Privacy Policy

Find the German original Datenschutzerklärung here.

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2
The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

DeCiLo UG (haftungsbeschränkt)
c/o Kreatur Space
Moosdorfstr. 7–9
12435 Berlin
Germany
Tel.: +49 3023255995
Email: hello@decilo.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.

2) Data Collection When Visiting Our Website

If you use our website for informational purposes only—i.e., without registering or otherwise transmitting information—we only collect the data your browser sends to our server (known as “server log files”). When you access our website, we collect the following data, which is technically necessary for displaying the website:

  • Visited website
  • Date and time of access
  • Amount of data sent (in bytes)
  • Source/referrer from which you arrived at the page
  • Browser used
  • Operating system used
  • IP address (possibly anonymized)

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of the website. The data is not disclosed or used otherwise. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files stored on your device. Some of the cookies we use are deleted after the browser session ends (so-called session cookies). Others remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Cookies may collect and process certain user information, such as browser and location data or IP addresses, to varying extents. Persistent cookies are automatically deleted after a predefined period, which may vary depending on the cookie. You can find the storage duration for each cookie in your browser’s cookie settings.

Some cookies serve to simplify ordering processes (e.g., remembering items in a shopping cart for a later visit). Where cookies process personal data, this is based either on Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(a) GDPR (consent), or Art. 6(1)(f) GDPR (our legitimate interest in a functional and user-friendly website).

You can configure your browser to notify you about the use of cookies and decide individually whether to accept them or to exclude cookies for specific cases or in general. Each browser handles cookie settings differently; instructions can be found in the help menu of your browser:

Note: Disabling cookies may restrict the functionality of our website.

4) Contacting Us

When you contact us (e.g., via contact form or email), we collect personal data. The specific data collected through a form is indicated on the form itself. This data is used solely to respond to your inquiry and for related technical administration.

The legal basis for processing this data is our legitimate interest in handling your request in accordance with Art. 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, then Art. 6(1)(b) GDPR also applies.

Your data will be deleted once your request has been fully addressed and no legal retention obligations exist.

5) Data Processing for Customer Account Creation and Contract Fulfillment

Pursuant to Art. 6(1)(b) GDPR, personal data will be collected and processed if you provide it to us for the purpose of fulfilling a contract or opening a customer account. The data collected is shown in the respective input forms.

You may request deletion of your account at any time by contacting the controller at the address above. We use your data solely to fulfill and process the contract. After full contract completion or account deletion, your data will be restricted and deleted following tax and commercial retention periods—unless you have expressly consented to further use or we are legally entitled to further use.

6) Comment Function

When using the comment function on this website, the time the comment was created and the commenter’s chosen name will be stored and displayed along with the comment. Additionally, your IP address will be recorded and stored.

This storage is necessary for security reasons, in case a comment infringes on the rights of third parties or contains unlawful content. Your email address is required so we can contact you if a third party objects to your comment as unlawful.

The legal bases for storing this data are Art. 6(1)(b) and Art. 6(1)(f) GDPR. We reserve the right to delete comments if they are flagged as unlawful by third parties.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

When you sign up for our email newsletter, we will regularly send you information about our offers. Only your email address is required. Providing additional data is voluntary and is used for personalizing the newsletter.

We use a double opt-in process. This means we will only send you a newsletter after you confirm your email address by clicking a link in a confirmation email. By activating the link, you give consent for your data to be used as per Art. 6(1)(a) GDPR.

We store the IP address and timestamp of your subscription for security reasons and to prevent misuse. The data collected is used solely for sending the newsletter and is not shared with third parties.

You can unsubscribe at any time via a link in the newsletter or by contacting us. Upon unsubscribing, your data will be deleted unless you have consented to further use or we have a legal right to retain it.

7.2 Newsletter Delivery via CleverReach

Our newsletters are sent via the provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. We pass on your email address and other signup data to CleverReach, based on our legitimate interest (Art. 6(1)(f) GDPR) in using a secure and user-friendly system.

CleverReach uses this data to send and statistically analyze the newsletters on our behalf. Emails may contain tracking pixels (web beacons) that allow us to see if emails are opened and which links are clicked. We may also track whether a predefined action (e.g., product purchase) followed a click.

Collected data includes:

  • Time of access
  • IP address
  • Browser and OS type

This data is collected pseudonymously and not linked to other personal data.

