Privacy policy
Privacy Policy
Introduction and Controller Contact Details 1.1 We appreciate your visit to our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data that can identify you personally.1.2 The controller for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) is Rarehumansclothing Trade GmbH & Co. KG, Kreierest 1, 6858 Schwarzach, Austria, Tel.: +43 699 1705 9619, E‑Mail: help@rarehumansclothing.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
Data Collection When Visiting Our Website 2.1 When you use our website for purely informational purposes, i.e. you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:
The visited website
Date and time of access
Amount of data sent in bytes
Source/referrer URL from which you accessed the site
Browser used
Operating system used
IP address used (possibly in anonymized form) The processing is carried out according to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. We do not share or otherwise use the data. However, we reserve the right to review the server log files if there are concrete indications of illegal use.
2.2 This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize a secure connection by the "https://" in the URL and the lock icon in your browser address bar.
Hosting & Content Delivery Network 3.1 Shopify
We use the system of the following provider for hosting our website and displaying page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data are also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website are processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties. An adequacy decision by the European Commission ensures an adequate level of data protection for data transfers to Canada.
3.2 Cloudflare
We use a Content Delivery Network from: Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of globally distributed servers. The processing is based on our legitimate interest in improving the stability and functionality of our website under Art. 6(1)(f) GDPR. We have a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties. The provider participates in the EU-US Data Privacy Framework, ensuring compliance with the EU level of data protection.
Cookies
We use cookies—small text files stored on your device—to make your visit to our website attractive and to enable the use of certain functions. Some of these cookies are automatically deleted after you close the browser ("session cookies"), while others remain on your device and enable us to store your settings ("persistent cookies"). You can find the storage duration in your browser's cookie settings.
If certain cookies process personal data, the processing is carried out according to Art. 6(1)(b) GDPR for the performance of the contract, Art. 6(1)(a) GDPR with consent, or Art. 6(1)(f) GDPR for our legitimate interest in optimal site functionality and an effective, user-friendly website experience.
You can configure your browser to be informed about cookie settings and to accept or reject cookies individually or in general. Please note that rejecting cookies may limit the functionality of our website.
Contact Methods 5.1 Gorgias
To process customer inquiries, we use the email ticketing system of: Gorgias Inc., 180 Sansome St, Suite 1800, San Francisco, CA 94014, USA. Inquiries sent via our website are stored and organized in the ticket system to ensure chronological processing and to improve service. Personal data (name, first name, email address) are transmitted, stored, and read by the provider for organization and processing. Processing is based on our legitimate interest in efficient customer service under Art. 6(1)(f) GDPR. We have a data processing agreement with Gorgias. Data transfers to the USA are based on EU standard contractual clauses.
5.2 WhatsApp Business
You may contact us via WhatsApp Business (WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). For inquiries related to a specific transaction (e.g. an order), we process your WhatsApp phone number and, if provided, your name under Art. 6(1)(b) GDPR. For general inquiries, we process your phone number and name under Art. 6(1)(f) GDPR for our legitimate interest in efficient communication. Data are used solely to answer your inquiry and are not shared with third parties.
WhatsApp Business accesses the address book of the device used. To ensure that only contacts who have already communicated with us are stored, we use a device containing only those WhatsApp contacts. This ensures that all stored numbers have consented to transfer when first using the app per WhatsApp's terms (Art. 6(1)(a) GDPR). We have a data processing agreement with WhatsApp. Transfers to the USA are secured by the EU-US Data Privacy Framework.
5.3 Other Contact Methods
For contact via web form or email, we process personal data solely to handle and respond to your inquiry under Art. 6(1)(f) GDPR. If the inquiry aims to conclude a contract, Art. 6(1)(b) GDPR additionally applies. Data are deleted once the matter is resolved and no legal retention obligations remain.
Data Processing When Creating a Customer Account
Under Art. 6(1)(b) GDPR, we collect and process personal data necessary to create a customer account. Required data fields are indicated on the form. You may request account deletion at any time by contacting the controller. Data are deleted after account deletion if all contracts are fully completed, no legal retention obligations exist, and no legitimate interest in further storage remains.
