Privacy Policy
Privacy Policy
Last updated: May 2026
1. Controller
The controller responsible for the processing of personal data on this website is:
Sweety Toys Plüschtiere GmbH
represented by Gina & Alicia Haasenstrauch
Abtswiesenstr. 3
96215 Lichtenfels
Germany
Email: info@sweety-toys.de
Further information can be found in our legal notice/imprint.
2. General information on data processing
We take the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, your name, address, email address, telephone number, IP address, order data, payment data, shipping data and communication data.
We process personal data only to the extent necessary to provide our online shop, process orders, communicate with customers and interested parties, process payments and shipping, comply with legal obligations or on the basis of your consent.
Processing is carried out in particular on the basis of the following legal grounds:
Art. 6(1)(a) GDPR, where you have given your consent
Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract or for pre-contractual measures
Art. 6(1)(c) GDPR, where we are legally obliged to process data
Art. 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests
3. SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the fact that the browser address bar begins with “https://” and displays a lock symbol.
Encryption is intended to protect data that you transmit to us, in particular order, contact and payment data, from unauthorized access by third parties.
4. Hosting and shop system Shopify
Our online shop is operated via the e-commerce platform Shopify.
Shopify provides us with the technical infrastructure for our online shop. In the course of operating the shop, Shopify may process, in particular, technical access data, order data, customer data, payment information, shipping data, shopping cart information, cookie settings and usage data, insofar as this is necessary for the operation and processing of the shop.
Processing is carried out for the purpose of providing our online shop, processing contracts, ensuring secure technical operation, fraud prevention, payment processing and optimizing our services.
The legal bases are Art. 6(1)(b) GDPR, insofar as processing is necessary for order and contract processing, Art. 6(1)(c) GDPR, insofar as legal obligations exist, and Art. 6(1)(f) GDPR for the secure and economically efficient operation of our online shop.
Shopify may also process personal data outside the European Union or the European Economic Area. Where data is transferred to third countries, this is carried out, according to the provider, on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses or adequacy decisions.
5. Technical infrastructure and content delivery network
Technical infrastructure and content delivery services may be used to deliver our website quickly, securely and reliably. These services help to provide content such as images, scripts, product pages and shop functions more quickly and securely.
In this context, in particular, IP address, browser information, device information, time of access and accessed content may be processed.
Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and fast provision of our online shop.
6. Server log files
When our website is accessed, information is automatically transmitted by the browser of your device to our server or to Shopify and temporarily stored in so-called server log files.
The following data may be collected in particular:
IP address
date and time of access
page accessed
referrer URL
browser used
operating system used
amount of data transferred
requesting provider
Processing is carried out to ensure smooth operation of the website, website security, error analysis and optimization of our services.
The legal basis is Art. 6(1)(f) GDPR.
7. Cookies and similar technologies
Our website uses cookies and similar technologies. Cookies are small text files stored on your device. Similar technologies may include, for example, pixels, tags, local storage technologies or similar recognition mechanisms.
7.1 Technically necessary cookies
Technically necessary cookies are required for our online shop to function properly. These include, in particular, cookies and technologies for:
shopping cart
checkout
payment processing
language settings
currency settings
security
fraud prevention
cookie settings
technical shop functions
Processing is carried out on the basis of Art. 6(1)(f) GDPR and Section 25(2) TDDDG, insofar as storage or access is technically necessary.
7.2 Analytics, marketing and external media cookies
Cookies and similar technologies for statistics, marketing, personalized advertising, conversion measurement or external media are used only if you have previously given your consent via our cookie banner.
This applies in particular to:
Google Analytics
Google Ads Conversion Tracking
Google Merchant Center / Google Shopping in connection with advertising and conversion services
Meta/Facebook Pixel
Instagram/Meta marketing functions
YouTube integrations
The legal basis is your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You may withdraw or change your consent at any time with effect for the future.
8. Cookie banner and consent management
We use a cookie banner to manage your consent.
When you first visit our website, you can choose whether to allow only technically necessary cookies or additionally accept cookies and similar technologies for personalization, marketing and analytics.
