Privacy policy

for the website www.artheokids.com

(Version: 2025)

We appreciate your interest in our website and our products. The protection of your personal data is particularly important to us. We process your data exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR) and national data protection laws.

This Privacy Policy explains which personal data we process, for what purposes we do so, and which rights you have in relation to your personal data.

1. Controller

Artheo OG
Tuchlauben 7a
1010 Vienna
Austria
Email: office@artheokids.com

2. Scope and Purpose of Data Collection

We only collect personal data that you actively provide to us or that is automatically collected when you visit our website. Data processing is always purpose-bound, transparent, and limited to what is necessary. The type of personal data we process depends on how you use our website — for example, whether you are simply browsing, placing an order, creating a customer account, or contacting us.

We process your data exclusively as required to operate our online shop, fulfil your order, or comply with legal obligations.

3. Website Hosting (Shopify)

Our website is hosted by:

Shopify International Limited
2nd Floor, Victoria Buildings,
1–2 Haddington Road,
Dublin 4, D04 XN32, Ireland

For certain processing activities, Shopify acts as an independent controller (e.g., platform-wide analytics, extended merchant network services). Shopify’s privacy information can be found at:
https://www.shopify.com/legal/privacy

Shopify may transfer data to third countries, in particular Canada and the United States. Such transfers are based on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR).

4. Domain and Email Hosting (world4you)

Our domain and business email accounts are operated by:

World4You Internet Services GmbH
Austria

World4You processes technical connection data (e.g., IP address) necessary to provide domain and email services.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and functional hosting services).

5. Visiting the Website / Server Log Files

When you access our website, Shopify automatically processes the following data:

  • IP address
  • Browser type and version
  • Device type
  • Date and time of access
  • Referrer URL
  • Other technical information

This data is technically required to display the website correctly.
Legal basis: Art. 6(1)(f) GDPR.

6. Orders in the Online Shop / Customer Account

When placing an order or creating a customer account, we process the following personal data:

  • Name, address, contact details
  • Billing and shipping address
  • Order history
  • Payment method
  • Communication with us

Legal bases:

  • Art. 6(1)(b) GDPR (contract and pre-contractual measures)
  • Art. 6(1)(f) GDPR (legitimate interest in efficient order processing)

We store personal data:

  • as long as necessary for the respective purpose
  • according to statutory retention periods
  • until you withdraw your consent (for marketing purposes)

7. Cookies & Consent Banner

Our website uses cookies controlled via the Shopify cookie banner.

We use two types of cookies:

(1) Technically necessary cookies

Required for the operation of the online shop.
Legal basis: Art. 6(1)(f) GDPR.

(2) Cookies requiring consent

(e.g., Shopify Analytics, marketing functions)
These are only set when you give consent via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR.

You may withdraw your consent at any time via your browser settings or the cookie banner.

8. Shopify Analytics

We use Shopify’s standard analytics tools to analyse and improve our online offering.

Shopify Analytics processes:

  • page views
  • shop interactions
  • device and browser data
  • order and cart activities

Legal basis: Your consent under Art. 6(1)(a) GDPR.
Without consent, no analytics cookies are set.

9. Payment Providers

9.1 Shopify Payments

Payments via credit card, Apple Pay, Google Pay or SEPA are processed through Shopify Payments.

Controller:
Shopify Payments Ltd., Ireland
Privacy policy: https://www.shopify.com/legal/privacy

9.2 PayPal

If you choose PayPal, your payment data is transferred to:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Legal basis: Art. 6(1)(b) GDPR.

10. Contact Form & Communication

When you contact us via the Shopify contact form or by email, we process:

  • Name
  • Email address
  • Message content

Legal bases:

  • Art. 6(1)(b) GDPR (order-related enquiries)
  • Art. 6(1)(f) GDPR (other enquiries)

11. Newsletter

We send newsletters via:

CleverReach GmbH & Co. KG (Germany)

We require your email address for this purpose.
Subscription is carried out via the double opt-in process.

CleverReach processes your data solely on our behalf.
Legal basis: Art. 6(1)(a) GDPR (consent).
You may unsubscribe at any time using the link at the end of each newsletter.

12. Social Media Buttons

Our website uses only linked buttons, not embedded plugins.

When you click on a button, you are redirected to the respective platform. Data processing only takes place after leaving our website.

Platforms:

  • Instagram / Meta Platforms Ireland Ltd.
  • Facebook / Meta Platforms Ireland Ltd.
  • Pinterest Europe Ltd.

We do not receive information about users who are redirected.

13. Disclosure to Third Parties

We may share personal data with third parties for legitimate purposes outlined in this Privacy Policy.

Possible recipients include:

  • Service providers (processors): e.g., IT support, hosting, analytics, marketing
  • Payment providers
  • Shipping providers
  • Shopify (hosting, analytics, fulfilment)
  • Authorities, where legally required

International Data Transfers

Where data is transferred outside the EEA or the UK, we rely on recognised safeguards such as the European Commission’s Standard Contractual Clauses unless the destination country has an adequacy decision.

14. Your Rights

As a data subject, you have the following rights at any time:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

Please direct enquiries to:
office@artheokids.com
or by post to:
Tuchlauben 7a, 1010 Vienna, Austria

You may also lodge a complaint with the competent data protection authority.
A list of supervisory authorities in the EEA can be found via the European Data Protection Board.

15. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect legal requirements or changes to our processing activities.