en
en

Privacy Policy

auri-shop.com website is owned by Elias Harmanus, which is a data controller of your personal data.

We have adopted this Privacy Policy, which determines how we are processing the information collected by auri-shop.com, which also provides the reasons why we must collect certain personal data about you. Therefore, you must read this Privacy Policy before using auri-shop.com website.

We take care of your personal data and undertake to guarantee its confidentiality and security.

Personal information we collect:

When you visit the auri-shop.com, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.” Moreover, we might collect the personal data you provide to us (including but not limited to Name, Surname, Address, payment information, etc.) during registration to be able to fulfill the agreement. We share the email address provided during checkout with our shipping partner DHL. This is done so that DHL can provide customers with shipment-related information, such as tracking updates and delivery notifications. The email address is used solely for the purpose of fulfilling and managing the delivery of the order.

Legal Basis for Processing (Art. 6 GDPR)

We process personal data exclusively on the basis of the legal grounds provided in Art. 6(1) GDPR. Depending on the specific situation, the processing is based on one of the following legal bases:

1. Performance of a Contract – Art. 6(1)(b) GDPR

The processing of personal data is lawful if it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

This includes, in particular:

  • Processing order and payment data

  • Delivery of goods

  • Customer account management

  • Responding to inquiries related to an order

  • Providing digital products or services

Without this data, the contract cannot be concluded or fulfilled.

2. Legitimate Interests – Art. 6(1)(f) GDPR

We process certain personal data to safeguard our legitimate interests, provided that your fundamental rights and freedoms do not override these interests.

Legitimate interests include in particular:

  • Ensuring the technical functionality and security of the website

  • Preventing fraud and misuse

  • IT security and system stability

  • Establishing statistical analyses for website optimization

  • Defending legal claims

In such cases, we carefully balance our interests with your rights.

3. Consent – Art. 6(1)(a) GDPR

If you have given us your explicit consent, we process your personal data on the basis of this consent.

This applies in particular to:

  • Newsletter subscriptions

  • Marketing communications

  • The use of non-essential cookies

  • Analytics or tracking tools

You may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the respective purposes for which it was collected or as required by statutory retention obligations.

1. Order and Contract Data

Personal data collected in connection with orders (e.g., invoices, billing information, transaction records) is stored in accordance with statutory retention obligations under German commercial and tax law.

As a rule, such data is retained for 10 years.

After the expiration of the statutory retention period, the data will be deleted unless further processing is required for the establishment, exercise, or defense of legal claims.

2. Server Log Files

Automatically collected server log data (e.g., IP address, browser information, access time) is stored for security and technical monitoring purposes.

Server log files are generally retained for 7 to 14 days, and in certain cases up to 30 days, depending on security and error analysis requirements.

After this period, the data is automatically deleted unless further retention is necessary to investigate security incidents.

3. Newsletter Data

If you subscribe to our newsletter, your personal data (e.g., email address and consent confirmation) will be stored until you withdraw your consent or unsubscribe from the newsletter.

Consent documentation (e.g., double opt-in confirmation) may be retained for up to 3 years after your last interaction or unsubscribe request, in order to comply with legal documentation and limitation requirements.

You may withdraw your consent at any time with effect for the future.

Payment Service Providers

In order to process payments for orders placed through our online shop, we use external payment service providers. Depending on the payment method selected, personal data will be transmitted to the respective payment provider for the purpose of payment processing.

The processing of payment data is based on Art. 6(1)(b) GDPR (performance of a contract), as it is necessary for the execution of the purchase agreement.

Payment Methods Used

We offer the following payment methods:

  • Visa

  • Mastercard

  • Apple Pay

  • Google Pay

  • Klarna

  • Revolut

  • Blink

  • PayPal

Depending on the selected payment method, the following data may be transmitted to the respective payment provider:

  • First and last name

  • Billing address

  • Shipping address (if required)

  • Email address

  • Order amount

  • Currency

  • Transaction ID

  • IP address (if required for fraud prevention)

  • Payment-related data (e.g., card details, account information – processed directly by the payment provider)

We do not store full credit card or bank account details ourselves. Payment data is processed directly by the respective payment service provider.

Each payment provider acts as an independent data controller with regard to the payment processing. The respective privacy policies of the providers apply.

Payment providers may carry out fraud prevention checks or credit assessments where legally permitted.

Personal data may be transferred to countries outside the European Union where required for payment processing. In such cases, appropriate safeguards in accordance with Art. 44 et seq. GDPR are applied (e.g., adequacy decisions or standard contractual clauses).

Shipping Service Provider

In order to deliver physical goods ordered through our online shop, we transfer the necessary personal data to our shipping service provider.

