Privacy Policy

1) INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how your personal data is handled when using our website. Personal data refers to all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Maya Toronto The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

 

1.3 For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” string and the lock symbol in your browser.

 

2) DATA COLLECTION WHEN VISITING OUR WEBSITE

When you use our website for informational purposes only, we collect only the data that your browser transmits to our server (so-called “server log files”). This includes:

  • Visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Source or reference from which you reached the page

  • Browser used

  • Operating system used

  • IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in ensuring the stability and functionality of the website. The data is not passed on or otherwise used, except in cases of suspected unlawful use.

3) COOKIES

Our website uses cookies to improve usability and enable certain functions. Cookies are small text files stored on your device. Some cookies are deleted after you close your browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). If cookies process personal data, processing is carried out in accordance with:

  • Art. 6(1)(b) GDPR for contract execution, or

  • Art. 6(1)(f) GDPR based on our legitimate interest in a functional and user-friendly website.

4) CONTACTING US

When you contact us (for example via email or contact form), personal data is collected. This data is used solely to process and respond to your inquiry. The legal basis for processing is our legitimate interest under Art. 6(1)(f) GDPR. If your inquiry is related to a contract, Art. 6(1)(b) GDPR applies.

5) DATA PROCESSING FOR CUSTOMER ACCOUNTS AND CONTRACT EXECUTION

Personal data is collected and processed in accordance with Art. 6(1)(b) GDPR when you provide it to complete a purchase or create a customer account. You may request deletion of your customer account at any time.

6) USE OF YOUR DATA FOR DIRECT MARKETING

6.1 Newsletter Subscription If you subscribe to our newsletter, we will send you information about our offers. Only your email address is required. Subscription takes place using the double opt-in procedure.

6.2 Newsletter for Existing Customers If you provided your email address when purchasing products, we may send you offers for similar products. You may object to this use at any time.

7) DATA PROCESSING FOR ORDER HANDLING

7.1 Your personal data will be transmitted to shipping companies and service providers as required to fulfill your order.

7.2 Use of Payment Service Providers PayPal If you choose PayPal as your payment method, payment processing is carried out by PayPal (Europe) S.à r.l. et Cie, S.C.A. Your payment data will be transmitted to PayPal in accordance with Art. 6(1)(b) GDPR solely for payment processing.

8) REVIEW REMINDERS

If you have expressly consented, we may use your email address to send a one-time reminder to submit a review of your purchase. You may withdraw your consent at any time.

9) SOCIAL MEDIA LINKS

Our website may contain links to social media platforms such as Facebook or Instagram. Please refer to their privacy policies for details.

10) ONLINE MARKETING AND ANALYTICS

We may use online marketing and analytics tools to improve our website and advertising efforts based on legitimate interest under Art. 6(1)(f) GDPR or your consent under Art. 6(1)(a) GDPR.

11) RIGHTS OF DATA SUBJECTS

You have the right to:

  • Access your data (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent (Art. 7(3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

12) DATA RETENTION PERIOD

Personal data is stored only for as long as required by statutory retention obligations or as necessary to fulfill contractual purposes. After expiry, data is deleted unless further lawful processing applies.