Privacy policy

Last update: February 12, 2026

Lupaan GmbH operates this shop and website, including all related information, content, features, tools, products, and Services, to provide you, the customer, with a personalized shopping experience (the "Services"). Lupaan GmbH is based on Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, or share personal information when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is a conflict between our Terms and Conditions and this Privacy Policy, this Privacy Policy shall take precedence with respect to the collection, processing, and sharing of your personal information.

Please read this privacy policy carefully. By using and accessing any of the Services, you confirm that you have read this privacy policy and agree to the collection, use, and disclosure of your data as described in this privacy policy.

What personal data do we collect or process?

When we use the term "personal data," we are referring to information that identifies you or another person or can be directly associated with you. Personal data does not include information that has been collected anonymously or anonymized in such a way that it cannot be identified or associated with you. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from that personal data:

  • contact information including name, mailing address, billing address, shipping address, phone number, and email address.
  • financial data including credit, debit card, and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation, and other payment details.
  • account information including username, password, security questions, configurations, and settings.
  • transaction information including the items you are viewing, add to your shopping cart, place on your wish list, or purchase, return, exchange, or cancel, as well as your past transactions.
  • Communicating with us including information you provide when communicating with us, for example when you send a request to customer support.
  • device information including information about your device, browser, or network connection, IP address, and other unique identifiers.
  • usage information including information about your interaction with the Services, including how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

  • Directly from you We collect data when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
  • Automatically via the Services We collect data from your device, when you use our products or Services or visit our website, and through the use of cookies and similar technologies, among other means.
  • From our service providers We collect data when, among other things, we instruct service providers to activate certain technologies and when they collect or process your personal data on our behalf.
  • From our partners and other third-party providers

How do we use your personal data?

Depending on how you interact with us or which of our Services you use, we may use personal data for the following purposes:

  • Provision, adaptation, and improvement of Services. We use your personal data to provide you with our Services. This includes, among other things, fulfilling our contract with you, processing your payments, fulfilling your orders, storing your configurations and the items you are interested in, sending notifications related to your account, creating, maintaining, and otherwise managing your account, organizing shipping, facilitating returns and exchanges, allowing you to submit reviews, and creating a personalized shopping experience for you, for example by recommending products based on your purchases. This may also include using your personal data to better tailor and improve the Services.
  • Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send marketing and advertising communications via email, SMS, or post, and to display online advertising for products or services for the Services or other websites, including based on items you have previously purchased or added to your shopping cart, as well as other activities related to the Services.
  • Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action regarding potential fraudulent, illegal, unsafe, or malicious activity, protect public safety, and ensure the security of our Services. If you decide to use the Services and register for an account, you are responsible for protecting your account login information. We strongly recommend that you do not share your username, password, or other access information with anyone else.
  • Communication with you. We use your personal data to provide you with customer support and effective Services, respond promptly to your inquiries, and maintain our business relationship with you.

Legal reasons. We use your personal data to comply with applicable law or respond to lawful process, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual litigation, or other adversarial proceedings, and to investigate or enforce potential violations of our terms or policies.

Cookies, tracking, and marketing technologies

Cookies and consent management

Our website uses cookies and similar technologies (e.g., pixels, tags, web beacons). Cookies and tracking technologies that are not technically necessary are only used on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR.

When you visit our website for the first time, you can use our consent banner to select which categories of cookies you want to allow. You can revoke or adjust your consent at any time with future effect by revisiting the cookie settings.

The legal basis for:

  • The legal basis for technically necessary cookies is Art. 6 para. 1 lit. f GDPR (legitimate interest in a functioning online shop).

  • Your consent is required for analysis, marketing, and tracking cookies in accordance with Art. 6 (1) (a) GDPR.

Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze the use of our website. The following data, among other things, may be processed:

  • IP address (abbreviated/anonymized)

  • device information

  • browser information

  • Location data (approximate)

  • referrer URL

  • Interactions with the website

  • Purchase and conversion data

Processing is carried out exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Google may transfer data to the United States. Google is certified under the EU-US Data Privacy Framework. In addition, standard contractual clauses of the European Commission are used.

You can revoke your consent at any time via our cookie settings.

Further information:
https://policies.google.com/privacy

Google Ads and conversion tracking

We use Google Ads, a service provided by Google Ireland Limited.

Within the scope of Google Ads, we use:

  • Conversion tracking

  • Remarketing features

This determines whether users perform certain actions on our website after clicking on an ad (e.g., completing a purchase).

The following data may be processed:

  • IP address

  • device information

  • browser information

  • Pages visited

  • Purchase or conversion data

Processing is carried out exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Google may transfer data to the United States. Google is certified under the EU-US Data Privacy Framework. In addition, standard contractual clauses are used.

You can disable personalized advertising here:
https://adssettings.google.com

Meta Pixel (Facebook Pixel)

We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, on our website.

The Meta Pixel enables us to:

  • track user behavior after they have been redirected to our website by clicking on a Facebook or Instagram advertisement,

  • to measure the effectiveness of our advertising,

  • display personalized advertising.

In particular, the following data may be processed:

  • IP address

  • device information

  • browser information

  • Pages visited

  • Purchase and conversion data

  • Interactions with content

Processing is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Shared responsibility

In connection with the collection and transmission of data to Meta, we are jointly responsible with Meta Platforms Ireland Ltd. in accordance with Art. 26 GDPR.

You can view the agreement on joint responsibility ("Controller Addendum") here:
https://www.facebook.com/legal/controller_addendum

Meta may transfer data to the United States. Meta is certified under the EU-US Data Privacy Framework.

Further information:
https://www.facebook.com/privacy/policy

You can turn off personalized ads in your Facebook or Instagram account settings.

