Menu
Search Search Cart
0
Cart

Privacy policy

Privacy Policy

Last updated: October 16, 2025

This Privacy Policy explains how PARAX GmbH (“we”, “us”, “our”) collects and processes personal data when you visit parax.de (including regional or language versions) or purchase products from our online store – including international orders and shipments.

1. Data Controller

PARAX GmbH
Bockeldamm 19
59199 Bönen
Germany
Email: info@parax.de

Data Protection Contact:
PARAX GmbH – Data Protection
Email: info@parax.de

2. Scope & Definitions

This Privacy Policy applies to all pages under parax.de (including product, blog, and help pages), our social-media profiles, embedded content, and all functions offered through the website (e.g., customer account, cart, checkout, newsletter, product reviews, contact forms, WhatsApp link).

The terms “personal data”, “processing”, “controller”, and “processor” follow Article 4 of the GDPR.
For cookies and similar technologies, the applicable law is the German Telecommunications and Digital Services Data Protection Act (TDDDG).

3. Legal Bases for Processing

We process personal data in accordance with the following legal bases:

  • Art. 6 (1)(b) GDPR – performance of a contract or pre-contractual measures (e.g., orders, payments, support).

  • Art. 6 (1)(c) GDPR – compliance with legal obligations (e.g., tax and commercial recordkeeping).

  • Art. 6 (1)(f) GDPR – legitimate interests (e.g., IT security, fraud prevention, analytics, business operation).

  • Art. 6 (1)(a) GDPR – consent (e.g., marketing, newsletter, non-essential cookies).

4. Hosting / Shop Operation (Shopify)

Our website and online store are hosted on the Shopify platform provided by
Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, Ireland.

Depending on the feature used, data may be transferred to affiliated Shopify entities in Canada or the United States.
Shopify ensures compliance through a Data Processing Addendum, EU Standard Contractual Clauses (SCC), and participation in recognized transfer frameworks.

Data processed: usage data (IP address, timestamps, browser/device information, page views), order details, payment and shipping information, customer account data, and support messages.
Purpose: operating the website and store, checkout, security, fraud prevention, analytics, and delivery of transactional emails.
Legal basis: Art. 6 (1)(b), (c), (f) GDPR; optional features Art. 6 (1)(a) GDPR + § 25 TDDDG.

5. Server Logs & Security

When visiting our site, technical logs (IP address, time, requested URL, referrer, browser, device data) are automatically collected.
Purpose: stability, troubleshooting, and protection against abuse or attacks.
Storage: 7–30 days.
Legal basis: Art. 6 (1)(f) GDPR.

6. Cookies & Consent Management

We use a consent-management system for cookies and similar technologies.
Technically required cookies are set without consent (e.g., cart, session, language, payment, security).
Non-essential cookies (analytics, marketing, comfort functions) are set only with consent (§ 25 TDDDG, Art. 6 (1)(a) GDPR).

Analytics:
We use etracker Analytics in a cookieless mode for anonymous reach measurement (Art. 6 (1)(f) GDPR).
Optional etracker features (A/B tests, comfort settings) run only with consent (Art. 6 (1)(a) GDPR).
Preferences can be adjusted anytime via the “Cookie Settings” link in the footer.

7. Orders, Contract Fulfilment & Customer Accounts

Data collected: name, billing/shipping address, email, optional phone, payment data (token/reference), order and communication details, returns/warranty information.
Purpose: order processing, delivery, invoicing, customer communication, and accounting.
Legal basis: Art. 6 (1)(b) GDPR; for retention Art. 6 (1)(c) GDPR (6–10 years).

B2B accounts may be created by business customers only.
Fraud prevention checks may occur automatically (Art. 6 (1)(f) GDPR; right to human review per Art. 22 (3) GDPR).

8. Payments

Payments are processed by external payment providers.
They receive only the data necessary to complete the transaction (order amount, currency, name, billing/shipping address, email, payment reference).

Available methods:

  • Credit card (via Shopify Payments)

  • PayPal / PayPal Express

  • Klarna (Pay Later / Installments)

  • Bank transfer (prepayment)

  • Express checkout options: Shop Pay, Google Pay, PayPal Express

Legal basis: Art. 6 (1)(b) GDPR; fraud screening Art. 6 (1)(f) GDPR.
Please also review the respective provider’s privacy policy during checkout.

9. Shipping & International Delivery

We ship domestically and internationally with DHL GoGreen.
To fulfil your order, we share delivery details (name, address, optional email/phone for tracking) with DHL.
Legal basis: Art. 6 (1)(b) GDPR.

