Privacy policy

1. Who we are
We are responsible for processing your personal data.
Josea GmbH
Hohenwischer Str. 269
21129 Hamburg
Germany

2. What data do we collect?
We collect personal data when you:
- Visit our website
- Place an order
- Contact us
- Sign up for our newsletter

This may include:
- Name
- Address
- Email address
- Phone number
- Payment details
- IP address
- Order details

3. Why we collect your data (Legal basis)
We process your data based on the following legal grounds under the GDPR:
a) To fulfill a contract (Art. 6(1)(b) GDPR)
When you place an order, we use your data to process payment, ship products, and manage returns.
b) Legal obligations (Art. 6(1)(c) GDPR)
We store certain data for tax and accounting purposes as required by law.
c) Legitimate interest (Art. 6(1)(f) GDPR)
We use certain data (e.g., IP address, website analytics) to improve our website and prevent fraud.
d) Your consent (Art. 6(1)(a) GDPR)
We use your email address for marketing only if you have actively agreed to it. You can withdraw your consent at any time.

4. Shopify hosting
Our online store is hosted by Shopify Inc.
Your data is stored on secure servers. Shopify may process data in countries outside the EU. Data transfers are protected by:
- EU Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework
More information: https://www.shopify.com/legal/privacy

5. Payments
Payments are processed through secure payment providers.
Credit card data is encrypted (PCI-DSS standard).
We do not permanently store full payment details.

6. Google Analytics
We use Google Analytics to understand how visitors use our website.
Google may process data outside the EU.
We use Google Analytics only with your consent via our cookie banner.
You can withdraw your consent at any time.

7. Cookies
We use cookies to:
- Make the website function properly,
- Save your shopping cart,
- Analyze website traffic,
- Improve user experience.

Non-essential cookies (e.g., analytics or marketing cookies) are only used with your consent.
You can manage your cookie preferences at any time.

8. How long we store your data
We store your data only as long as necessary:
- Order data: up to 10 years (legal tax requirements in Germany).
- Customer account data: until you delete your account.
- Marketing data: until you withdraw consent.

9. Your rights under GDPR
You have the right to:
- Access your data,
- Correct inaccurate data,
- Delete your data,
- Restrict processing,
- Object to processing,
- Data portability,
- Withdraw consent at any time,
- Lodge a complaint with a supervisory authority.
In Germany, you can contact your local Data Protection Authority.

10. Data security
We use technical and organizational security measures to protect your data from loss, misuse, or unauthorized access. However, no internet transmission is 100% secure.

11. Changes to this policy
We may update this Privacy Policy from time to time. The latest version is always available on our website.

12. Contact
If you have questions about your personal data, contact:
info@joseasurfwear.com

or write to:

Josea GmbH
Hohenwischer Str. 269
21129 Hamburg
Germany