Last updated: [20 August 2025]
Privacy Policy / Datenschutzerklärung
- Privacy Policy / Datenschutzerklärung
- 2. Types of Data We Collect
- 3. Legal Basis for Processing
- 4. How We Use Your Data
- 5. Third-Party Services
- 6. Cookies and Tracking
- 7. Data Retention
- 8. Your Rights Under GDPR
- 9. Data Security
- 10. International Data Transfers
- 11. Childrens Privacy
- 12. Changes to This Privacy Policy
- 13. Contact Information
- 14. Supervisory Authority
The responsible party for data processing on this website is [S Khan], located at [Simon Dach Str.], [Berlin, 10245, Germany]. You can reach us by email at [salam@halacards.com]. As the data controller, we determine the purposes and means of processing your personal data and are committed to protecting your privacy in accordance with the European General Data Protection Regulation (GDPR) and German data protection laws.
2. Types of Data We Collect
2.1 Personal Data You Provide
When you interact with our website, you may voluntarily provide us with personal information through various channels. When you submit contact forms through our JotForm service, we collect your name, email address, and any message content you choose to share with us. If you subscribe to our newsletter, we process your email address through our Brevo email marketing platform. For users who create customer accounts through our WooCommerce system, we collect and store your chosen username, email address, and encrypted password information. Additionally, when you engage with our chatbot feature, we may collect the messages and contact information you voluntarily provide during your interaction with us.
2.2 Automatically Collected Data
Our website automatically collects certain technical information to ensure proper functionality and improve your browsing experience. This includes your IP address, browser type and version, device information, operating system details, the pages you visit on our site, and the time you spend on each page. We also collect cookies and tracking data as detailed in our cookie policy below. Through Google Analytics, we gather anonymized website usage statistics, including page views, user behavior patterns, traffic sources, and general demographic information that helps us understand how visitors use our website.
3. Legal Basis for Processing
We process your personal data only when we have a valid legal basis under GDPR Article 6. We rely on your explicit consent when you subscribe to newsletters, accept cookies for marketing purposes, or voluntarily submit personal information through forms. We process data based on our legitimate interests when conducting website analytics, ensuring security, improving our services, and managing business operations, provided these interests do not override your fundamental rights and freedoms. When you create an account or engage our services, we process data for the performance of our contractual relationship with you. Finally, we may process certain data to comply with legal obligations such as record-keeping requirements or tax regulations that apply to our business.
4. How We Use Your Data
4.1 Website Operation
We use your personal data primarily to provide you with a functional, secure, and personalized website experience. This includes maintaining your customer account if you choose to create one, responding promptly to your inquiries and support requests submitted through our contact forms or chatbot, and continuously improving our website’s performance and user interface based on usage analytics. We also use certain data to ensure the security and integrity of our website, including preventing unauthorized access and protecting against fraudulent activities that could harm you or our business operations.
4.2 Marketing and Communication
With your explicit consent, we will use your email address to send you newsletters that include updates about our services, new affiliate partnerships, and promotional content that we believe may interest you. We analyze website usage patterns and user behavior to better understand our audience and enhance the relevance of the affiliate offers and recommendations we display. This analysis allows us to create a more personalized experience while ensuring that the products and services we recommend through our affiliate partnerships are genuinely useful to our visitors. All marketing communications will include easy options for unsubscribing, and you can withdraw your consent at any time.
4.3 Legal Compliance
We process certain personal data to fulfill our legal obligations as a business operating in Germany and serving EU customers. This includes maintaining records for tax purposes, complying with consumer protection laws, and cooperating with regulatory authorities when required. We also use data processing for fraud prevention and ensuring the security of our website, which serves both our legitimate business interests and helps protect our users from potentially harmful activities.
5. Third-Party Services
5.1 Google Analytics
We use Google Analytics to understand how visitors interact with our website and to improve our content and user experience. Google Analytics processes anonymized usage statistics, page views, user behavior patterns, and traffic sources on our behalf. We rely on our legitimate interest in understanding our website’s performance as the legal basis for this processing. Your data may be processed on Google’s servers located in the EU and US, with appropriate safeguards in place through Google’s compliance with EU-US data transfer agreements. We have configured Google Analytics to retain this data for 26 months, after which it is automatically deleted. You can opt out of Google Analytics tracking through your browser settings or by using Google’s official opt-out browser add-on.