For cross-border shipments, customs authorities in the destination country may receive necessary data (name, address, contact, product value) to process clearance and taxation under Art. 6 (1)(b) GDPR.
Tracking notifications are provided only if activated by you.

10. Customer Service & Communication

Contact requests via form or email are stored for processing.
Legal basis: Art. 6 (1)(b) or (f) GDPR.

WhatsApp contact: The WhatsApp link activates only when clicked (provider: WhatsApp Ireland Ltd. / Meta). Please do not send payment data via messenger.

Transactional emails: order confirmations, shipping updates, and password resets are system-relevant (Art. 6 (1)(b) GDPR).

11. Newsletter & Direct Marketing

Newsletters and offers are sent only with explicit consent (double opt-in).
Providers: Shopify Email and Mailchimp (The Rocket Science Group LLC, USA).
Open/click rates may be measured anonymously to improve content.

Unsubscribe anytime via the link in each email.
Legal basis: Art. 6 (1)(a) GDPR; § 7 UWG (German Fair Trade Act).

12. Product Reviews (Judge.me)

We use Judge.me for verified product and shop reviews.
Data: order ID, product info, name/pseudonym, email, review text, optional images/videos.
Legal basis: Art. 6 (1)(f) GDPR (social proof); Art. 6 (1)(b)/(a) GDPR for submissions.
Reviews can be removed upon request.

13. Analytics (etracker)

Provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
Data is processed exclusively in Germany.

  • Cookieless mode: basic usage analysis (Art. 6 (1)(f) GDPR).

  • Optional cookies: only with consent (Art. 6 (1)(a) GDPR + § 25 TDDDG).

IP addresses are anonymized immediately; no combination with third-party data.

14. Embedded Content & Social Media

Embedded content (e.g., YouTube videos, Instagram posts) loads only after you actively consent.
Legal basis: Art. 6 (1)(a) GDPR + § 25 TDDDG.

Our profiles on Instagram, Pinterest, TikTok, and YouTube are operated in joint control with the respective platform (Art. 26 GDPR).
Please also review each platform’s privacy policy.

15. International Data Transfers

When service providers outside the EU/EEA are used (e.g., Shopify entities in Canada / USA, Mailchimp, Meta, Google), we ensure compliance through recognized mechanisms:

  • Canada: EU adequacy decision.

  • United Kingdom: EU adequacy decision (2021).

  • Switzerland: compliance with the revised Swiss Data Protection Act (revDSG).

  • United States: providers certified under the EU–US Data Privacy Framework or bound by Standard Contractual Clauses (SCC).

  • Other countries: transfers under Art. 46 GDPR (SCC) or equivalent guarantees.

Where necessary, Transfer Impact Assessments and additional technical measures are implemented.

16. Categories of Recipients

  • Platform / Hosting: Shopify Group (incl. CDN providers)

  • Payments: Shopify Payments, PayPal, Klarna, Bank transfer

  • Shipping: DHL GoGreen (+ notifications if enabled)

  • Reviews: Judge.me

  • Newsletter/Email: Shopify Email, Mailchimp

  • Marketing & Analytics: etracker, Google Ads, Meta Pixel, TikTok Pixel (only with consent)

  • Advisors/Authorities: where legally required (e.g., tax consultant, legal counsel)

17. Retention Periods

Data Type Typical Duration
Orders & Invoices 6–10 years (HGB/AO)
Support emails 12–24 months
Customer accounts until deleted
Consent logs up to 2 years or until withdrawal
Server logs 7–30 days

18. Data Provision Requirement

Providing certain data (e.g., name, address, payment info) is necessary to conclude a purchase.
Without it, order processing is not possible.
Consent-based processing (analytics, marketing) is optional.

19. Your Rights (under GDPR and applicable laws)

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data Portability (Art. 20 GDPR)

  • Object (Art. 21 GDPR)

  • Withdraw Consent (Art. 7 (3) GDPR)

To exercise these rights, email info@parax.de.
We will respond within the statutory period.

20. Right to Object (Art. 21 GDPR)

You may object at any time to processing based on legitimate interests (Art. 6 (1)(f) GDPR).
We will cease processing unless we demonstrate compelling legitimate grounds or legal claims.

21. Supervisory Authority (Germany – NRW)

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany
Phone: +49 (0)211 / 38424-0
Email: poststelle@ldi.nrw.de
Web: www.ldi.nrw.de

22. Updates to This Policy

We update this Privacy Policy as required by law or when technical or organizational changes occur.
The latest version is always available at parax.de/privacy.

×