Use of Customer Data for Direct Marketing 7.1 Newsletter Signup
When you subscribe to our email newsletter, we send you information about our offers. Your email address is required; other data are optional for personalization. We use double opt-in to ensure consent. By confirming, you consent under Art. 6(1)(a) GDPR. We store your IP address, date and time of subscription. You may unsubscribe at any time via the link in the email or by contacting us; your email address is then removed unless you consent to further use or we have a legal basis.
7.2 Klaviyo
We send our newsletters via Klaviyo, Inc., 125 Summer St, Ste 600, Boston, MA 02110, USA. Based on our legitimate interest in effective marketing under Art. 6(1)(f) GDPR, we share your data with Klaviyo for dispatch. Subject to your consent under Art. 6(1)(a) GDPR, they also conduct statistical analysis via web beacons. Results include opening rates and interaction metrics, stored for analysis but not merged with other data. You may withdraw consent at any time. We have a processing agreement with Klaviyo. Transfers to the USA are covered by the EU-US Data Privacy Framework.
7.3 SMS Marketing
You may sign up for SMS notifications about offers. Your mobile number is required; other data are optional. We use double opt-in. By confirming, you consent under Art. 6(1)(a) GDPR. Date and time of subscription are stored. You may opt out anytime by contacting us; your number is removed unless further use is consented or permitted.
7.4 WhatsApp Newsletter
To subscribe to our WhatsApp newsletter, send "Start" to our WhatsApp Business number. Your number is required. By sending, you consent under Art. 6(1)(a) GDPR. We send discrete messages about offers. Send "Stop" to unsubscribe; your number is removed. WhatsApp Business access to the device address book is minimized as described in section 5.2.
7.5 Product Availability Notifications
For out-of-stock items, you can sign up for an email notification when available. Email is required; other data are optional. We use double opt-in. By confirming, you consent under Art. 6(1)(a) GDPR. We store your ISP IP address, date and time of signup. You may unsubscribe anytime; your data are removed.
7.6 Cart Abandonment Emails
If you abandon your cart before completing a purchase, you can sign up for a one-time email reminder. Email is required; other data are optional. We use double opt-in under Art. 6(1)(a) GDPR. We store your ISP IP address, date and time of signup. You may unsubscribe at any time.
Data Processing for Order Fulfillment 8.1 Delivery and Payment
To fulfill contracts, we share necessary personal data with the delivery company and financial institution under Art. 6(1)(b) GDPR. If we owe updates for goods with digital elements, we use your contact data under Art. 6(1)(c) GDPR strictly for update notifications.
8.2 DHL Fulfillment
We use DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn, Germany, for order processing. Name, address and, if needed, further personal data are shared under Art. 6(1)(b) GDPR strictly for order processing.
8.3 Shipping Service Providers
We use various carriers (Deutsche Post, DHL Paket, DHL Freight, DPD, GLS, Österreichische Post, UPS). If you consent in the order process, we share your email and/or phone under Art. 6(1)(a) GDPR for delivery coordination; otherwise, we share only name and delivery address under Art. 6(1)(b) GDPR. You can withdraw consent at any time.
8.4 Payment Service Providers We use various payment service providers. When you select one of these methods, we forward your payment data (name, address, bank or card details, currency, transaction number) strictly for the purpose of payment processing under Art. 6(1)(b) GDPR. If a provider requires a credit check (e.g. for invoice or installment payment), we additionally transmit your personal details (e.g. birth date, email, phone) under Art. 6(1)(f) GDPR to assess your creditworthiness. You may object to such processing at any time, although the provider may still process data if necessary to perform the contract.
