Privacy Policy
Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Bao Trang Nguyen
Rizzastraße 43
56068 Koblenz
Germany
Email: bao.mayen@gmail.com
Website: www.baomayen.de
General Information on Data Processing
We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.
Personal data means any information relating to an identified or identifiable natural person.
Processing is carried out on the following legal bases:
Art. 6(1)(a) GDPR – Consent
Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures
Art. 6(1)(c) GDPR – Legal obligation
Art. 6(1)(f) GDPR – Legitimate interests
If processing is based on Art. 6(1)(f) GDPR, our legitimate interest lies in ensuring the technical functionality, security, and efficient operation of our website and business.
Hosting
Our website is hosted by:
Raidboxes GmbH
Hafenstraße 32
48153 Münster
Germany
We have concluded a data processing agreement pursuant to Art. 28 GDPR.
The servers are located in Germany.
When you visit our website, the following data may be processed automatically:
IP address
Date and time of access
Browser type and version
Operating system
Referrer URL
Accessed pages
This data is required to ensure technical stability and security.
Legal basis: Art. 6(1)(f) GDPR.
Server log files are deleted after a maximum of 14 days.
SSL/TLS Encryption
This website uses SSL/TLS encryption to protect the transmission of confidential content.
Cookies and Consent Management
We use technically necessary cookies to enable:
Shopping cart functionality
Login area
Order processing
Legal basis: Art. 6(1)(f) GDPR.
All non-essential cookies or external services (e.g. externally loaded fonts) are only activated after your explicit consent via a cookie consent tool.
Legal basis: Art. 6(1)(a) GDPR.
You may withdraw your consent at any time with future effect.
You can also delete or block cookies via your browser settings.
Google Fonts
Fonts may be provided by Google LLC.
If fonts are loaded from Google servers, your IP address may be transmitted to servers in the United States.
Data transfers to the USA are based on EU Standard Contractual Clauses in accordance with Art. 46 GDPR. A copy of these safeguards can be requested via the contact details above.
Fonts are only loaded after your explicit consent (Art. 6(1)(a) GDPR).
Further information: https://policies.google.com/privacy
Contact via Email
If you contact us by email, we process:
Name
Email address
Message content
The data is processed solely to handle your request.
Legal basis:
Art. 6(1)(b) GDPR (pre-contractual communication)
Art. 6(1)(f) GDPR (general inquiries)
Data is deleted once your request has been fully resolved, unless statutory retention obligations apply.
Online Shop (WooCommerce)
To operate our online shop, we use:
WooCommerce
WooCommerce processes order and customer data exclusively on our server.
a. Data Collected During Orders
First and last name
Billing and shipping address
Email address
Phone number (if provided)
Payment information
IP address
Order history
Optional customer account:
Username
Encrypted password
b. Purpose of Processing
Contract execution
Payment processing
Shipping
Fraud prevention
Tax and accounting obligations
Customer service
Legal basis: Art. 6(1)(b) GDPR.
Providing the required data is necessary to conclude a contract. Without this information, orders cannot be processed.
Payment Service Providers
Depending on the selected payment method, payment data may be transferred to the respective provider.
a. WooCommerce Payments (Credit Card)
Processed via:
Stripe Payments Europe Ltd.
Data may be transferred to:
Stripe Inc.
Transfers to third countries are based on EU Standard Contractual Clauses (Art. 46 GDPR).
Legal basis: Art. 6(1)(b) GDPR.
b. PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A.
Payment data (name, billing amount, email address, payment details) is transmitted for transaction processing.
Data transfers to third countries may occur and are based on EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR.
c. Klarna
Klarna Bank AB
Klarna may perform a credit check.
Legal basis:
Art. 6(1)(b) GDPR (contract performance)
Art. 6(1)(f) GDPR (legitimate interest in fraud prevention and risk assessment)
d. Google Pay
Google LLC
Data transfers to the USA may occur. Transfers are based on EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR.
e. Apple Pay
Apple Inc.
Data transfers to non-EU countries may occur and are based on EU Standard Contractual Clauses.
Legal basis: Art. 6(1)(b) GDPR.
Shipping Provider
Shipping is carried out via:
DHL Group
The following data is transmitted:
Name
Delivery address
Email address (if required)
Phone number (if required)
Legal basis: Art. 6(1)(b) GDPR.
Storage Period
Order data is stored for 10 years in accordance with German commercial and tax law (§ 257 HGB, § 147 AO).
After expiry of statutory retention periods, the data is deleted.
Customer accounts can be deleted at any time unless statutory obligations prevent deletion.
Social Media Links
We link to profiles on:
TikTok
No social plugins are embedded. Data is only transmitted when you actively click the respective link.
Your Rights
You have the following rights:
Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Withdrawal of consent (Art. 7(3) GDPR)
If processing is based on Art. 6(1)(f) GDPR, you have the right to object at any time for reasons arising from your particular situation.
To exercise your rights, please contact us at the email address above.
Data Sharing
Personal data is only shared with:
Hosting provider
Payment service providers
Shipping providers
Authorities, where legally required
No further data sharing takes place.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority is:
State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz
Germany
Automated Decision-Making
Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.