Privacy policy

This is a courtesy translation provided for convenience. The German version is legally binding.

Privacy Policy

Last updated: 1 July 2026

Controller

This website and this online shop are operated by:

conic new media Owner: Stefan Rienth VYRD.art Reinsburgstraße 166 70197 Stuttgart Germany

E-mail: contact@vyrd.art Phone: +49 1525 6164021

The controller within the meaning of the General Data Protection Regulation (GDPR) is Stefan Rienth.

Introduction

VYRD.art is operated on the Shopify platform. This privacy policy explains which personal data are processed when you visit our website, use the shop, place an order or contact us, for which purposes this is done, on which legal basis, and which rights you have.

Should any provisions in our General Terms and Conditions deviate from this privacy policy, this privacy policy takes precedence with regard to the processing of personal data.

Which personal data do we process?

Personal data are information relating to an identified or identifiable person. Anonymous data, or data anonymised to the extent that no link to your person can be established, are not included. Depending on how you use our shop, we process the following categories:

  • Contact data: name, postal, billing and delivery address, phone number and e-mail address.

  • Contract and order data: works ordered, order history, returns, cancellations and related processes.

  • Payment data: payment method, transaction and payment confirmations. The actual payment processing is handled by our payment service providers (Shopify Payments, PayPal). Full card or account details are processed there and are not stored by us.

  • Account data (if you create a customer account): username, login credentials and account settings.

  • Communication data: information you provide to us in enquiries to customer service.

  • Usage and device data: information about your device, browser, network connection, IP address and your interaction with the website.

Sources of the data

We receive personal data from the following sources:

  • Directly from you: for example when placing an order, creating a customer account or contacting us.

  • Automatically during use: via your device and via cookies and comparable technologies when you visit our website.

  • From our service providers: insofar as they collect or process data on our behalf (e.g. hosting, payment processing, shipping).

Purposes of processing

We process personal data in particular in order to:

  • process your orders, handle payments and organise shipping and collection;

  • provide and manage a customer account, if you create one;

  • handle returns, exchanges and complaints;

  • respond to your enquiries and maintain the business relationship;

  • ensure the security of our shop and prevent fraud;

  • comply with legal obligations.

Legal bases of processing

We process personal data only where a legal basis exists. These are in particular:

  • Art. 6(1)(b) GDPR – for the performance of a contract or in order to take steps prior to entering into a contract, for example for orders, payments, shipping, collection, enquiries or complaints.

  • Art. 6(1)(c) GDPR – for compliance with legal obligations, for example under tax and commercial law retention requirements.

  • Art. 6(1)(f) GDPR – for the purposes of legitimate interests, for example the technical provision and security of the website, the handling of enquiries, fraud prevention and the documentation of business transactions.

  • Art. 6(1)(a) GDPR – on the basis of your consent, for example for the newsletter, for non-essential cookies and for marketing and analytics services. You may revoke any consent given at any time with effect for the future.

Disclosure to third parties and recipients

We only disclose personal data where this is necessary for the performance of the contract, where you have consented, or where we are legally obliged to do so. Recipients may include:

  • Processors who provide services on our behalf (in particular Shopify as the shop and hosting infrastructure, as well as payment and shipping service providers). Data processing agreements pursuant to Art. 28 GDPR are in place with these providers.

  • Payment service providers (Shopify Payments, PayPal), insofar as this is necessary to process your payment.

  • Shipping and logistics partners, insofar as this is necessary to deliver your order.

  • Authorities and courts, insofar as we are legally obliged to disclose data or this is necessary to assert or defend legal claims.

Personal data are currently not disclosed to third parties for the purpose of personalised, cross-merchant advertising. Should analytics or marketing services (e.g. Meta Pixel, Google Analytics or comparable services) be used in future, this will only be done after prior active consent via an appropriate consent solution. This privacy policy will be amended accordingly in that case.

Services and functions used

To operate VYRD.art we use in particular the following services:

  • Shopify – as the shop system and the hosting, cart and checkout infrastructure.

  • Shopify Customer Privacy – for privacy notices and the cookie banner.

  • Shopify Payments and PayPal – for payment processing.

