Privacy policy

PRIVACY POLICY (aurulu / AUREN)


1) Introduction and contact details of the responsible party

1.1 We are pleased that you are visiting our website and thank you for your interest in aurulu. Below, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.

1.2 The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

AUREN
Einzelunternehmen
Inhaber: Aurko Deb Roy Pranto
Zimmerstraße
45127 Essen
Nordrhein-Westfalen
Germany
E-Mail: contact@aurulu.com

USt-IdNr.: DE4600568816

The controller is the natural or legal person who determines the purposes and means of processing personal data.

2) Data collection when visiting our website

2.1 When you use our website for informational purposes only, we collect data that your browser transmits to our server (“server log files”).

These include:

  • Visited website
  • Date and time of access
  • Amount of data transferred
  • Referrer URL
  • Browser type and version
  • Operating system
  • IP address (possibly anonymized)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in ensuring website stability and security.

2.2 This website uses SSL/TLS encryption to protect the transmission of personal data. You can recognize encrypted connections by “https://” and the lock symbol in your browser.

3) Hosting

Shopify

Our website is hosted by:

Shopify International Limited
Victoria Buildings, 2nd Floor
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data may also be transferred to Shopify Inc., Canada.

We have concluded a data processing agreement with Shopify in accordance with Art. 28 GDPR.

Canada ensures an adequate level of data protection based on a European Commission adequacy decision.

4) Cookies

We use cookies to ensure functionality and improve user experience.

Cookies may be:

  • Technically necessary
  • Functional
  • Analytical
  • Marketing-related

Processing is based on:

  • Art. 6(1)(b) GDPR (contract performance)
  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(f) GDPR (legitimate interest)

You can manage cookie settings via our cookie consent tool.

5) Order processing and fulfillment

When you place an order, we collect:

  • Name
  • Billing and shipping address
  • Email address
  • Payment details
  • Order information

Processing is based on Art. 6(1)(b) GDPR (contract performance).

Fulfillment partner: Gelato

To fulfill your order, we transmit necessary order data to:

Gelato
(DPO-compliant print-on-demand production partner)

Data is shared only to the extent required for production and shipping.

A data processing agreement is in place.

6) Payment processing

We use the following payment providers:

Stripe

Stripe Payments Europe Ltd., Ireland

PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

Payment data is processed directly by the provider. We do not store full payment details.

Processing is based on Art. 6(1)(b) GDPR.

7) Meta Pixel

We use Meta Pixel (Meta Platforms Ireland Limited) for marketing and conversion tracking.

This allows us to:

  • Measure advertising effectiveness
  • Optimize campaigns
  • Show relevant advertisements

Data may be transferred to Meta Platforms Inc., USA.

Meta participates in the EU-US Data Privacy Framework.

Processing is based on your consent (Art. 6(1)(a) GDPR).

You can withdraw consent at any time via our cookie tool.

8) Rights of the data subject

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

9) Right of objection

If we process your data based on legitimate interests (Art. 6(1)(f) GDPR), you may object at any time for reasons arising from your particular situation.

If data is processed for direct marketing, you may object at any time without giving reasons.

10) Storage duration

Personal data is stored only as long as necessary:

  • Contractual data: according to commercial and tax retention periods (typically 6–10 years in Germany)
  • Consent-based data: until withdrawal
  • Marketing data: until objection