Legal

Privacy Policy

German version is legally binding.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR):

Richard Nadler
Osterwaldstraße 100
80805 Munich, Germany
Email: orders@richardnadler.com

2. Overview of Data Processing

We process personal data only insofar as this is necessary for the provision of our online shop and our services. Processing is carried out on the basis of the legal grounds provided by the GDPR.

3. Hosting and Website Provision

3.1 Vercel (Web Hosting)

Our online shop is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, Vercel automatically collects information in so-called server log files that your browser automatically transmits. These include:

  • IP address of the requesting device
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • HTTP status code
  • Amount of data transferred
  • Referrer URL
  • Browser type and version
  • Operating system

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our online offering).

Vercel is certified under the EU-US Data Privacy Framework (DPF). We have concluded a Data Processing Agreement (DPA) with Vercel.

Further information: https://vercel.com/legal/privacy-policy

4. Order Processing and Payment

4.1 Order Data

When placing an order, we process the following data:

  • First and last name
  • Delivery address
  • Email address
  • Ordered products, quantity, price
  • Payment information (transmitted directly to Stripe, see 4.2)

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Retention period: Order data is stored for the duration of statutory retention obligations (generally 6 years pursuant to § 257 HGB or 10 years pursuant to § 147 AO).

4.2 Stripe (Payment Processing)

We use Stripe for payment processing. The provider for customers in the European Economic Area is Stripe Technology Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

When selecting a payment method, the data required for payment processing (e.g. credit card number, bank details) is transmitted to Stripe. Stripe processes this data partly as an independent controller (e.g. for fraud prevention and legal obligations) and partly as a processor.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Stripe is certified under the EU-US Data Privacy Framework (DPF).

Further information: https://stripe.com/privacy

4.3 Resend (Transactional Emails)

We use Resend (Resend Inc., USA) for sending order confirmations, shipping notifications, and other transaction-related emails.

Your email address and name are transmitted to Resend for this purpose. A Data Processing Agreement (DPA) has been concluded with Resend.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Further information: https://resend.com/legal/privacy-policy

5. Cookies

Our online shop uses only technically necessary cookies required for the operation of the shop (e.g. shopping cart session, payment processing). These cookies are not used for tracking or advertising purposes.

Legal basis: § 25(2)(2) TDDDG (technical necessity).

A separate cookie consent banner is therefore not required.

6. Analytics

We use Vercel Web Analytics and Speed Insights to understand website usage and performance.

No cookies are used for this purpose. No personal data is collected. Only aggregated, anonymized metrics are processed, such as page views, referrers, browser type, and country.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Further information: https://vercel.com/docs/analytics/privacy-policy

7. SSL/TLS Encryption

For security reasons and to protect the transmission of personal data, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the lock symbol in the address bar of your browser.

8. Rights of the Data Subject

You have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, please contact: orders@richardnadler.com

9. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

The competent supervisory authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

10. Currency and Amendments to this Privacy Policy

This privacy policy is current as of March 2026. We reserve the right to amend this privacy policy to adapt it to changes in the legal situation or to changes in our data processing activities.