5.2 Brevo (Email Marketing)
For our newsletter and email marketing campaigns, we use Brevo, a professional email marketing platform. Brevo processes your email address and tracks engagement metrics such as email opens and link clicks, but only with your explicit consent obtained through our subscription process. All data is processed on Brevo’s servers located within the European Union, ensuring full GDPR compliance. We retain your email address and associated data until you unsubscribe from our newsletter or withdraw your consent, at which point your information is promptly removed from our mailing lists. You can review Brevo’s comprehensive privacy policy at https://www.brevo.com/legal/privacypolicy/ for additional details about their data processing practices.
5.3 JotForm (Forms and Chatbot)
Our contact forms and chatbot functionality are powered by JotForm, which processes form submissions, chat messages, and any contact details you choose to provide when reaching out to us. We process this data based on your consent when you submit forms and our legitimate interest in responding to your inquiries effectively. JotForm may process your data on servers located in the EU and US, with appropriate data protection safeguards in place. We retain form submissions and chat conversations for as long as necessary to resolve your inquiry and provide adequate customer support, typically no longer than three years. For detailed information about JotForm’s data processing practices, please refer to their privacy policy at https://www.jotform.com/privacy/.
5.4 ieCards Plugin by Infoweb
We use the ieCards plugin developed by Infoweb to provide digital card functionality on our website. This service processes data related to card customization, user preferences, and any personal information you choose to include in your digital cards. We process this data based on the performance of our service to you and our legitimate interest in providing the digital card functionality you request. Data is retained for as long as necessary to provide the service and fulfill any ongoing obligations related to your digital cards.
5.5 Printify (Print-on-Demand)
For our print-on-demand products, we work with Printify as our fulfillment partner. However, it’s important to understand that we act only as an intermediary by redirecting you to Printify’s platform where all order processing, customer data collection, and transaction handling occurs directly between you and Printify. We do not collect, store, or process any payment information, shipping addresses, or order details ourselves. All customer data related to print-on-demand purchases is handled exclusively by Printify according to their terms of service and privacy policy, which you can review at https://printify.com/terms-of-service/. We recommend reading their policies carefully before making any purchases through our referral links.
5.6 Affiliate Partners
As part of our business model, we maintain affiliate partnerships with various merchants and service providers, which means we may earn commissions when you click on our affiliate links and make purchases. When you click on affiliate links, certain referral information may be shared with our partners to track the source of the referral and calculate any commissions due to us. This processing is based on our legitimate interest in operating our affiliate marketing business. We want to be completely transparent that we financially benefit from these partnerships, but this does not influence the integrity of our recommendations. All order processing, customer service, returns, and refunds are handled directly by the merchant partners, and we do not have access to your personal information or payment details from these transactions.
6. Cookies and Tracking
6.1 Essential Cookies
Our website uses essential cookies that are necessary for basic website functionality, security, and maintaining your user session. These cookies enable core features such as user authentication, security measures, shopping cart functionality, and remembering your preferences during your visit. We process these cookies based on our legitimate interest in providing you with a functional website experience. Essential cookies typically expire at the end of your browsing session or remain active only as long as necessary to provide the requested functionality.
6.2 Analytics Cookies
We use analytics cookies, primarily through Google Analytics, to understand how visitors use our website and to improve our content and user experience. These cookies track information such as which pages you visit, how long you spend on each page, and how you navigate through our site. We only set these cookies with your explicit consent, which you can provide or withdraw through our cookie banner. Analytics cookies may remain active for up to 26 months to provide meaningful insights into website usage trends and patterns.
6.3 Marketing Cookies
Marketing cookies help us display more relevant content and affiliate offers based on your interests and browsing behavior. These cookies may track your visits across different websites to build a profile of your interests, enabling us to show you more personalized recommendations. We only use marketing cookies with your explicit consent, and you maintain full control over these preferences. The duration of marketing cookies varies depending on the specific service provider, but you can review and modify your consent choices at any time through our cookie preference center.
You have complete control over cookie settings and can manage your preferences through the cookie banner that appears when you first visit our website. You can also adjust cookie settings directly in your browser, though please note that disabling essential cookies may affect the functionality of our website. We respect your choices and make it easy to modify your cookie preferences at any time.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. Contact inquiries and support requests are typically retained for three years after resolution to ensure we can provide adequate follow-up support and maintain records for potential disputes. Newsletter subscriptions and associated engagement data are kept until you unsubscribe or withdraw your consent, at which point your information is promptly removed from our systems. Analytics data collected through Google Analytics is automatically deleted after 26 months. Customer account information is retained until you request account deletion or we determine the account has been inactive for an extended period. In some cases, we may be required to retain certain information for longer periods to comply with legal obligations such as tax record-keeping requirements, but we always aim to minimize data retention to what is strictly necessary.
