1. Controller and Contact Information

The controller responsible for data processing on this website is:

Guillaume Karpowicz (DiaboloFocus)

Marwitzer Str. 54a

13589 Berlin, Germany

Email: info@diabolofocus.com

Phone: +49 163 636 3431

A Data Protection Officer is not required as we regularly employ fewer than 20 persons involved in automated data processing (§ 38 BDSG).

2. Supervisory Authority

The competent data protection supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)

Friedrichstr. 219, 10969 Berlin, Germany

Email: mailbox@datenschutz-berlin.de

Website: www.datenschutz-berlin.de

You have the right to lodge a complaint with this supervisory authority at any time (Art. 77 GDPR).

3. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — obtain confirmation of whether and what personal data we process about you

• Right to rectification (Art. 16 GDPR) — request correction of inaccurate data

• Right to erasure (Art. 17 GDPR) — request deletion of your data where the legal requirements are met

• Right to restriction of processing (Art. 18 GDPR) — request that processing be restricted in certain circumstances

• Right to data portability (Art. 20 GDPR) — receive your data in a structured, commonly used, machine-readable format

• Right to object (Art. 21 GDPR) — object to processing based on legitimate interest or direct marketing at any time

• Right to withdraw consent (Art. 7(3) GDPR) — withdraw any consent given at any time, without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, please contact us at info@diabolofocus.com.

4. Data Processing Activities

4.1 Website Hosting (Wix.com)

​

This website is hosted by Wix.com Ltd. (40 Namal Tel Aviv St., Tel Aviv 6350671, Israel). When you visit our website, Wix automatically collects and stores technical data in server log files, including your IP address, browser type and version, operating system, referrer URL, date and time of access, and pages visited.

​

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure website operation).

​

Wix acts as our data processor under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. Transfers to Israel are covered by the EU Commission's adequacy decision (Art. 45 GDPR). Transfers to the United States are covered by the EU-US Data Privacy Framework and Standard Contractual Clauses (Art. 46(2)(c) GDPR).

​

4.2 Customer Account and Order Processing

​

When you place an order, we collect and process: name, email address, billing and shipping address, phone number (if provided), order details, and payment information.

Legal basis: Art. 6(1)(b) GDPR (contract performance). Retention period: Order data is retained for 8 years from the end of the calendar year in which the transaction occurred, as required by German tax and commercial law (§ 147 AO, § 257 HGB).

​

4.3 Payment Processing

​

We use the following payment service providers:

• PayPal (Europe) S.à r.l. et Cie, S.C.A. — acts as an independent data controller for payment data. Legal basis: Art. 6(1)(b) GDPR.

• Stripe Payments Europe, Limited — acts as our data processor for credit card payments. Legal basis: Art. 6(1)(b) GDPR.

• Wix Payments — payment processing integrated into the Wix platform. Legal basis: Art. 6(1)(b) GDPR.

• SEPA bank transfer — processed by N26 Bank GmbH, Voltairestr. 8, 10179 Berlin. Legal basis: Art. 6(1)(b) GDPR.

​

4.4 Shipping and Delivery

​

To fulfill your order, we share your name, delivery address, and (if provided) phone number and email address with our shipping providers, primarily Deutsche Post / DHL Paket GmbH.

Legal basis: Art. 6(1)(b) GDPR (contract performance); Art. 6(1)(c) GDPR (legal obligation for customs declarations).

​

4.5 Email Communication

​

We use your email address to send order confirmations, shipping notifications, and responses to inquiries. If you subscribe to our newsletter, we process your email address based on your consent. Legal basis: Art. 6(1)(b) GDPR (transactional emails); Art. 6(1)(a) GDPR (newsletter).

​

4.6 Contact Form and Email Inquiries

​

When you contact us, we process the data you provide (name, email, message content) to respond to your inquiry.

​

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

​

Retention: Inquiry data is retained for 3 years from the last contact, unless longer retention is required by law.

5. Cookies and Tracking Technologies

Please refer to our separate Cookie Policy for detailed information about cookies used on this website.

​

Essential cookies (session management, shopping cart, CSRF protection, security) are set without consent as they are strictly necessary for the operation of the website (§ 25 Abs. 2 TDDDG).

​

Non-essential cookies (analytics, marketing, third-party services) are set only after you have provided explicit consent via our cookie consent banner (§ 25 Abs. 1 TDDDG; Art. 6(1)(a) GDPR).

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA):

​

• Israel (Wix.com Ltd.): Covered by the EU Commission's adequacy decision pursuant to Art. 45 GDPR.

• United States (Wix Inc., Stripe, PayPal, and other sub-processors): Covered by the EU-US Data Privacy Framework for DPF-certified entities, and by Standard Contractual Clauses (Art. 46(2)(c) GDPR).

• Destination countries (customs authorities for international shipments): Data disclosure required by applicable customs law (Art. 6(1)(c) GDPR).

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses SSL/TLS encryption for all data transmission.

8. Automated Decision-Making

We do not use automated decision-making or profiling as defined by Art. 22 GDPR.

9. Obligation to Provide Data

The provision of personal data for the purpose of order processing is a contractual requirement. Without this data, we cannot process or fulfill your order. The provision of data for newsletter signup or contact inquiries is voluntary.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or our data processing activities. The current version is always available on our website.