Withdrawal of your consent

You can revoke your consent to the use of analytics and marketing technologies at any time with future effect:

  • about the cookie settings on our website

  • about Google's advertising settings

  • about Meta's advertising settings

The withdrawal does not affect the lawfulness of the processing until the time of withdrawal.

storage period

The data collected by tracking and marketing tools will only be stored for as long as is necessary for the respective purposes or as required by statutory retention obligations.


How do we share personal data?

Under certain circumstances, we may share your personal information with third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:

  • At Shopify, these are providers and other third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, fulfillment, and shipping).
  • We share personal data with business and marketing partners who provide marketing services to you and display advertisements to you. For example, we use Shopify to support personalized advertising with third-party Services based on your online activities across various retailers and websites. Our business and marketing partners use your information in accordance with their own privacy policies. Depending on where you live, you may have the right to instruct us not to share information about you in order to show you targeted advertising and marketing based on your online activities across different retailers and websites.
  • When you request or otherwise consent to us sharing certain information with third parties, for example to deliver products to you, or when you use social media widgets or login Integrations.
  • We share personal data with our affiliates or otherwise within our group of companies.
  • In connection with a business transaction such as a merger or bankruptcy; to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests); to enforce applicable service terms or policies; and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal data about your access to and use of the Services in order to provide and improve the Services. Data that you submit to the Services is shared with Shopify and third parties who may be located in countries other than your country of residence in order to provide and improve the Services for you. To protect, expand, and improve our business, we also use certain advanced Shopify features that incorporate data and information from your interactions with our store, other merchants, and Shopify. To provide these advanced features, Shopify may use personal data collected from your interactions with our store, other merchants, and Shopify. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information about how Shopify uses your personal data and what rights you have, please see the Shopify Privacy Policy for Consumers Depending on where you reside, you may exercise certain rights with respect to your personal data listed here. Link to the Shopify Privacy Portal.

Third-party websites and links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliate websites or are not controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or Reliability of the information contained on those websites. Information you provide in public or semi-public areas, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without restriction on their use by us or any third party. Our inclusion of such links does not imply our endorsement of the content of these platforms or their owners or operators, unless expressly stated in the Services.

Children's data

The Services are not intended for use by children, and we do not knowingly collect personal information from children who are under the age of majority in your country. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details below to request that we delete that information. As of the effective date of this Privacy Policy, we are not aware that we "share" or "sell" (as those terms are defined under applicable law) personal information from individuals under the age of 16.

Security and storage of your data

Please note that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, information you send to us may be exposed to risks during transmission. We recommend that you do not use unsecure channels when transmitting sensitive or confidential information to us.

How long we retain your personal data depends on various factors. These include, for example, whether we need the data to manage your account, provide you with Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your rights and options

Depending on where you live, you may have some or all of the rights listed below with respect to your personal data. However, these rights are not absolute, may only apply in certain circumstances, and in certain cases we may refuse your request to the extent permitted by law.

  • Right of access/information. You may have the right to request access to the personal data we hold about you.
  • Right to erasure. You may have the right to request that we delete the personal data we have stored about you.
  • Right to rectification. You may have the right to request that we correct any inaccurate personal data we hold about you.
  • Right to data portability. You may have the right to obtain a copy of the personal data we hold about you and to request that we disclose it to a third party in certain circumstances and with certain exceptions.
  • Managing communication settings. We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you choose to opt out, we may still send you non-promotional emails, such as those about your account or orders you have placed.

If you reside in the United Kingdom or the European Economic Area, Subject to the exceptions and limitations provided by local law, you may exercise the following rights in addition to the rights mentioned above:

  • Right to object and right to restriction of processing. You may have the right to request that we stop or restrict the processing of personal data for certain purposes.
  • Withdrawal of consent. If we rely on your consent to process your personal data, you have the right to withdraw that consent. If you withdraw your consent, this will not affect the lawfulness of the processing based on your consent prior to withdrawal.

You can exercise these rights if indicated in the Services or by contacting us using the contact details provided below. For more information about how Shopify uses your personal data and what rights you have, including rights relating to data processed by Shopify, please visit https://privacy.shopify.com/en.

Exercising these rights will not result in any disadvantages for you. Where permitted or required by applicable law, we may need to verify your identity before we can process your requests. In accordance with applicable laws, you may appoint an authorized representative to make requests on your behalf to exercise your rights. Before we accept such a request from a representative, we will require proof that you have authorized them to act on your behalf. This may require you to confirm your identity directly to us. We will respond to your request promptly in accordance with applicable law.

complaints

If you have any complaints about how we process your personal data, please contact us using the contact details below. Depending on where you live, you have the right to object to our decision by contacting us using the contact details below or by submitting your complaint to the relevant data protection authority. For the European Economic Area, there is a list of the relevant data protection supervisory authorities. If you would like to access it, you have the opportunity to do so here.

International broadcasts

Please note that we may transfer, store, and process your personal data outside the country in which you reside.

When we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognized transfer mechanisms such as the European Commission's standard contractual clauses or equivalent contracts issued by the relevant UK authority, unless the data transfer is to a country that has been found to provide an adequate level of protection.

Changes to this privacy policy

We may update this privacy policy from time to time, for example to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will publish the revised privacy policy on this website, update the "Last Revised" date accordingly, and provide the notice required by applicable law.

Contact

If you have any questions about our data protection procedures or this privacy policy, or if you wish to exercise any of your rights, please contact us by phone at , by email at office@eightpins.at, or by mail at Lupaan GmbH, Kristein 2, Enns, 4470, AT. In accordance with applicable data protection laws, we are the data controller for your personal data.