Apple Pay (Apple Distribution International, Cork, Ireland)
Bancontact (Bancontact Payconiq Company, Brussels, Belgium)
EPS (PSA Payment Services Austria, Vienna, Austria)
giropay (paydirekt GmbH, Frankfurt, Germany)
Google Pay (Google Ireland, Dublin, Ireland)
iDeal (Currence Holding, Amsterdam, Netherlands)
Klarna (Klarna Bank AB, Stockholm, Sweden)
PayPal (Europe S.à r.l. et Cie, Luxembourg)
PayPal Checkout
Shopify Payments (Stripe Payments Europe, Dublin, Ireland)
TWINT (TWINT AG, Zurich, Switzerland)
9) Online Marketing We participate in the Goaffpro Affiliate Program (Oxybit Enterprises, India). Clicking affiliate links may set cookies and track orders; this is governed by your consent under Art. 6(1)(a) GDPR and the partner’s privacy policy.
10) Web Analytics Services 10.1 Google Analytics 4 (Google Ireland)
Cookies collect pseudonymized usage data (including truncated IP).
Data stored for two months.
Only active after your opt-in under Art. 6(1)(a) GDPR.
10.2 Google Tag Manager
Does not store personal data but may transmit your IP to Google.
Only active after your opt-in under Art. 6(1)(a) GDPR.
10.3 Klar! (Klar Insights, Munich)
Heatmaps, click and scroll tracking.
Pseudonymized, only after your consent.
10.4 Microsoft Clarity (Microsoft, USA)
Similar pseudonymized behavior analytics.
Active only after your consent.
10.5 PayPal Marketing Solutions
Pseudonymized user behavior tracking via cookies.
Only after your consent.
11) Retargeting/Remarketing & Conversion Tracking 11.1 Meta Pixel (Meta Platforms Ireland)
Extended data matching for Facebook/Instagram ads.
Only after your consent under Art. 6(1)(a) GDPR.
11.2 Google Ads Remarketing (Google Ireland) 11.3 Microsoft Advertising (Microsoft, USA) 11.4 Outbrain (Outbrain Inc., USA) 11.5 Google Ads Conversion Tracking 11.6 Microsoft Universal Event Tracking 11.7 ReConvert (StilyoApps, Israel) 11.8 Reddit Tracking Pixel 11.9 Snap Pixel (Snap Inc., USA) 11.10 TikTok Pixel (TikTok Tech, Ireland) 11.11 Twitter Conversion Tracking
All these only fire after your explicit cookie-consent.
12) Site Functionalities 12.1–12.6 Social Media Plugins (Facebook, Instagram, LinkedIn, Pinterest, Reddit, X)
“2-Click” integration: no data is sent until you activate the plugin.
12.7 YouTube Embeds (Google Ireland) 12.8 Google Sign-In 12.9 Trustpilot 12.10 Google Maps & API 12.11 Google Web Fonts 12.12 Google reCAPTCHA 12.13 Google Translate 12.14 Weglot
Activation and data transfer only occur with your consent where required; basic operation (like reCAPTCHA’s anti-bot checks) may rely on our legitimate interest under Art. 6(1)(f).
13) Tools & Other Services 13.1 Billbee (Billbee GmbH, Germany) – automated bookkeeping. 13.2 Cookie-Consent Tool – mandatory to manage your cookie preferences. 13.3 Yotpo Product Reviews (Yotpo Ltd., Israel) – to verify and display customer reviews.
14) Your Rights as a Data Subject Under Articles 15–20 GDPR and Articles 7 and 77 GDPR, you have the right to:
Access, rectify, erase, restrict processing, object, data portability, withdraw consent, and complain to a supervisory authority.
To object to processing based on legitimate interests, including profiling or direct marketing, at any time.
15) Data Retention
Data processed under consent are retained until withdrawal.
Data under contract performance are kept according to statutory retention periods (e.g. tax and commercial law) and then deleted.
Data under legitimate interest are kept until you object, unless we can prove overriding grounds for continuing processing.
Direct-marketing data are kept until you object.
Otherwise, data are deleted when no longer needed.
© IT-Recht Kanzlei Status: May 24, 2025, 17:21:48



