Politique de confidentialité

Privacy Policy

Last updated: June 2026


Introduction

DIBDE GmbH, operating under the trade name DARTO Europe (hereinafter "we", "us" or "our"), operates this store and website to provide you, the customer, with a personalised shopping experience (the "Services"). The Services are powered by Shopify. This Privacy Policy describes how we collect, use and share personal data when you visit, use or make a purchase through the Services or otherwise communicate with us. For the purposes of applicable data protection law, in particular Regulation (EU) 2016/679 (GDPR), DIBDE GmbH is the data controller for your personal data.

Please read this Privacy Policy carefully.


What personal data do we collect or process?

Depending on how you interact with the Services, we may collect or process the following categories of personal data:

Contact details including name, postal address, billing address, shipping address, phone number and email address.

Financial data including payment card information, transaction details, payment method and payment confirmation. Full payment data is not stored by us but processed directly by our payment service provider.

Account information including username, password and account settings.

Transaction information including the items you purchase, return or cancel, as well as your past transactions.

Communications with us including information you provide when contacting us.

Device information including information about your device, browser, network connection, IP address and other unique identifiers.

Usage information including information about your interaction with the Services, including how and when you visit or browse our website.


Sources of personal data

We may collect personal data from the following sources:

Directly from you, when you create an account, make a purchase, use the Services or contact us.

Automatically through the Services, from your device or browser and through the use of cookies and similar technologies.

From our service providers, when they collect or process data on our behalf.


Legal bases for processing

We process your personal data on the following legal bases under Article 6 GDPR:

Performance of a contract (Art. 6(1)(b) GDPR): processing to fulfil your orders, process payments, organise shipping and handle returns and refunds.

Legal obligation (Art. 6(1)(c) GDPR): processing to comply with tax and commercial record-keeping obligations and to respond to requests from public authorities.

Legitimate interests (Art. 6(1)(f) GDPR): processing for fraud prevention, IT security, and improvement of the Services.

Consent (Art. 6(1)(a) GDPR): processing for marketing communications by email and for the use of non-essential cookies and analytics tools. You may withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out prior to withdrawal.


How do we use your personal data?

Providing and improving the Services: processing your orders, payments and deliveries; managing your customer account; handling returns and refunds; providing customer support.

Marketing and advertising: sending marketing emails where you have given your consent or where a legitimate interest exists. You may unsubscribe from marketing emails at any time using the unsubscribe link in our emails.

Security and fraud prevention: authenticating accounts and detecting potentially fraudulent or abusive activity.

Analytics and optimisation: analysing the use of our website to improve our Services, where you have consented to the use of the relevant tools.

Legal purposes: complying with applicable legal obligations and enforcing our rights.


Use of analytics and marketing tools

We may use analytics and marketing tools on our website to understand user behaviour and improve our Services. These may include in particular:

Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): collection and analysis of website usage data. Data may be transferred to the United States; Google has committed to the EU Commission's Standard Contractual Clauses. Further information: https://policies.google.com/privacy.

Meta Pixel (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland): collection of interaction data for the purpose of serving targeted advertising on Meta platforms. Data may be transferred to the United States. Further information: https://www.facebook.com/privacy/policy.

These tools are only used on the basis of your explicit consent, which you can provide through our cookie banner. You may withdraw your consent at any time with effect for the future by adjusting your cookie settings on our website.


Cookies and similar technologies

We use cookies and similar technologies on our website. Technically necessary cookies are used on the basis of our legitimate interest and do not require consent. For all other cookies — in particular analytics and marketing cookies — we obtain your explicit consent through our cookie banner before they are set. For further information please refer to our Cookie Notice.


How do we share personal data?

We only share your personal data where necessary to provide the Services or where required by law. Recipients may include:

Shopify Inc. as the operator of our e-commerce platform.

DHL as our shipping carrier for the delivery of your orders.

Sufio for the automated creation and management of invoices.

Finom as our payment and banking service provider.

Google Workspace for email communication and internal administration.

Mertens Schabow as our tax advisor for the fulfilment of our tax obligations.

Analytics and marketing service providers, where you have given your consent.

Public authorities and law enforcement, where we are legally required to do so.

All service providers are contractually obligated to comply with data protection requirements and process your data exclusively on our behalf and in accordance with our instructions.


Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal data relating to your access to and use of the Services in order to provide and improve them. In certain circumstances, Shopify acts as a data controller for your personal data. Further information can be found in Shopify's Consumer Privacy Policy and at https://privacy.shopify.com.


Third-party websites and links

The Services may contain links to third-party websites. We are not responsible for the privacy or security of such websites. We recommend that you read their privacy policies before submitting any personal data.


Children's data

The Services are not intended for use by persons under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us using the details below.


Security and retention of your data

We take appropriate technical and organisational measures to protect your personal data. However, no transmission over the internet is completely secure and we cannot guarantee absolute security.

Your personal data will only be retained for as long as necessary for the relevant processing purposes. For tax and commercial law purposes — in particular invoices and transaction data — statutory retention periods of up to 10 years apply under § 147 AO and § 257 HGB. After expiry of these periods, data is routinely deleted.


Your rights

As a data subject you have the following rights:

Right of access (Art. 15 GDPR): you may request information about the personal data we process about you.

Right to rectification (Art. 16 GDPR): you may request the correction of inaccurate data.

Right to erasure (Art. 17 GDPR): you may request the deletion of your data under certain conditions.

Right to restriction of processing (Art. 18 GDPR): you may request that we restrict the processing of your data.

Right to data portability (Art. 20 GDPR): you may receive a copy of your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR): you may object at any time to the processing of your data on the basis of legitimate interests.

Right to withdraw consent (Art. 7(3) GDPR): you may withdraw any consent you have given at any time with effect for the future.

To exercise any of these rights please contact us using the details below. We will respond to your request within one month. There are no disadvantages to you for exercising these rights.


Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. The authority competent for DIBDE GmbH is:

Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI) Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany www.datenschutz.hamburg.de


International data transfers

We may transfer your personal data to countries outside the European Economic Area (EEA), in particular to Shopify (Canada/USA) and Google (USA). Such transfers are carried out on the basis of the European Commission's Standard Contractual Clauses pursuant to Art. 46 GDPR or other recognised transfer mechanisms.


Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available on this page. We will notify you of any material changes in accordance with applicable legal requirements.


Contact

For questions about this Privacy Policy or to exercise your rights, please contact us at:

DIBDE GmbH
Clemens-Schultz-Straße 79
20359
Hamburg
Germany
Phone: +49 172 5602926
Email: europe@darto.org