Privacy Policy (Datenschutzerklärung)

Privacy Policy – AMALUMA

Last updated: 14 november 2025

At AMALUMA, we care about slow fashion, conscious choices, and your peace of mind — including how your personal data is handled.
This Privacy Policy explains what information we collect, why, and how it’s used and protected when you browse or shop at amaluma.com.

We keep things transparent, simple, and aligned with GDPR.

1. Who We Are

Amaluma.studio
(Please add: full legal name / address / registration number if applicable)
Email: amaluma.studio@gmail.com
Website: https://amaluma.studio.com

AMALUMA is the Data Controller, meaning we decide how your personal information is processed.

2. What Personal Data We Collect

We only collect the information necessary to run our website, ship your order, and communicate with you. This includes:

2.1. When you browse the website

  • IP address

  • Device type, browser type

  • Pages visited

  • Cookies (see Section 8)

2.2. When you make a purchase

  • Name

  • Billing address

  • Shipping address

  • Email address

  • Phone number (optional)

  • Order details

  • Payment information (processed securely by our payment provider — we never see your full card details)

2.3. When you create an account

  • Name

  • Email

  • Password (encrypted)

2.4. When you subscribe to the newsletter

  • Email address

  • Language or location preferences (optional)

2.5. When you contact us

  • Email address

  • Any information you share in your message

3. Why We Collect Your Data (Legal Basis)

We process your data under the following GDPR legal bases:

3.1. To fulfil a contract (Article 6.1.b GDPR)

  • To process and deliver your order

  • To send order updates, shipping info, invoices

  • To manage returns and customer support

3.2. With your consent (Article 6.1.a GDPR)

  • When you subscribe to the newsletter

  • When you accept cookies

  • When you choose optional marketing preferences

You can withdraw consent at any time.

3.3. For legitimate interests (Article 6.1.f GDPR)

  • To improve website performance

  • To analyze sales and product trends

  • To prevent fraud or abuse

3.4. To comply with legal obligations (Article 6.1.c GDPR)

  • Tax and accounting requirements

  • Record-keeping

4. How We Use Your Data

Your data is used to provide the best possible shopping experience:

  • Process and deliver your order

  • Communicate with you about purchases

  • Manage your account

  • Send newsletters (only if you opted in)

  • Improve our website and product offering

  • Prevent fraud and keep the website secure

We never sell your data.

5. Sharing Your Data with Third Parties

We only share your information with trusted service providers necessary for operating AMALUMA:

Examples of providers we use:

  • Payment processors (Stripe, PayPal, etc.)

  • Shipping partners (DHL, Hermes, etc.)

  • Newsletter/email provider (Mailchimp, Klaviyo, etc.)

  • Website hosting (Shopify, WooCommerce, etc.)

  • Analytics tools (Google Analytics, Shopify Analytics)

They only receive the data necessary to perform their service and must comply with GDPR.

We never share your data for advertising without your explicit consent.

6. International Transfers

Some of our service providers may be located outside the EU.
When this happens, we ensure your data is protected through:

  • EU-US Data Privacy Framework

  • Standard Contractual Clauses (SCCs)

  • GDPR-compliant safeguards

7. How Long We Keep Your Data

We keep your data only as long as necessary:

  • Orders: 10 years (legal requirement)

  • Customer accounts: until you request deletion

  • Newsletter subscription: until you unsubscribe

  • Cookies: see cookie section

8. Cookies

We use cookies to:

  • Keep your shopping cart active

  • Remember your preferences

  • Improve website performance

  • Analyze traffic

You can control or delete cookies anytime via your browser settings.
More details are in our Cookie Policy (or I can generate one for you).

9. Your Rights Under GDPR

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion (right to be forgotten)

  • Withdraw consent

  • Object to processing

  • Request data portability

  • Limit processing

To exercise any right, email: amaluma.studio@gmail.com

If you believe your rights are not respected, you can also contact your local Data Protection Authority (e.g., Berliner Beauftragte für Datenschutz).

10. Security

We use secure technologies to protect your data, including:

  • Encrypted connections (HTTPS)

  • Secure payment gateways

  • Access controls and password protection

Although no system can be 100% secure, we take all reasonable steps to safeguard your information.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our business or legal requirements.
If changes are significant, we will inform you on our website or via email.

12. Contact Us

For any questions about your data or this Privacy Policy, contact us:
Email: amaluma.studio@gmail.com

We’re here to help — always in a transparent and conscious way.