Our cookie settings include, in particular, the following categories:
technically necessary cookies
personalization
marketing
analytics
Non-essential categories are not activated by default. You can make your selection using the buttons “Accept all”, “Reject all” or “Save my selection”.
Your selection is stored so that we can take your privacy decision into account. You can change or withdraw your selection at any time via the “Cookie settings” or “Privacy settings” link on our website.
9. Contacting us
If you contact us by email, telephone, contact form or other communication channels, we process the data you provide in order to handle your request.
This may include, in particular:
name
email address
telephone number
content of your message
order number, if provided
other information voluntarily provided
Processing is carried out on the basis of Art. 6(1)(b) GDPR if your request relates to a contract or an order. For general inquiries, processing is carried out on the basis of Art. 6(1)(f) GDPR.
Shopify Inbox / chat function
We use Shopify Inbox on our website, a chat function provided by Shopify, through which you can contact us.
If you use the chat function, we process the data you provide in the chat. This may include, in particular:
name, if provided
email address, if provided
telephone number, if provided
content of your message
order number or information about your order, if provided
technical information relating to the use of the chat function
Processing is carried out for the purpose of handling your request, customer communication and customer service.
The legal basis is Art. 6(1)(b) GDPR if your request relates to an order, a contract or pre-contractual measures. For general inquiries, processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in fast and customer-friendly communication.
The technical provision of the chat function is carried out via Shopify. Shopify may process data insofar as this is necessary for the provision and operation of the chat function.
10. Orders in the online shop
When you place an order in our online shop, we process the personal data required for the order.
This includes, in particular:
first and last name
billing address
shipping address
email address
telephone number, where provided or required for delivery
items ordered
order date
order number
payment method
payment status
shipping information
communication data relating to the order
Processing is carried out for contract processing, delivery, payment, customer communication, handling complaints, returns, warranty cases and compliance with statutory retention obligations.
The legal bases are Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.
Failure to provide the required data would mean that we cannot process your order.
11. Disclosure of data in connection with orders
To process your order, we disclose personal data to service providers only to the extent necessary.
This includes, in particular:
Shopify as the shop and technical platform
payment service providers
shipping service providers
fulfillment and logistics service providers
IT service providers
tax advisors and accounting service providers
authorities, where legally required
Disclosure takes place only insofar as this is necessary for contract processing, payment processing, delivery or compliance with legal obligations.
12. Payment providers
We offer various payment methods in our online shop. Depending on the selected payment method, payment data is transmitted to the respective payment service provider.
We use in particular the following payment providers and payment methods:
PayPal
Klarna
Shopify Payments
credit card
Apple Pay
Google Pay
Shop Pay
Processing is carried out for payment processing and contract fulfillment on the basis of Art. 6(1)(b) GDPR.
Depending on the payment method, in particular name, address, email address, order amount, payment information, invoice data, transaction data, IP address and other payment-related data may be processed.
12.1 PayPal
When paying via PayPal, your payment data is transmitted to PayPal. PayPal processes the data for payment processing. Depending on the payment method, PayPal may carry out further checks, for example for fraud prevention or credit assessment.
12.2 Klarna
When paying via Klarna, your payment and order data is transmitted to Klarna. Klarna may carry out credit checks in connection with the payment methods offered, in particular purchase on account. Processing is carried out by Klarna under its own responsibility.
12.3 Shopify Payments / credit card / Shop Pay
When using Shopify Payments, credit card or Shop Pay, payment processing is carried out via Shopify Payments and the integrated payment service providers. The data required for payment processing is processed, in particular payment amount, invoice data, transaction data and payment status.
12.4 Apple Pay
When paying with Apple Pay, payment processing is carried out via Apple and the participating payment service providers. The transaction data required for payment processing is processed.
12.5 Google Pay
When paying with Google Pay, payment processing is carried out via Google and the participating payment service providers. The transaction data required for payment processing is processed.
13. Shipping service providers
To deliver your order, we transmit the data required for this purpose to the commissioned shipping service provider.
We use in particular:
DHL
DPD
Hermes
GLS
UPS
The data transmitted may include in particular:
name
shipping address
email address
telephone number, where required
tracking number
information relating to the delivery
Processing is carried out for contract fulfillment pursuant to Art. 6(1)(b) GDPR.
