Privacy Policy

Privacy Policy

1. Data protection at a glance

General information
The following information provides an overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. Detailed information can be found in the full privacy policy below.

Data collection on this website
Data processing on this website is carried out by the controller, see below.
Some data is automatically collected when you visit the site (e.g., IP address, browser, operating system). Other data is actively provided to us by you (e.g., via the contact form or when placing an order).

What do we use your data for?

  • For the technical provision and security of the website

  • For processing orders and payments

  • For communication with customers

  • For statistical analysis and marketing (with your consent)

Your rights
You have the right to free information, rectification, erasure, restriction of processing and objection to data processing at any time, as well as the right to lodge a complaint with the competent supervisory authority.

2. Hosting

Shopify
Our shop is hosted on the Shopify platform (Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, Ireland). The parent company is Shopify Inc., 151 O'Connor Street, Ottawa, Ontario K2P 2L8, Canada.
Shopify processes personal data (e.g., IP address, browser information, payment data, order information) as part of providing and ensuring the security of the online store.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure, efficient presentation), in case of consent Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.
A data processing agreement (DPA) exists with Shopify in accordance with Art. 28 GDPR.
Data transfers to Canada are subject to an adequacy decision by the EU; transfers to the USA are based on standard contractual clauses (SCCs) .

3. Responsible body

MiraCasa – Handmade Design & Candle Art
Owner: Tatjana Frese
Finkenschlagweg 1, 78224 Singen, Germany
Email: info@miracasa-arts.com

4. General Information

Data protection
We treat personal data confidentially and in accordance with the GDPR. Complete protection during internet communication (e.g., email) is technically impossible.

Legal basis

  • Article 6 paragraph 1 letter a GDPR / Section 25 paragraph 1 TTDSG – Consent

  • Article 6 paragraph 1 letter b GDPR – Contract / pre-contractual measures

  • Article 6(1)(c) GDPR – legal obligation

  • Article 6 paragraph 1 letter f GDPR – legitimate interest (security, fraud prevention, statistics)

Storage duration
Personal data will be deleted as soon as the purpose for which it was collected no longer applies or statutory retention periods have expired (usually 6–10 years for invoice data).

Data transfer to third countries
When using Shopify, Google, Meta, or Pinterest, data may be transferred to Canada/the USA. These providers generally use Standard Contractual Clauses (SCCs) . However, an equivalent level of data protection to that in the EU cannot be guaranteed (due to potential access by US authorities).

5. Your rights

You have the right to:

  • Right of access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Consent given can be revoked at any time with effect for the future.

6. Security (SSL/TLS)

This website uses SSL/TLS encryption to protect confidential information (e.g., orders, inquiries). You can recognize an encrypted connection by the "https://" in the browser address bar and the padlock icon.

7. Data collection

Cookies

Our website uses cookies and similar technologies.
Necessary cookies (e.g. shopping cart, login, security) – Art. 6 para. 1 lit. f GDPR.
Analysis/marketing cookies only with consent – ​​Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TTDSG.
You can manage cookies at any time via your browser settings or the cookie banner.

Server log files

Shopify automatically collects: browser type, operating system, referrer URL, IP address, date/time, hostname. This data is used for security, fraud prevention and technical stability (Art. 6 para. 1 lit. f GDPR).

Contact form / Email

When you contact us via the form or by email, your information (name, email, message) will be stored for processing purposes (Art. 6 para. 1 lit. b GDPR). This information will be deleted after the communication is concluded, unless there are legal obligations to retain it.

Customer account / Orders

For orders, we process name, address, email, payment and order data (Art. 6 para. 1 lit. b GDPR). This data is necessary for the fulfillment of the contract.

Payment service provider

  • PayPal (Europe S.à rl et Cie SCA, L-2449 Luxembourg): Payment data is transmitted to PayPal. Privacy statement: www.paypal.com/de/webapps/mpp/ua/privacy-full

  • Credit card / Stripe / Shopify Payments : Payment data is transmitted to the respective service provider for processing (Art. 6 para. 1 lit. b GDPR).

Shipping service provider

For delivery purposes, we pass on address and, if applicable, contact details (email, telephone) to shipping service providers (e.g. Deutsche Post / DHL) (Art. 6 para. 1 lit. b GDPR).

8. Analytics and Marketing Tools

a) Google Analytics (4)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies or similar technologies to statistically analyze your usage behavior (e.g., page views, duration, origin).
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TTDSG).
You can withdraw your consent or deactivate tracking by Google Analytics at any time:
https://tools.google.com/dlpage/gaoptout
Privacy policy: https://policies.google.com/privacy
Data transfers to the USA are based on the EU Standard Contractual Clauses (SCC) .

b) Meta Pixels (Facebook / Instagram)

Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
The Meta Pixel allows you to track visitor behavior after they have seen or clicked on an ad. This enables you to analyze and optimize the effectiveness of Facebook/Instagram advertising.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TTDSG).
Data transfers to the USA are based on standard contractual clauses .
More information: https://www.facebook.com/about/privacy/

c) Pinterest Tag

Provider: Pinterest Europe Ltd., Palmerston House, Fenian Street, Dublin 2, Ireland.
The Pinterest tag is used to analyze and optimize Pinterest advertising. It tracks actions (e.g., page views, purchases, shopping cart actions).
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TTDSG).
Data may be transferred to Pinterest Inc., USA; basis: Standard Contractual Clauses.
More information: https://policy.pinterest.com/de/privacy-policy

9. Newsletter (optional)

When you subscribe to our newsletter, we process your email address, and possibly your name, to keep you regularly informed about news and products.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).
You can unsubscribe at any time via the unsubscribe link in every email.

10. Social Media

Our website may contain links to social networks (e.g., Instagram, Pinterest, Facebook). Simply clicking on the link does not transmit any data. Once you log in to the respective platform, its privacy policy applies.

11. Minors

Our offer is exclusively for persons aged 18 and over.

12. Changes to this declaration

We reserve the right to amend this privacy policy to adapt it to legal requirements or changes to our services.

As of October 2025
Responsible party: Tatjana Frese – MiraCasa Handmade Design & Candle Art
Finkenschlagweg 1, 78224 Singen, Germany
Email: info@miracasa-arts.com