Privacy policy

for the website www.artheokids.com

(Version: 2026)

We appreciate your interest in our website and our products. The protection of your personal data is particularly important to us. We process your data exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR) and national data protection laws.

This Privacy Policy explains which personal data we process, for what purposes we do so, and which rights you have in relation to your personal data.

1. Controller

Artheo OG
Tuchlauben 7a
1010 Vienna
Austria
Email: office@artheokids.com

2. Scope and Purpose of Data Collection

We only collect personal data that you actively provide to us or that is automatically collected when you visit our website. Data processing is always purpose-bound, transparent, and limited to what is necessary. The type of personal data we process depends on how you use our website — for example, whether you are simply browsing, placing an order, creating a customer account, or contacting us.

We process your data exclusively as required to operate our online shop, fulfil your order, or comply with legal obligations.

3. Website Hosting (Shopify)

Our website is hosted by:

Shopify International Limited
2nd Floor, Victoria Buildings,
1–2 Haddington Road,
Dublin 4, D04 XN32, Ireland

For certain processing activities, Shopify acts as an independent controller (e.g., platform-wide analytics, extended merchant network services). Shopify’s privacy information can be found at:
https://www.shopify.com/legal/privacy

Shopify may transfer data to third countries, in particular Canada and the United States. Such transfers are based on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR).

4. Domain and Email Hosting (world4you)

Our domain and business email accounts are operated by:

World4You Internet Services GmbH
Austria

World4You processes technical connection data (e.g., IP address) necessary to provide domain and email services.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and functional hosting services).

5. Visiting the Website / Server Log Files

When you access our website, Shopify automatically processes the following data:

  • IP address
  • Browser type and version
  • Device type
  • Date and time of access
  • Referrer URL
  • Other technical information

This data is technically required to display the website correctly.
Legal basis: Art. 6(1)(f) GDPR.

6. Orders in the Online Shop / Customer Account

When placing an order or creating a customer account, we process the following personal data:

  • Name, address, contact details
  • Billing and shipping address
  • Order history
  • Payment method
  • Communication with us

Legal bases:

  • Art. 6(1)(b) GDPR (contract and pre-contractual measures)
  • Art. 6(1)(f) GDPR (legitimate interest in efficient order processing)

We store personal data:

  • as long as necessary for the respective purpose
  • according to statutory retention periods
  • until you withdraw your consent (for marketing purposes)

6a. Electronic Withdrawal / Revoq – EU Withdrawal Button

To provide an electronic withdrawal option, we use the Shopify app Revoq – EU Withdrawal Button by Jonas Busch, sole proprietor, hello@buschbytes.com.

If you submit a withdrawal request via our website, the personal data required for this purpose will be processed. This may include, in particular, your name, email address, order number, date and time of the withdrawal request, withdrawal status and, where applicable, information on the withdrawn items as well as voluntary information such as the reason for withdrawal or comments.

The processing is carried out for the purpose of receiving, confirming, processing and documenting withdrawal requests. The legal basis is Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance or reversal of a contract, and Art. 6(1)(c) GDPR, insofar as statutory documentation obligations apply.

Revoq processes personal data on our behalf as a processor within the meaning of Art. 28 GDPR. According to the provider, the processing takes place predominantly within the European Union. Where subprocessors with a third-country connection are used, this is done on the basis of appropriate safeguards under the GDPR.

The storage period is determined by the retention periods provided by the provider as well as by statutory retention obligations. After termination of the use of the app, the data will be deleted in accordance with the data processing agreement.

7. Cookies & Consent Banner

Our website uses cookies controlled via the Shopify cookie banner.

We use two types of cookies:

(1) Technically necessary cookies

Required for the operation of the online shop.
Legal basis: Art. 6(1)(f) GDPR.

(2) Cookies requiring consent

(e.g., Shopify Analytics, marketing functions)
These are only set when you give consent via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR.

You may withdraw your consent at any time via your browser settings or the cookie banner.

8. Shopify Analytics

We use Shopify’s standard analytics tools to analyse and improve our online offering.

Shopify Analytics processes:

  • page views
  • shop interactions
  • device and browser data
  • order and cart activities

Legal basis: Your consent under Art. 6(1)(a) GDPR.
Without consent, no analytics cookies are set.

9. Payment Providers

9.1 Shopify Payments

Payments via credit card, Apple Pay, Google Pay or SEPA are processed through Shopify Payments.

Controller:
Shopify Payments Ltd., Ireland
Privacy policy: https://www.shopify.com/legal/privacy

9.2 PayPal

If you choose PayPal, your payment data is transferred to:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Legal basis: Art. 6(1)(b) GDPR.

10. Contact Form & Communication

When you contact us via the Shopify contact form or by email, we process:

  • Name
  • Email address
  • Message content

Legal bases:

  • Art. 6(1)(b) GDPR (order-related enquiries)
  • Art. 6(1)(f) GDPR (other enquiries)

11. Newsletter

We send newsletters via:

CleverReach GmbH & Co. KG (Germany)

We require your email address for this purpose.
Subscription is carried out via the double opt-in process.

CleverReach processes your data solely on our behalf.
Legal basis: Art. 6(1)(a) GDPR (consent).
You may unsubscribe at any time using the link at the end of each newsletter.

12. Social Media Buttons

Our website uses only linked buttons, not embedded plugins.

When you click on a button, you are redirected to the respective platform. Data processing only takes place after leaving our website.

Platforms:

  • Instagram / Meta Platforms Ireland Ltd.
  • Facebook / Meta Platforms Ireland Ltd.
  • Pinterest Europe Ltd.

We do not receive information about users who are redirected.

13. Disclosure to Third Parties

We may share personal data with third parties for legitimate purposes outlined in this Privacy Policy.

Possible recipients include:

  • Service providers (processors): e.g., IT support, hosting, analytics, marketing
  • Payment providers
  • Shipping providers
  • Shopify (hosting, analytics, fulfilment)
  • Authorities, where legally required
  • Revoq / Jonas Busch, sole proprietor, as the provider of the Shopify app “Revoq – EU Withdrawal Button” for the technical provision and processing of electronic withdrawal requests.

International Data Transfers

Where data is transferred outside the EEA or the UK, we rely on recognised safeguards such as the European Commission’s Standard Contractual Clauses unless the destination country has an adequacy decision.

14. Your Rights

As a data subject, you have the following rights at any time:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

Please direct enquiries to:
office@artheokids.com
or by post to:
Tuchlauben 7a, 1010 Vienna, Austria

You may also lodge a complaint with the competent data protection authority.
A list of supervisory authorities in the EEA can be found via the European Data Protection Board.

15. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect legal requirements or changes to our processing activities.