Data Protection Policy for wernerchristusa.com

1. Introduction
This policy outlines how we collect, process, and protect your personal data in compliance with the GDPR (EU 2016/679) and applicable US privacy laws (e.g., CCPA). By using our site, you consent to these practices.

2. Data We Collect

• Identity/Contact Data: Name, address, email, phone
• Transaction Data: Order history, payment details (processed via Shopify Payments)
• Technical Data: IP address, browser type, cookies
• Marketing Preferences (opt-in required)

3. Purposes of Processing
Your data enables us to:

• Fulfill orders and manage returns
• Provide customer support
• Improve website functionality
• Send promotional offers (with consent)
• Comply with tax/legal obligations

4. Legal Bases
Processing relies on:

• Contractual necessity (order fulfillment)
• Consent (marketing, non-essential cookies)
• Legitimate interest (fraud prevention, analytics)

5. Data Sharing
We share with:

• Payment processors (Shopify, PayPal)
• Shipping carriers (DHL, FedEx)
• IT/cloud service providers (EU/US-based, with safeguards)

6. International Transfers
Data may be transferred outside the EU/EEA under:

• Adequacy decisions (e.g., EU-US Data Privacy Framework)
• Standard Contractual Clauses

7. Your Rights
You may:

• Access, correct, or delete your data
• Restrict processing or request portability
• Withdraw consent (via Privacy Dashboard)
• Lodge complaints with supervisory authorities

8. Cookies
We use:

• Essential cookies (site functionality)
• Analytics cookies (Google Analytics, anonymized)
• Marketing cookies (Facebook Pixel, opt-in)
  Manage preferences at Cookie Settings.

9. Security Measures

• SSL encryption
• Regular security audits
• Limited employee access

10. Retention Periods
Data is kept:

• For orders: 10 years (tax compliance)
• For marketing: Until consent withdrawal

11. Policy Updates
Changes are posted at wernerchristusa.com/privacy.

*Last updated: 2025-06-20*