  • Bank transfer / prepayment – as a manual payment method.

  • Translate & Adapt – for language and localisation management.

  • Search & Discovery – for product search, filtering and discoverability of offers.

  • Messaging – for customer communication.

  • Newsletter function – only after prior sign-up and confirmation of your e-mail address (double opt-in).

Analytics and marketing services such as Meta Pixel or Google Analytics will only be used once they have been deliberately activated, listed in this privacy policy and reflected in an appropriate consent solution.

Cookies and consent

We use strictly necessary cookies to enable the operation of the shop, the cart and the checkout; the legal basis is Art. 6(1)(f) GDPR and § 25(2) TDDDG (German Telecommunications Digital Services Data Protection Act). We only use non-essential cookies and analytics and marketing technologies after your active consent via the consent banner (§ 25(1) TDDDG, Art. 6(1)(a) GDPR). You can change your selection at any time via the privacy or cookie settings.

Relationship with Shopify

The website is hosted by Shopify. In doing so, Shopify processes data about your access to and use of the website in order to provide and improve the service. Data may also be transferred to locations outside your country of residence. Insofar as Shopify processes data for its own purposes, Shopify is independently responsible in that respect. Further information can be found in Shopify's privacy policy and in the Shopify privacy portal at https://privacy.shopify.com/en.

International data transfers

Personal data may be processed outside the European Economic Area (EEA) or the United Kingdom. In that case, we rely on recognised transfer mechanisms such as the European Commission's standard contractual clauses or equivalent safeguards, unless the transfer is to a country with a level of data protection recognised as adequate by the European Commission.

Retention period

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention obligations:

  • Data from contract and order processing: for the duration of the business relationship and within the scope of statutory retention obligations.

  • Invoice- and accounting-related data: in accordance with tax and commercial law requirements, generally up to ten years (§ 147 AO, § 257 HGB).

  • Data from enquiries: for as long as necessary for processing and where no retention obligations require otherwise.

  • Newsletter data: until you revoke your consent or unsubscribe.

Data that are no longer required are deleted, provided no statutory retention obligations or other legitimate grounds for further storage exist.

Your rights

Within the scope of the statutory requirements, you have the right of access to the personal data we process about you, the right to rectification of inaccurate data, the right to erasure, the right to restriction of processing and the right to data portability.

Right to object (Art. 21 GDPR): Insofar as we process personal data on the basis of legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. You may object to processing for the purpose of direct marketing at any time without giving reasons.

Insofar as processing is based on your consent, you may revoke it at any time with effect for the future. The lawfulness of processing carried out prior to the revocation remains unaffected.

If you have signed up for a newsletter or comparable marketing e-mails, you can unsubscribe at any time via the unsubscribe link in the respective e-mail. Even after unsubscribing, we may continue to send you non-promotional messages insofar as they are necessary for the performance of the contract (for example regarding orders, payments, shipping or queries).

To exercise your rights, a message to the contact details stated above is sufficient. Where legally required, we may request appropriate verification of your identity before processing your request.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg).

Children's data

Our offer is not directed at children. We do not knowingly collect personal data from persons who have not yet reached the age threshold applicable to them under the law that applies to them (16 years in Germany). If, as a parent or legal guardian, you become aware that a child has provided us with data, please contact us via the contact details above; we will then delete the data concerned.

Data security

We take appropriate technical and organisational measures to protect your data. However, complete protection against any unauthorised access cannot be guaranteed. When transmitting particularly sensitive information, we recommend not using insecure communication channels.

Links to third-party websites

Our website may contain links to third-party websites. We are not responsible for their content or for their privacy and security practices. Please inform yourself about the respective privacy notices before use. Information that you make publicly available on third-party platforms (such as social networks) may be viewed by others.

Changes to this privacy policy

We may amend this privacy policy to reflect changes in our processing or in the legal framework. The current version is published on this website; the date of the last version is updated accordingly.

Contact

If you have any questions about data protection or wish to exercise your rights, please contact:

conic new media Owner: Stefan Rienth VYRD.art Reinsburgstraße 166 70197 Stuttgart Germany E-mail: contact@vyrd.art Phone: +49 1525 6164021