Privacy Policy / Datenschutzerklärung
Privacy Policy / Datenschutzerklärung
Last updated: 2026-06-18
1. Controller
The controller responsible for data processing on this website (Art. 4(7) GDPR) is:
Johannes Kantorczyk
Landsberger Straße 185, 12623 Berlin, Deutschland / Germany
Email: team.everstory@gmail.com · Phone: +49 176 72027558
We have not appointed a Data Protection Officer, as we are not legally required to.
2. Overview of what we process
We process personal data to operate this store, fulfil orders, produce your memory reel,
and meet legal obligations. We minimise what we collect and never sell your data.
3. Hosting & store platform (Shopify)
Our store runs on Shopify (Shopify International Ltd., Ireland; Shopify Inc., Canada).
Shopify acts as our processor under a data processing agreement (Art. 28 GDPR) and
processes order, device, and usage data on our behalf. Some processing may involve transfers
to the USA and other third countries; these are covered by EU Standard Contractual Clauses
and, where applicable, the EU-US Data Privacy Framework.
- Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) (legitimate
interest in a secure, efficient online store).
4. Server log files
Our hosting automatically collects access data (IP address, date/time, page requested,
browser/OS, referrer) for security and operation.
5. Orders and customer account
To process an order we collect: name, billing/contact address, email, phone (optional),
order contents, and payment status. If you create an account, we store these for reuse.
- Legal basis: Art. 6(1)(b) GDPR. Retention: for the duration of the contract and as long
as statutory commercial/tax retention periods require (generally up to 6–10 years under
German HGB/AO).
6. Photos you upload (special note)
To produce your memory reel you upload family photographs. These images, and any people
depicted, may constitute personal data.
- Retention: photos and the finished reel are deleted after delivery plus a grace period of
90 days (so we can re-supply or correct), unless you ask us to delete sooner or
to keep them longer.
7. Payments
Payments are handled by our payment providers (e.g. Shopify Payments / Stripe, PayPal,
and any others enabled at checkout). The relevant provider processes your payment data directly;
we receive only the data needed to confirm and fulfil the order.
- Legal basis: Art. 6(1)(b) GDPR. See each provider's own privacy policy.
- Legal basis: Art. 6(1)(b) or (f) GDPR. Retention: until your enquiry is resolved, then per
8. Cookies and consent
We use technically necessary cookies to run the store (basis: Art. 6(1)(f) GDPR / § 25(2) TDDDG).
Any non-essential cookies (analytics, marketing) are set only with your consent via our
cookie banner (basis: Art. 6(1)(a) GDPR / § 25(1) TDDDG). You can withdraw consent at any time
via the banner/settings.
9. Contact
If you email us, we process your message and contact details to handle your enquiry.
statutory periods.
10. Social media (Instagram, TikTok)
We maintain profiles on Instagram and TikTok and link to them. Visiting those platforms is
governed by the respective platform's privacy policy; we have no control over their processing.
11. Your rights
Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure
(Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). Where
processing is based on consent, you may withdraw it at any time with future effect (Art. 7(3)).
To exercise any right, contact team.everstory@gmail.com.
You also have the right to lodge a complaint with a supervisory authority, e.g. the data
protection authority of your federal state (Land) in Germany.
12. Changes
We may update this policy to reflect legal or operational changes. The current version applies.