Privacy Policy

Last updated: 3rd November 2025

 

1. Data Controller

Stona GmbH

Siegfriedstr. 152

10365 Berlin

Germany

Email: info@iamstona.com

Stona GmbH has not appointed a Data Protection Officer, as this is not required under Art. 37 GDPR and § 38 BDSG.

For any questions regarding data protection or the exercise of your rights, you can contact us at info@iamstona.com.

2. Purpose and Legal Basis of Data Processing

We collect and process personal data only to the extent necessary to process and fulfill online orders placed through our website and to communicate with customers.

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract) and, where applicable, Art. 6(1)(a) GDPR (consent).

We may also use your data to send marketing communications, but only if you have expressly subscribed to our newsletter (see Section 7).

3. Data Categories and Recipients

When you place an order, we process the following personal data:

• Name, billing and shipping address

• Email address and, if provided, telephone number

• Order details (products, prices, payment status)

To fulfill your order, we share necessary data with:

• Shopify International Ltd., 2nd Floor, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland – as our e-commerce platform provider

• Payment service providers: PayPal, Klarna, QuickPay

• Shipping and logistics service providers: see Section 4

• Omnisend (Soundest Ltd., 22 Ganton Street, London W1F 7FD, UK) – for order confirmations and newsletter service

All partners process data solely on our behalf and in compliance with the GDPR.

4. Shipping and Delivery

To deliver your order, we transmit the necessary shipment data — including your name, delivery address, and, where required for delivery coordination, your email address and/or phone number — to our shipping and logistics service providers (for example, DHL, UPS, DPD, or GLS).

The data is shared solely for the purpose of transporting and tracking the shipment.

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract).

5. Payment Processing

Depending on your selected payment method, personal data will be transmitted to one of the following payment providers:

• PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg

• Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden

• QuickPay ApS, Vesterbrogade 18, 1620 Copenhagen V, Denmark

The transfer of data is based on Art. 6(1)(b) GDPR (necessary for contract performance).

Each provider acts as its own data controller.

Please refer to their respective privacy policies:

• PayPal Privacy Policy

• Klarna Privacy Policy

• QuickPay Privacy Policy

6. Newsletter and Marketing Communication (Omnisend)

If you subscribe to our newsletter, we use your email address to send product updates, offers, or brand news through our provider Omnisend, operated by Soundest Ltd., 22 Ganton Street, London W1F 7FD, UK.

The registration process uses a double opt-in system. You will receive an email asking you to confirm your subscription before it becomes active.

The legal basis for this processing is your consent under Art. 6(1)(a) GDPR.

You can withdraw your consent at any time with effect for the future, either by clicking the “unsubscribe” link in any newsletter or by contacting us directly at info@iamstona.com.

For more details, see Omnisend’s Privacy Policy: https://www.omnisend.com/privacy/

7. Reviews (Judge.me)

We use the Judge.me app, provided by Judge.me Ltd., The Courtyard, 30 Worthing Road, Horsham, West Sussex, RH12 1SL, United Kingdom, to collect and display verified customer reviews.

Judge.me processes your email address, name (if provided), order reference, and review content to verify authenticity and publish the review.

Processing occurs under Art. 6(1)(f) GDPR, based on our legitimate interest in providing transparent product feedback.

For details: https://judge.me/privacy

8. Data Storage and Deletion

We store personal data only as long as necessary for order fulfillment, customer service, and legal retention obligations under German tax and commercial law.

Invoice and transaction data are typically retained for 6–10 years (§ 147 AO, § 257 HGB).

Newsletter subscription data is stored until you unsubscribe or withdraw your consent.

After these periods expire, data is deleted or anonymized.

9. Data Security

We use appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access (Art. 32 GDPR).

Payment and order data are transmitted securely via encrypted connections (SSL/TLS).

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

You may also lodge a complaint with the competent supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Alt-Moabit 59–61, 10555 Berlin

https://www.datenschutz-berlin.de

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

The current version is always available on our website.