This Privacy Policy governs the processing of personal data collected via our digital commercial presence, www.linenairflow.com. It outlines our operational practices regarding the collection, utilisation, maintenance, and disclosure of information associated with our prospective and active clientele across Europe and the United States.
1. Data Controller
The data controller responsible for the processing of personal data under this policy is:
- Corporate Name: Mister Curtain GmbH
- Registered Office Address: Schönhauser Allee 27 -27a, 10435, Berlin
- Official Corporate Email: linen@linenairflow.com
- Telephone Number: +4930235903858
2. Information Collection and Lawful Basis
We process personal data only when a legitimate legal basis exists under applicable European Union and United States statutes. The categories of data processed include:
- Identity and Contact Data: Full name, billing address, delivery address, email address, and telephone number. This information is collected solely for the performance of a commercial contract to process standard order requests for our linen curtain products.
- Transaction and Financial Data: Detailed records of transactions, items ordered, and payment statuses.
- Technical, Cookie, and Usage Data: IP address, browser type, operational system, unique device identifiers, and interaction details with our digital channels (including data collected via essential cookies). This is processed under our legitimate business interest to maintain functional, secure communication infrastructure and prevent fraudulent transactions.
3. Payment Processing and Third-Party Disclosure
To execute monetary transactions for your purchase requests efficiently and securely, we utilise specialized global financial infrastructure.
- Payment Processor: All payment processing operations are executed directly via our integrated payment service provider, Stripe.
- Data Transfer to Stripe: When an order is finalized, your financial credentials and billing details are transmitted directly to Stripe’s infrastructures via secure encrypted protocols (SSL/TLS). Mister Curtain GmbH does not collect, hold, or possess complete credit card numbers, CVV codes, or financial verification passwords.
- Processor Compliance: Stripe manages your financial data in strict accordance with their corporate privacy terms and global financial regulatory frameworks, including the Payment Card Industry Data Security Standard (PCI-DSS).
4. Data Retention Periods
We maintain personal data only for as long as necessary to fulfil the specific administrative and operational purposes for which it was originally collected, or to satisfy mandatory statutory obligations:
- Commercial and Financial Records: Pursuant to German commercial and tax statutes (such as the Handelsgesetzbuch – HGB and Abgabenordnung – AO), transactional data, invoice parameters, and linked customer identity details are retained for a mandatory statutory period of ten (10) years.
- General Inquiries and Communications: Standard correspondence, query histories, and non-transactional email exchanges received via our official communication channels are retained for up to three (3) years from the closure of the interaction, aligning with standard civil limitation periods.
5. Data Transmission and Security Protocols
While we implement standard structural measures, advanced administrative protocols, and commercial industry-standard encryption practices intended to safeguard personal data from unauthorised exposure, loss, or alteration, no method of digital transmission over the internet or electronic storage can be asserted as entirely immune to external compromise. Consequently, transmissions are undertaken at the user’s own volition.
6. Rights of the Data Subject (GDPR & US State Privacy Rights)
Depending on your geographical location within the European Economic Area (EEA) or relevant United States jurisdictions (including rights under state statutes such as the California Consumer Privacy Act – CCPA), you possess specific statutory rights concerning your personal information. These rights include:
- The right to request transparent access to, and rectification of, your archived data records.
- The right to request the restriction of processing, portability, or the erasure of personal information, provided such actions do not conflict with active corporate statutory data retention laws (e.g., tax record requirements).
- The right to opt-out of the collection of non-essential technical data.
- The right to lodge an inquiry or complaint with a competent supervisory data protection authority.
To exercise any applicable statutory rights, please submit a formal, documented request to our designated data administration team at: linen@linenairflow.com.