8. Your Rights Under GDPR
As a data subject under the General Data Protection Regulation, you have comprehensive rights regarding your personal data. You have the right to access your personal data and receive information about how we process it, including the right to receive a copy of the data we hold about you. If any of your personal information is incorrect or incomplete, you have the right to have it rectified without undue delay. Under certain circumstances, you have the right to erasure of your personal data, commonly known as the “right to be forgotten,” particularly when the data is no longer necessary for the original purpose or when you withdraw consent. You can request restriction of processing, which means we will store your data but not actively process it, and you have the right to data portability, allowing you to receive your personal data in a structured, commonly used format for transfer to another service provider.
You also have the right to object to processing based on our legitimate interests, and we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests. Most importantly, you can withdraw any consent you have given us at any time, though this will not affect the lawfulness of processing based on consent before its withdrawal. To exercise any of these rights, please contact us at [your-email@domain.com], and we will respond to your request within one month as required by law.
9. Data Security
Protecting your personal data is a fundamental priority for our organization, and we implement comprehensive technical and organizational measures to ensure appropriate security. All data transmission between your device and our servers is protected by SSL encryption, ensuring that sensitive information cannot be intercepted during transfer. We maintain regular security updates and monitoring systems to protect against unauthorized access, data breaches, and other security threats. Access to personal data within our organization is strictly controlled on a need-to-know basis, and we implement data minimization principles to ensure we only collect and process data that is necessary for our stated purposes.
Our hosting infrastructure includes secure backup procedures and redundancy measures to protect against data loss, and we regularly review and update our security practices to address evolving threats. We also ensure that all third-party service providers we work with maintain appropriate security standards and have signed data processing agreements that require them to protect your data with the same level of care that we do.
10. International Data Transfers
Some of our service providers may process your personal data outside the European Union, but we ensure that appropriate safeguards are in place to protect your data during any international transfers. When data is transferred to countries outside the EU, we rely on adequacy decisions made by the European Commission, which determine that certain countries provide an adequate level of data protection equivalent to EU standards. For transfers to countries without adequacy decisions, we use standard contractual clauses approved by the European Commission, certification schemes, or other appropriate safeguards as required by GDPR Article 44-49.
We carefully evaluate all international data transfers and only work with service providers who demonstrate strong data protection practices and compliance with applicable privacy laws. You can request specific information about the safeguards in place for any particular service by contacting us using the details provided in this privacy policy.
11. Childrens Privacy
Our website and services are not intended for or directed at children under the age of 10, and we do not knowingly collect personal data from minors. If you are under 10 years of age, please do not use our website or provide any personal information to us. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such information from our systems. Parents and guardians who believe their child may have provided us with personal information should contact us immediately at [salam@halacards.com] so we can address the situation promptly and appropriately.
12. Changes to This Privacy Policy
We may periodically update this privacy policy to reflect changes in our data processing practices, legal requirements, or business operations. When we make material changes that significantly affect your rights or how we handle your personal data, we will notify you by posting the updated policy on our website with a new “last updated” date and, where appropriate, by sending you a direct notification via email if we have your contact information. We encourage you to review this privacy policy regularly to stay informed about how we protect your personal data. Your continued use of our website after any changes indicates your acceptance of the updated privacy policy.
13. Contact Information
If you have any questions about this privacy policy, wish to exercise your data protection rights, or need assistance with any privacy-related matters, please don’t hesitate to contact us. You can reach us by email at salam@halacards.com. We are committed to addressing your concerns promptly and transparently, and we will respond to all privacy-related inquiries within one month as required by GDPR.
If you are located outside the European Union and we are required to have an EU representative for data protection purposes, you can contact us.
14. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection laws. You can file a complaint with the supervisory authority in your country of residence, place of work, or where the alleged violation occurred. For residents of Germany, the competent authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), which you can contact through their website at https://www.bfdi.bund.de/. However, we encourage you to contact us first so we can work together to resolve any concerns you may have about our data processing practices.