You can opt out of tracking by unsubscribing from the newsletter.
We have a data processing agreement with CleverReach. More info:

8) Data Processing for Order Handling

8.1 Collaboration with Service Providers

To fulfill your order, we work with service providers who support us in executing contracts. Relevant personal data is passed on as needed:

  • Your delivery data is shared with the shipping company if required for delivery.
  • Your payment data is shared with the payment service provider or bank, as needed for payment processing.

This is done in accordance with Art. 6(1)(b) GDPR. We will inform you separately if additional payment services are used.

8.2 Use of External Shipping Partners

To fulfill delivery obligations, we may pass your name, delivery address, and, if necessary, phone number to selected logistics partners solely for delivery purposes (Art. 6(1)(b) GDPR).

8.3 Use of Payment Service Providers (e.g. PayPal)

If you choose to pay via PayPal (or related options like direct debit or installment payments), your payment data is transferred to:

PayPal (Europe) S.a.r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

This transfer is based on Art. 6(1)(b) GDPR and occurs only to the extent necessary.

PayPal may carry out a credit check for certain payment methods, using your data in accordance with Art. 6(1)(f) GDPR to assess your creditworthiness. This may involve calculating “score values” based on address or other data.

For more details, please see PayPal’s Privacy Policy.
You can object to this use at any time by contacting PayPal.

9) Review Requests

Own Review Reminders
We may use your email address to send you a one-time reminder to submit a review of your order, if you have consented to this (Art. 6(1)(a) GDPR).
You can withdraw your consent at any time by contacting us.

10) Rights of the Data Subject

10.1 Under applicable data protection law, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR):
    You have the right to obtain information about your stored personal data, including purposes of processing, categories of data, recipients, storage duration, origin (if not collected directly from you), existence of automated decision-making including profiling, and safeguards for data transfers to third countries.
  • Right to rectification (Art. 16 GDPR):
    You can request correction of inaccurate or completion of incomplete personal data.
  • Right to erasure (Art. 17 GDPR):
    You can request deletion of your data, provided certain legal conditions are met. This does not apply when processing is required for freedom of expression, legal compliance, public interest, or legal claims.
  • Right to restriction of processing (Art. 18 GDPR):
    You can request restricted processing if:
    • you contest the accuracy of the data,
    • the processing is unlawful but you oppose erasure,
    • we no longer need the data but you require it for legal claims,
    • or you have objected under Art. 21(1) and verification is pending.
  • Right to notification (Art. 19 GDPR):
    If you assert your rights to rectification, erasure, or restriction, we are obliged to notify any recipients of the data—unless this proves impossible or involves disproportionate effort.
  • Right to data portability (Art. 20 GDPR):
    You can request to receive your data in a structured, commonly used format or request its transfer to another controller—where technically feasible.
  • Right to withdraw consent (Art. 7(3) GDPR):
    You may withdraw your consent at any time with future effect. Withdrawal does not affect prior lawful processing.
  • Right to lodge a complaint (Art. 77 GDPR):
    If you believe your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority in your country of residence, workplace, or where the violation occurred.

10.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST UNDER A BALANCING OF INTERESTS (ART. 6(1)(f) GDPR), YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO SUCH PROCESSING WITH FUTURE EFFECT.

IF YOU OBJECT, WE WILL STOP PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR DATA IS USED FOR DIRECT MARKETING, YOU MAY OBJECT AT ANY TIME TO PROCESSING FOR SUCH PURPOSES. IF YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR DIRECT MARKETING.

11) Duration of Storage of Personal Data

The storage period for personal data depends on the legal basis, the purpose of processing, and—if relevant—statutory retention periods (e.g. commercial or tax laws).

  • If processing is based on consent (Art. 6(1)(a) GDPR):
    Data is stored until the consent is withdrawn.
  • If data is required for a contract (Art. 6(1)(b) GDPR):
    Data is stored until full performance of the contract and then deleted unless longer storage is required by law or permitted.
  • If based on legitimate interest (Art. 6(1)(f) GDPR):
    Data is stored until you exercise your right to object under Art. 21(1), unless overriding legitimate grounds exist or legal claims are involved.
  • If used for direct marketing (Art. 6(1)(f) GDPR):
    Data is stored until you object under Art. 21(2) GDPR.

Unless otherwise stated in this privacy policy, your personal data will be deleted when it is no longer needed for its original purpose.