Where your email address or telephone number is transmitted to shipping service providers in order to inform you about the shipping status, this is done only insofar as this is necessary for delivery or you have consented to this.
14. Delivery outside the EU / Switzerland / third-country shipping
We also deliver to countries outside Germany and the European Union, in particular Switzerland and other countries.
For deliveries to third countries, it may be necessary to transmit personal data to shipping, customs, import, export and logistics service providers as well as to authorities. This includes in particular name, delivery address, invoice data, contact information, goods value and order details.
Processing is carried out for contract fulfillment pursuant to Art. 6(1)(b) GDPR and to comply with legal obligations pursuant to Art. 6(1)(c) GDPR.
15. Automatic email for abandoned cart
You may receive an automatic email regarding an abandoned cart if you have placed items in the cart or started the checkout process and provided your email address.
This email serves to remind you of the order process that has not been completed.
The email is sent only where there is a legal basis for doing so, in particular where you have given your consent or where the legal requirements for permissible communication with existing customers are met.
The legal basis is Art. 6(1)(a) GDPR, insofar as the email is sent on the basis of your consent, or Art. 6(1)(f) GDPR, insofar as there is a legitimate interest in reminding you of an order process that has been started and no overriding interests oppose this.
You may object to receiving such emails at any time.
16. Google Tags
We use Google Tags or Google tag functions in connection with Google Ads, Google Analytics, Google Merchant Center and Google Shopping.
The provider is Google Ireland Limited.
Google Tags are used to technically integrate Google services, record events in the online shop, carry out conversion measurements and evaluate the effectiveness of advertisements and product listings.
Where consent-based services are loaded via Google Tags, they are used only after your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
17. Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited.
Google Analytics enables us to analyze the use of our website. In this context, the following data in particular may be processed:
IP address
device information
browser information
page views
time spent on the website
click behavior
referrer/source page
approximate location data
conversion data
event data in the shop
Google Analytics is used only if you have consented via our cookie banner to the “Analytics” category or corresponding analytics cookies.
The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You may withdraw your consent at any time via the cookie settings.
18. Google Ads and Conversion Tracking
We use Google Ads and Google Ads Conversion Tracking.
The provider is Google Ireland Limited.
With Google Ads, we place advertisements in Google Search and the Google advertising network. Conversion tracking allows us to determine whether users have performed a specific action after clicking on an advertisement, such as making a purchase, starting checkout, performing a product search or contacting us.
In this context, the following data in particular may be processed:
IP address
cookie IDs
device information
browser information
visited pages
clicks on advertisements
conversion data
order value, where technically transmitted
event data such as product views, shopping cart events and purchase events
Google Ads and Conversion Tracking are used only if you have given your consent.
The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You may withdraw your consent at any time via the cookie settings.
19. Google Merchant Center / Google Shopping
We use Google Merchant Center to provide our product data for Google Shopping, free product listings and Google Ads.
The provider is Google Ireland Limited.
Via Google Merchant Center, product information such as item names, prices, availability, product images, product URLs, shipping information and other product-related information is transmitted to Google.
Product synchronization generally concerns product- and shop-related data. Where personal data is processed in connection with Google Shopping, Google Ads or Conversion Tracking, for example when users click on advertisements, visit pages, add items to the cart or complete purchases, this is done only after your consent, insofar as consent is legally required.
The legal basis for providing and advertising our products is Art. 6(1)(f) GDPR. Where tracking, analytics or marketing technologies are used, processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
20. Google conversion analysis and shop events
As part of the Google services, we use conversion analysis functions. In this context, certain events in our online shop may be recorded and transmitted to Google.
These include, in particular:
page views
product views
search queries in the shop
adding items to the cart
beginning checkout
submission of payment information during checkout
completed purchases
conversion values and order information, where technically required
This data is used to measure and optimize our Google Ads, Google Shopping listings and other Google marketing measures.
Processing for analytics and marketing purposes is carried out only on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
21. Meta Pixel / Facebook / Instagram
We use Meta Pixel and marketing functions of the Meta platforms Facebook and Instagram.
The provider is Meta Platforms Ireland Limited.
