Privacy policy

Last updated: January 17, 2026

1. Controller and Contact Details

The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:
Das Coeur
Polly Bäumler
Clementine-von-Braunmühl-Weg 17
81541 Munich
Email: hello@dascoeur.com
Phone: +49 172 863 3793

2. Overview

This Privacy Policy explains how we collect, use, and process personal data when you visit, use, or make a purchase from our online store (the “Services”).
Our store is hosted on Shopify, which provides the technical infrastructure. Where Shopify processes personal data independently (for example for platform security, analytics, or advertising services), Shopify acts as an independent controller.

3. Categories of Personal Data

We may process the following categories of personal data:
- Contact data: name, billing and shipping address, email address, phone number
- Order and transaction data: purchased items, order history, returns, refunds
- Payment data: payment method and transaction confirmation (payment details are processed by payment providers and are not stored by us)
- Account data: login credentials, preferences
- Communication data: inquiries, customer support messages
- Usage and device data: IP address, browser type, device information, log files
- Marketing data: newsletter subscriptions, consent status, marketing preferences

4. Sources of Personal Data

Personal data is collected:
- directly from you
- automatically through the use of our Services (e.g. cookies and log files)
- from Shopify and other service providers acting on our behalf

5. Purposes and Legal Bases of Processing

We process personal data only where permitted by law. The legal bases under Article 6 GDPR include:
Purpose
Legal Basis
Order processing, payment, shipping
Art. 6(1)(b) GDPR
Customer account management
Art. 6(1)(b) GDPR
Customer support and communication
Art. 6(1)(b), Art. 6(1)(f) GDPR
Fraud prevention and platform security
Art. 6(1)(f) GDPR
Compliance with legal obligations
Art. 6(1)(c) GDPR
Marketing communications (email)
Art. 6(1)(a) GDPR
Website analytics and optimization
Art. 6(1)(a) or Art. 6(1)(f) GDPR
Affiliate tracking and attribution
Art. 6(1)(a) GDPR

6. Marketing Communications

You will receive marketing communications only if you have given your explicit consent or where legally permitted.
You may withdraw your consent at any time by:
- clicking the unsubscribe link in our emails
- contacting us at hello@dascoeur.com
Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure the functionality, security, and optimization of our Services.
Where required by law, non-essential cookies are used only with your consent, which you can manage or withdraw at any time via our cookie banner or browser settings.

8. Affiliate Marketing and Tracking

We participate in affiliate marketing programs. Affiliate links may be used to track referrals to third-party providers through cookies or similar tracking technologies.
When you click on an affiliate link, the respective affiliate partner may process personal data such as IP address, device information, referral URL, and transaction data in order to attribute purchases and calculate affiliate commissions.
Legal Basis
Affiliate tracking is carried out only with your prior consent in accordance with Article 6(1)(a) GDPR. No affiliate tracking cookies are set before you have given your consent. You may withdraw your consent at any time via our cookie settings.
Affiliate Partners
Affiliate tracking may involve affiliate networks or merchants that process personal data under their own responsibility. Further information on data processing can be found in the respective partners’ privacy policies.

9. Disclosure of Personal Data

We may disclose personal data to:
- Shopify and affiliated companies
- Service providers (payment processors, shipping providers, IT services)
- Marketing, analytics, and affiliate partners, where consent has been given
- Public authorities, where legally required
All recipients are contractually obligated to comply with applicable data protection laws.

10. International Data Transfers

Personal data may be transferred outside the EU/EEA.
Where this occurs, we rely on:
- European Commission Standard Contractual Clauses (SCCs)
- Adequacy decisions of the European Commission

11. Data Retention

Personal data is retained only as long as necessary for the respective purpose:
- Order and accounting data: 6–10 years (statutory obligation)
- Account data: until account deletion
- Marketing and affiliate data: until consent withdrawal
- Customer support inquiries: up to 3 years

12. Your Rights Under GDPR

If you reside in the EU/EEA, you have the right to:
- Access your data (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing (Art. 21 GDPR)
- Withdraw consent at any time (Art. 7 GDPR)
Requests can be sent to hello@dascoeur.com.
You also have the right to lodge a complaint with your local data protection authority.

13. Children’s Data

Our Services are not intended for children under 18. We do not knowingly collect personal data from children.

14. Data Security

We implement appropriate technical and organizational security measures. However, no transmission over the internet is completely secure.

15. Third-Party Links

We are not responsible for the privacy practices of third-party websites linked from our Services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available on our website.

17. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
hello@dascoeur.com