Privacy policy

Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Perayil – CentroCart
Owner: Sreena Perayil
Address: Geschwister-Scholl-Str. 3, 91058 Erlangen, Germany
Email: mycentrocart@gmail.com

2. Collection and Storage of Personal Data

We collect and process personal data only insofar as this is necessary for the provision of our services, the processing of orders, or when you voluntarily provide data to us.

The personal data processed may include:

  • Name

  • Billing and shipping address

  • Email address

  • Phone number (only if required for delivery)

  • Payment details (processed exclusively by secure third-party payment providers)

  • IP address and browser information (for technical and security purposes)

3. Purpose and Legal Basis of Data Processing

Personal data is processed for the following purposes and legal bases:

  • Order processing and contract fulfillment
    (Art. 6(1)(b) GDPR)

  • Shipping and delivery of products
    (Art. 6(1)(b) GDPR)

  • Customer communication and inquiries
    (Art. 6(1)(f) GDPR – legitimate interest)

  • Payment processing
    (Art. 6(1)(b) GDPR)

  • Compliance with legal obligations (e.g. tax and commercial law retention requirements)
    (Art. 6(1)(c) GDPR)

  • Ensuring website security and technical stability
    (Art. 6(1)(f) GDPR – legitimate interest)

4. Disclosure of Data to Third Parties

Personal data is disclosed to third parties only where this is necessary for the fulfillment of the contract or required by law. These may include:

  • Shipping and logistics providers

  • Payment service providers (e.g. Shopify Payments, PayPal, Stripe, Klarna)

  • IT and hosting providers

All recipients process personal data in compliance with GDPR.

5. Shopify (Hosting & Data Processing)

Our online shop is hosted by Shopify Inc., 151 O’Connor Street, Ottawa, ON K2P 2L8, Canada.

We have concluded a Data Processing Agreement (Data Processing Addendum) with Shopify in accordance with Article 28 GDPR. This agreement ensures that Shopify processes personal data solely in accordance with our instructions and in compliance with GDPR.

6. Third-Country Data Transfers

Shopify is based in Canada, for which an adequacy decision by the European Commission exists.

In addition, personal data may be transferred to servers in the United States. Such transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure an adequate level of data protection in accordance with GDPR.

7. Cookies

Our website uses cookies to ensure proper functionality and improve user experience.

Cookies are small text files stored on your device. You can restrict or disable cookies via your browser settings. Please note that disabling cookies may limit the functionality of the website.

Where legally required, cookies are used only after your consent.

8. Data Retention

We store personal data only for as long as necessary to fulfill contractual and legal obligations.

Data subject to statutory retention obligations (e.g. tax and commercial law) is stored in accordance with applicable legal retention periods.

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Rectification of inaccurate data

  • Erasure of your data

  • Restriction of processing

  • Data portability

  • Object to processing

  • Withdraw consent at any time

To exercise your rights, please contact us at:
mycentrocart@gmail.com

10. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Germany

11. Data Security

We use appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal, technical, or operational changes.