Privacy Policy / Datenschutzerklärung
Last updated: 30 June 2026
1. Data Controller
Monster Intelligenz, Dornröschenstraße 45, 81739 München, Germany, represented by Esma Tosun (Geschäftsführerin), is the data controller responsible for processing your personal data on this website. Contact: [email protected], +49 175 288 2270.
2. What Data We Collect
- Account data: full name, email address, password (stored as a secure hash).
- Google sign-in: if you use Google OAuth, we receive your name and email from Google.
- Order data: billing address, shipping address, ordered products, order history, invoices.
- Payment data: processed directly by Stripe — we never see or store your card details.
- Server logs: IP address, browser type, pages visited — retained for 30 days for security purposes.
3. Legal Basis for Processing (Art. 6 GDPR)
- Art. 6(1)(b) — contract performance: processing your account, orders, and deliveries.
- Art. 6(1)(c) — legal obligation: retaining invoices and tax records.
- Art. 6(1)(f) — legitimate interest: fraud prevention, server security, service improvement.
- Art. 6(1)(a) — consent: non-essential cookies (if any are added in future).
4. Third Parties
- Stripe — payment processing (GDPR-compliant data processing agreement in place).
- Google — optional sign-in via Google OAuth.
- Cloudflare — content delivery and DDoS protection.
- Google Cloud (GCE) — server infrastructure, data centre located in the USA (Standard Contractual Clauses apply).
We do not sell your personal data to any third party.
5. Data Retention
- Invoice and order data: 10 years (§ 147 AO / GoBD statutory retention period).
- Account data: until you request deletion, unless a longer retention is legally required.
- Server logs: 30 days.
6. Cookies
We use only technically essential cookies (session token for login and shopping cart). No tracking, advertising, or analytics cookies are set. You can delete cookies at any time via your browser settings.
7. Your Rights
Under the GDPR you have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure ("right to be forgotten") (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing based on legitimate interest (Art. 21 GDPR)
- Withdraw consent at any time without affecting prior processing (Art. 7(3) GDPR)
To exercise any of these rights, contact us at [email protected].
8. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority. The authority responsible for our registered address is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach
www.lda.bayern.de