Protecting your personal data is of the utmost importance to us. This Privacy Policy explains how personal data is collected, processed, and used when you visit and use our website, create a customer account, purchase digital products, and communicate with us.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Digital Services Act (DDG), and the Telecommunications–Digital Services Data Protection Act (TDDDG), as well as all other applicable data protection laws.

This Privacy Policy applies to all services provided under the brand “Arclane”.

Christian Winkler
trading under the business name “Arclane”
Wildenfelser Straße 15
81249 Munich
Germany

Email: partner@arclane.co

The controller within the meaning of Art. 4 (7) GDPR is Christian Winkler.

A data protection officer has not been appointed, as the statutory requirements for mandatory appointment are not met.

We process personal data solely for the following purposes:

• operation, provision, and security of the website and online store
• creation and administration of customer accounts
• passwordless authentication and secure account access
• processing orders and delivering digital products
• handling customer inquiries and support requests
• fraud prevention, dispute resolution, and IT security
• compliance with legal obligations, in particular accounting and tax law
• internal business administration and documentation
• marketing communications and analytics, only where legally permitted and/or based on your consent
• handling refund requests, voluntary money-back guarantees, chargebacks, and related dispute resolution

Personal data is processed on the following legal bases pursuant to Art. 6 GDPR:

• Art. 6 (1) (a) – consent (e.g. marketing emails, optional cookies or analytics)
• Art. 6 (1) (b) – performance of a contract or pre-contractual measures (e.g. purchases, account usage, digital delivery)
• Art. 6 (1) (c) – compliance with legal obligations (e.g. statutory retention duties)
• Art. 6 (1) (f) – legitimate interests (e.g. security, fraud prevention, stable operation of the website)
  

Where processing is based on consent, consent may be withdrawn at any time with effect for the future.

When you access our website, technical data is automatically processed to enable delivery of the site and ensure its security and stability. This includes:

• IP address
• date and time of access
• browser type and version
• operating system
• referrer URL
  

This data is processed exclusively for technical and security purposes and is not merged with other data sources.

Legal basis: Art. 6 (1) (f) GDPR.

We offer customer accounts that allow users to:

• access purchased digital products
• view order history and confirmations
• manage account information
  

Account access may be provided via passwordless login, using one-time verification codes sent to the registered email address. For this purpose, we process authentication tokens and account identifiers solely to enable secure access.

Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

When purchasing digital products, we process the data necessary to conclude and perform the contract, including:

• name
• email address
• billing address
• order details (product, price, date, transaction reference)
  

Digital products are made available either directly after checkout or via the customer account. Order confirmations and download instructions are sent by email.

Legal basis: Art. 6 (1) (b) GDPR.

Payments are processed via Shopify Payments (including Shop Pay, Visa, Mastercard, American Express, Apple Pay, and Google Pay) and PayPal.

Payment data such as card numbers or bank details are processed exclusively by the respective payment service providers. We receive only confirmation and transaction status information and do not store full payment credentials.

Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

Accounting and tax-relevant data is processed in accordance with statutory requirements. Invoices are generated and stored internally and may be made available to customers via their customer account. Invoices are not sent by email unless legally required.

Processing is carried out using accounting software and may involve disclosure to tax advisors where necessary.

Legal basis: Art. 6 (1) (c) GDPR.

Statutory retention periods apply, in particular 10 years pursuant to German tax and commercial law.

Our online store is operated using the e-commerce platform Shopify, including Shopify Markets for international sales, languages, and currencies.

Depending on the specific service used, Shopify acts either as a processor on our behalf or as an independent controller, in particular in connection with payment processing and certain platform-related features.

Data processing is governed by Shopify’s contractual arrangements, including its Data Processing Addendum.

If you contact us via contact form or email, the information you provide (such as email address and message content) is processed solely to handle your request.

Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

We send transactional emails required to perform the contract and operate your account, such as order confirmations, download notifications, login codes, and security messages.

Legal basis: Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

Marketing communications are sent only if you have given your consent. You may withdraw consent at any time, for example via the unsubscribe link in each email.

Legal basis: Art. 6 (1) (a) GDPR.

We use cookies and similar technologies that are technically necessary to operate the website and store (e.g. session management, security, language and currency settings).

Any use of non-essential cookies or comparable technologies (such as analytics or marketing tools) requires prior consent and will only be implemented in compliance with the TDDDG and GDPR. A cookie consent banner is used where legally required.

At present, no external marketing or advertising tracking tools are intentionally deployed.

We currently rely on standard Shopify store statistics. Should additional analytics or advertising tools (e.g. Google Analytics or advertising pixels) be introduced in the future, this will be done only in compliance with applicable legal requirements, including consent obligations, and this Privacy Policy will be updated accordingly.

Personal data is disclosed only where necessary for the purposes described above. Recipients may include:

• Shopify (store hosting, checkout, Markets, customer accounts)
• payment service providers (Shopify Payments, PayPal)
• automation and data management services (e.g. Zapier, Airtable)
• accounting and bookkeeping software providers (e.g. Lexware)
• internal administrative tools (e.g. Softr, used exclusively for internal and creator administration)
• tax advisors and public authorities where legally required
  

Personal data is not sold.

Due to international sales and the use of service providers located outside the European Economic Area, personal data may be transferred to third countries, including the United States.

Such transfers are safeguarded using recognized mechanisms, in particular the EU Standard Contractual Clauses (SCCs), and appropriate technical and organizational measures.

Personal data is retained only for as long as necessary to fulfill the respective purposes and statutory obligations. After expiry of applicable retention periods, data is deleted or anonymized unless further retention is legally required.

Under the GDPR, you have the following rights, subject to statutory requirements:

• right of access (Art. 15 GDPR)
• right to rectification (Art. 16 GDPR)
• right to erasure (Art. 17 GDPR)
• right to restriction of processing (Art. 18 GDPR)
• right to data portability (Art. 20 GDPR)
• right to object (Art. 21 GDPR)
• right to withdraw consent at any time (Art. 7 (3) GDPR)
  

Requests may be directed to partner@arclane.co.

You have the right to lodge a complaint with a competent data protection supervisory authority. For Bavaria, this is generally the Bavarian State Office for Data Protection Supervision (BayLDA).

Our digital products are not restricted to adults and may be used by minors.

Where processing is based on the performance of a contract, personal data is processed solely to fulfill contractual obligations.

Where processing is based on consent, the applicable legal provisions concerning minors, including Art. 8 GDPR, apply.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. Data transmissions are secured using SSL/TLS encryption.

This Privacy Policy may be updated from time to time to reflect legal, technical, or operational changes. The current version is always available on our website.

For questions regarding this Privacy Policy or data protection matters, please contact:

partner@arclane.co

Christian Winkler
Arclane
Wildenfelser Straße 15
81249 Munich
Germany