Privacy policy

1) Introduction and contact details of the responsible party

1.1

We are pleased that you are visiting our website, and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.

1.2

The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is:

Kokkum
Einzelunternehmen
Küllstedter Straße, Berlin – 13055, Germany
E-mail: kokkum.shop@gmail.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

 

2) Data collection when visiting our website

2.1

When you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Website visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you accessed the page

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
The data will not be disclosed or used for any other purpose. However, we reserve the right to subsequently review the server log files should there be concrete indications of unlawful use.

2.2

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the “https://” prefix and the padlock symbol in your browser’s address bar.

 

 

3) Cookies

To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies, which are small text files that are stored on your device.

Some cookies are automatically deleted after you close your browser (session cookies), while others remain on your device for a longer period and allow us to save your website settings (persistent cookies). The storage duration can be found in your browser’s cookie settings.

If cookies process personal data, the processing is carried out on the basis of:

  • Art. 6(1)(b) GDPR for contract performance

  • Art. 6(1)(a) GDPR where consent has been given

  • Art. 6(1)(f) GDPR based on our legitimate interest in ensuring the best possible website functionality

You can configure your browser to notify you about the setting of cookies and decide individually whether to accept them, or exclude cookies entirely.
Please note that if cookies are disabled, the functionality of our website may be limited.

 

 

4) Making contact

When you contact us (e.g., via email or contact form), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary.

The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
If the contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted once the inquiry has been fully processed, provided no statutory retention obligations apply.

 

 

5) Data processing for order processing

Insofar as necessary for contract processing, delivery, and payment, personal data will be transmitted to the following parties pursuant to Art. 6(1)(b) GDPR:

  • Shipping and logistics providers

  • Payment service providers

  • Shopify Inc. as the technical platform operator

Our online store is hosted by Shopify Inc. Shopify provides the e-commerce platform that enables us to sell our products. Your data may be stored through Shopify’s data storage, databases, and general Shopify applications on secure servers behind a firewall.

Payment transactions are processed exclusively through Shopify-supported payment providers. We do not store or have access to complete payment details.

If we are legally required to provide product-related updates (e.g., for goods with digital elements), we will process your contact details pursuant to Art. 6(1)(c) GDPR solely for this purpose.

 

 

6) Rights of the data subject

6.1

You are entitled to the following rights under GDPR:

  • Right of access pursuant to Art. 15 GDPR

  • Right to rectification pursuant to Art. 16 GDPR

  • Right to erasure pursuant to Art. 17 GDPR

  • Right to restriction of processing pursuant to Art. 18 GDPR

  • Right to notification pursuant to Art. 19 GDPR

  • Right to data portability pursuant to Art. 20 GDPR

  • Right to withdraw consent pursuant to Art. 7(3) GDPR

  • Right to lodge a complaint pursuant to Art. 77 GDPR

6.2 Right of objection

If we process your personal data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object at any time to this processing for reasons arising from your particular situation.

If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or the processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time. Upon objection, processing for marketing purposes will cease immediately.

 

 

7) Duration of storage of personal data

The storage duration is determined by the respective legal basis, processing purpose, and statutory retention periods.

  • Data processed on the basis of consent (Art. 6(1)(a) GDPR) is stored until consent is withdrawn

  • Contract-related data (Art. 6(1)(b) GDPR) is stored in accordance with commercial and tax retention obligations

  • Data processed on the basis of legitimate interest (Art. 6(1)(f) GDPR) is stored until objection is raised, unless overriding legitimate grounds exist

Personal data is deleted once it is no longer required for its original purpose and no legal retention obligations apply.

 

 

8) Data security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, or misuse.

 

 

9) Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time to reflect legal changes or changes to our services.

k

 

10) Dispute resolution

The European Commission provides a platform for online dispute resolution (ODR):
https://ec.europa.eu/consumers/odr

We are neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration board.