Privacy policy

1) Introduction and Contact Information of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data by which you can be personally identified.

1.2 The data controller responsible for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Björn Möser, www.graspmonkey.de, Am Park 37, 25336 Klein Nordende, Germany, Tel.: +49 4121 7897961, Email: info@graspmonkey.de. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e., without registering or otherwise transmitting information to us, we collect only the data that your browser transmits to the server hosting our site (known as “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: anonymized)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not transferred or used for other purposes. However, we reserve the right to retrospectively check the server log files if there are specific indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller). You can recognize an encrypted connection by the “https://” protocol and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider for hosting our website and displaying its contents: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our visitors’ data and prohibit unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and enable the use of certain functions, we use cookies—small text files stored on your device. Some of these cookies are automatically deleted when the browser is closed (session cookies), while others remain on your device for a longer period to save preferences (persistent cookies). The storage duration can be found in the cookie settings of your browser.

If personal data is processed through cookies, the processing is carried out under:

  • Art. 6(1)(b) GDPR: for contract execution
  • Art. 6(1)(a) GDPR: based on consent
  • Art. 6(1)(f) GDPR: to safeguard our legitimate interests in the best functionality of the website and a user-friendly experience.

You can configure your browser to notify you of cookie settings and decide individually whether to accept or block cookies. Please note that disabling cookies may restrict website functionality.

5) Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed solely to handle and respond to your inquiry to the extent necessary.

Legal basis:

  • Art. 6(1)(f) GDPR: Our legitimate interest in responding to your request.
  • Art. 6(1)(b) GDPR: If the contact aims at contract initiation.

Data will be deleted when the issue is resolved, provided no statutory retention periods apply.

6) Data Processing When Creating a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary when you provide it during the creation of a customer account. The required data is evident from the input form on the website.

You can request the deletion of your customer account at any time by notifying the contact mentioned above. After deleting your account, your data will be deleted unless legal retention periods require further storage, or we have legitimate interest in retaining the data.

7) Use of Customer Data for Direct Advertising

Newsletter Subscription

When subscribing to our newsletter, you will receive regular information about our offers. Only your email address is required to send the newsletter. Additional data is optional and used to personalize the newsletter.

We use the double opt-in process to confirm your subscription. This ensures you receive the newsletter only after verifying your email via a link sent to your address.

Legal basis:

  • Art. 6(1)(a) GDPR: Consent

You can unsubscribe at any time via the link in the newsletter or by contacting the data controller. Upon unsubscribing, your email address will be promptly removed from our mailing list unless further use is legally permissible.

8) Data Processing for Order Fulfillment

8.1 Sending Image Files for Order Processing via Email

Customers may send image files via email for product personalization. The provided files are used exclusively for creating personalized products as described. Once the order is fulfilled, the files are automatically deleted.

8.2 Uploading Image Files for Order Processing

Customers may upload files via an encrypted form on our website for product personalization. These files are also deleted upon order completion.

9) Web Analytics Services

Google Analytics 4

We use Google Analytics 4 for website usage analysis. Processing occurs only with your explicit consent (Art. 6(1)(a) GDPR). More details about data handling, storage, and your rights can be found in Google’s privacy policy.

10) Website Functionalities

10.1 YouTube

Our website embeds videos using YouTube plugins. Viewing these videos may transfer data to YouTube servers in the U.S., depending on your consent (Art. 6(1)(a) GDPR).

10.2 Google Web Fonts

Web Fonts are used to ensure uniform display of text. Data may be transferred to Google servers under the same conditions.

11) Rights of the Data Subject

You have the following rights under GDPR:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint (Art. 77 GDPR)

For further details, you may contact us at the information provided above.