeguards such as Standard Contractual Clauses.

More information: https://www.shopify.com/legal/privacy

5. Data We Collect

a) When you visit the website

  • IP address
  • Browser type and version
  • Device information
  • Date and time of access
  • Pages visited

Purpose: Website functionality and security
Legal basis: Art. 6(1)(f) GDPR

b) When you place an order

  • Name
  • Billing and shipping address
  • Email address
  • Phone number (if provided)
  • Payment details
  • Order information

Purpose: Order processing and delivery
Legal basis: Art. 6(1)(b) GDPR

c) Customer account

  • Login credentials
  • Order history
  • Preferences

Purpose: Account management
Legal basis: Art. 6(1)(b) GDPR

d) Communication

If you contact us:

  • Email content
  • Name
  • Contact details

Purpose: Customer support
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR

6. Payments

Payment data is processed via external providers (e.g. Stripe, PayPal, Klarna depending on your checkout).

These providers process data independently as controllers.

7. Cookies and Tracking (TTDSG)

We use cookies and similar technologies.

Types of cookies:

  • Necessary cookies (no consent required)
  • Analytics and marketing cookies (require consent)

We only use non-essential cookies after obtaining your consent via a cookie banner.

Legal basis:

  • Necessary cookies → Art. 6(1)(f) GDPR
  • Marketing/analytics → Art. 6(1)(a) GDPR + TTDSG

You can withdraw your consent at any time via the cookie settings on our website.

8. Marketing and Advertising

We may use your data for:

  • Email marketing (e.g. newsletters)
  • Personalized offers
  • Retargeting ads

This is done only with your consent, unless otherwise permitted by law.

You can unsubscribe at any time via the link in emails.

9. Data Sharing

We share personal data only when necessary:

  • With Shopify (hosting and platform)
  • With payment providers
  • With shipping providers
  • With IT and service providers

We have concluded Data Processing Agreements (Art. 28 GDPR) with relevant providers.

10. International Data Transfers

Data may be transferred outside the EU/EEA.

Where this happens, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions (if applicable)

Despite safeguards, transfers to countries like the USA may involve risks.

11. Data Retention

We store personal data only as long as necessary:

  • Order and invoice data → 10 years (legal obligation in Germany)
  • Account data → until deletion request
  • Marketing data → until consent withdrawal
  • Technical logs → usually 7–14 days

12. Your Rights

Under GDPR, you have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Deletion (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7 GDPR)

To exercise your rights, contact: support@uday3.com

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

Competent authority in your region:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

14. Security

We implement technical and organizational measures to protect your data.

However, no transmission over the internet is completely secure.

15. Children

This website is not intended for individuals under 16 years of age.

16. Third-Party Links

Our website may contain links to external websites.
We are not responsible for their content or privacy practices.

17. Changes to This Privacy Policy

We may update this Privacy Policy to comply with legal requirements or reflect changes in our services.