We use the following shipping provider:

DHL (Deutsche Post DHL Group)

The following personal data may be transmitted for the purpose of delivery:

  • First and last name

  • Shipping address

  • Email address (if required for delivery notification)

  • Telephone number (if required for delivery coordination)

  • Order reference information

The data transfer is carried out exclusively for the purpose of fulfilling the purchase contract and delivering the ordered goods.

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract).

DHL processes the transmitted data under its own responsibility in accordance with its applicable data protection provisions.

Personal data will only be transferred to the extent necessary for the delivery of the goods.

Cookies and Similar Technologies (TTDSG / GDPR)

Use of Cookies

We currently do not use cookies or similar tracking technologies (such as tracking pixels, fingerprinting, advertising tools, or analytics services) that require user consent.

No tracking or marketing technologies are implemented on this website at this time.

Technically Necessary Processing / Server Log Files (No Cookies)

When accessing our website, certain technical data is automatically processed by our hosting provider for the purpose of providing and securing the website.

This may include:

  • IP address

  • Date and time of access

  • Requested page/file

  • Referrer URL

  • Browser type and version

  • Device and operating system information

This processing is technically necessary to:

  • Ensure the proper functioning of the website

  • Maintain IT security and system stability

  • Detect and prevent misuse or cyberattacks

  • Analyze technical errors

The legal basis for this processing is:

  • Art. 6(1)(f) GDPR (legitimate interest in secure and functional website operation)

  • Section 25(2) No. 2 TTDSG, insofar as technically required access to terminal equipment is concerned

No consent is required for this technically necessary processing.

Consent Management (Cookie Banner)

Since we do not currently use any consent-requiring cookies or tracking technologies, we do not use a consent management tool and do not display a cookie banner.

Should we introduce analytics or marketing tools in the future, we will obtain your prior consent through an appropriate consent management system before activating such technologies.

Withdrawal of Consent / Changes to Settings

If consent-based tools are implemented in the future, you will be able to withdraw or modify your consent at any time with effect for the future via the “Cookie Settings” link provided in the footer or within this Privacy Policy.

Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal.

Last updated: February 17, 2026

Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

The supervisory authority responsible for our company is:

The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany

Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de

Lodging a complaint is free of charge.

International Data Transfers (Transfers to Third Countries)

We currently do not use any external services or third-party tools (such as analytics services, marketing tools, embedded maps or videos, newsletter services, or similar integrations) that would result in the transfer of personal data to recipients in third countries outside the European Union (EU) or the European Economic Area (EEA), such as the United States or Canada.

Therefore, no transfer of personal data to third countries currently takes place.

Should we introduce services in the future that involve a transfer of personal data to third countries, we will inform you in advance in this Privacy Policy.

In such cases, any transfer of personal data will only take place in compliance with Art. 44 et seq. GDPR and only if the required legal safeguards are in place. This may include:

  • A transfer based on an adequacy decision of the European Commission (Art. 45 GDPR), or

  • The use of appropriate safeguards such as the EU Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR,

  • and, where necessary, the implementation of additional protective measures to ensure an adequate level of data protection.

Why do we process your data?

Our top priority is customer data security, and, as such, we may process only minimal user data, only as much as it is absolutely necessary to maintain the website. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website usage. This statistical information is not otherwise aggregated in such a way that it would identify any particular user of the system.

You can visit the website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the website’s features, or you wish to receive our newsletter or provide other details by filling a form, you may provide personal data to us, such as your email, first name, last name, city of residence, organization, telephone number. You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website’s features. For example, you won’t be able to receive our Newsletter or contact us directly from the website. Users who are uncertain about what information is mandatory are welcome to contact us via aurimangaka@gmail.com.

Your rights:

If you are a European resident, you have the following rights related to your personal data:

  • The right to be informed.

  • The right of access.

  • The right to rectification.

  • The right to erasure.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object.

  • Rights in relation to automated decision-making and profiling.

If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident, we note that we are processing your information in order to fulfill contracts we might have with you (for example, if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information might be transferred outside of Europe, including Canada and the United States.

Links to other websites:

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

Information security:

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Legal disclosure:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Contact information:

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to aurimangaka@gmail.com.

Contact

Any questions? Feel free to message me anytime.

Email

Contact: aurimangaka@gmail.com

© 2026. All rights reserved.

Imprint

Elias Harmanus, Sole proprietor
c/o SP-Day Impressum-Service
Dr. Lutz Kreutzer
Hauptstraße 8
83395 Freilassing
aurimangaka@gmail.com
Only letters, no small parcels or packages!
The provider of the legal notice (imprint service) is not responsible for the content of this website. In accordance with § 19 UStG, no VAT is charged.

Privacy Policy