With the Meta Pixel, we can measure the effectiveness of our advertisements and create target groups for advertising on Facebook and Instagram.
In this context, the following data in particular may be processed:
IP address
device information
browser information
visited pages
click behavior
shopping cart information
purchase events
conversion data
According to our current settings, the Meta Pixel collects data only if permission for marketing and analytics has been granted.
The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You may withdraw your consent at any time via the cookie settings.
22. YouTube
We embed videos from YouTube on our website.
The provider is Google Ireland Limited.
When you access a page with an embedded YouTube video or play a video, personal data may be transmitted to Google/YouTube. This may include, in particular, IP address, device information, browser information, the page accessed and usage behavior.
Where possible, we use YouTube in extended privacy mode. Nevertheless, data may be transmitted to Google/YouTube, particularly when you actively load or play a video.
YouTube videos are loaded or fully activated only if you have previously given your consent via our cookie banner or by activating the video, insofar as consent is legally required.
The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
You may withdraw your consent at any time via the cookie settings in your browser.
23. Social media presences
We maintain presences on social networks, in particular Facebook and Instagram.
When you visit our social media pages, personal data may be processed by the respective platform provider. In particular, usage data, communication data, profile information and interaction data may be processed.
The privacy policies of the respective providers also apply to processing on the platforms.
If you contact us via social networks, we process your data in order to handle your request.
The legal basis is Art. 6(1)(b) GDPR if your request relates to a contract, and Art. 6(1)(f) GDPR for communication with interested parties and customers.
24. Fraud prevention and security
To prevent misuse, fraud, payment disruptions and attacks on our online shop, technical data, order information, payment information and usage data may be processed.
Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our company, our customers and our online shop against fraud, misuse and security risks.
25. Accounting and statutory retention obligations
We process and store order, invoice, payment and business data in order to comply with tax, commercial and accounting obligations.
The legal basis is Art. 6(1)(c) GDPR.
Documents relevant under commercial and tax law are generally retained for six to ten years.
26. Data transfers to third countries
In connection with the use of Shopify, Google, Meta, payment service providers, shipping service providers or other service providers, personal data may be transferred to countries outside the EU or the EEA, in particular the USA, Canada, Switzerland or other third countries.
A transfer takes place only where the legal requirements are met, in particular on the basis of an adequacy decision by the European Commission, EU Standard Contractual Clauses, binding corporate rules or your consent.
27. Storage period
We store personal data only for as long as necessary for the respective purposes.
Order and contract data are stored for the duration of contract processing and beyond that within the scope of statutory retention periods. Documents relevant under commercial and tax law are generally retained for six to ten years.
Communication data are stored for as long as necessary to handle your request or where statutory retention obligations apply.
Data processed on the basis of your consent are stored until you withdraw your consent, unless another legal basis exists for further storage.
28. Your rights
Subject to the statutory requirements, you have the following rights:
right of access pursuant to Art. 15 GDPR
right to rectification pursuant to Art. 16 GDPR
right to erasure pursuant to Art. 17 GDPR
right to restriction of processing pursuant to Art. 18 GDPR
right to data portability pursuant to Art. 20 GDPR
right to object pursuant to Art. 21 GDPR
right to withdraw consent pursuant to Art. 7(3) GDPR
right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR
You may contact us at any time to exercise your rights.
29. Withdrawal of consent
Where we process personal data on the basis of your consent, you may withdraw this consent at any time with effect for the future.
The lawfulness of processing carried out until withdrawal remains unaffected.
You may change or withdraw your cookie consent at any time via the cookie settings on our website.
30. Right to object
Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.
If personal data is processed for direct marketing purposes, you have the right to object to such processing at any time.
After an objection has been made, we will no longer process the relevant data for these purposes, unless there are compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
31. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is unlawful, you have the right to lodge a complaint with a data protection supervisory authority.
The supervisory authority responsible for our company is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
32. Updates and amendments to this Privacy Policy
We reserve the right to amend this Privacy Policy if legal requirements, technical functions of our website, service providers used or our data processing activities change.
Last updated: 07 May 2026
Submit Withdrawal Request
Please fill out the following form to submit your withdrawal request.
