EXPRESSIVART.COM

Privacy policy

1. responsible body

Controller pursuant to Art. 4 No. 7 GDPR:
Gysbert Savelkouls
Roncalli Straße
46045 Oberhausen
E-Mail: kontakt@expressivart.com

 

2. purposes and legal bases of the processing

  • 2.1 Operation and backup of the website (server log files)
    IP address, date/time, URL, referrer, browser type, operating system
    Purpose: Operational security, defense against attacks, error analysis
    Legal basis: Art. 6 para. 1 lit. f GDPR
  • 2.2 Contact (form/e-mail)
    Name, e-mail, subject, message, telephone number if applicable
    Purpose: Processing your request
    Legal basis: Art. 6 para. 1 lit. b GDPR or lit. f GDPR

 

3. specific processing & tools

3.1 Payment processing

  • PayPal Checkout: Name, address, order data, transaction ID (PayPal Europe S.à.r.l. et Cie, S.C.A.)
  • SEPA credit transfer: Name, IBAN, BIC to the bank
  • Direct debit: direct debit authorization via the bank
  • Cash payment on collection: no electronic data transfer

Legal basis: Art. 6 para. 1 lit. f GDPR

 

3.2 Shipping service provider

  • DHL, UPS, Hermes: name, address, telephone number for parcel deliver

Legal basis: Art. 6 para. 1 lit. f GDPR

 

3.3 Hosting & CDN

  • Strato GmbH (server location Germany): Storage of website content, backups, log files
  • Cloudflare Inc. (CDN, server worldwide, standard contractual clauses): Caching of static content

Legal basis: Art. 6 para. 1 lit. f GDPR

 

4. Cookies & Tracking

  • 4.1 Necessary cookies (session ID, shopping cart): until browser closes
  • 4.2 Preference cookies (language, font size): 1 year
  • 4.3 Statistik-Cookies (Google Analytics): 2 years; IP anonymization; opt-out via GA add-on; AV contract concluded
  • 4.4 Marketing-Cookies (Facebook Pixel): 90 days; Events & interactions; Consent required; AV contract exists

Additional tools/plugins:
- Contact Form 7: Collection of name, e-mail, message; no storage without confirmation; Art. 6 para. 1 lit. f GDPR.
- Jetpack: Performance & security, anonymized statistics; Art. 6 para. 1 lit. f GDPR.
- Gravatar: External avatar display; server in another EU country; Art. 6 para. 1 lit. f GDPR.

 

5. consent & revocation

Non-essential cookies & tracking tools are only activated after consent (opt-in).
Revocation via cookie banner or browser settings.

 

6. storage period

Data will only be stored for as long as is necessary for the stated purposes or statutory retention periods (e.g. 10 years for accounting purposes).

 

7. rights of data subjects

You have the right to information, rectification, erasure, restriction, data portability and objection.
Contact: kontakt@expressivart.com

 

8. transfer to third countries

Currently no data transfer to third countries. Changes are documented here.

 

Data security

We use SSL/TLS, firewalls and regular backups to secure your data.

 

10. right of appeal

You can lodge a complaint with the data protection supervisory authority:
LDI NRW: www.ldi.nrw.de

 

11. integration of social media

  • Facebook plugins (Meta Platforms Ireland Ltd.): Data transmission when called; Art. 6 para. 1 lit. f GDPR.
  • Instagram plugins (Meta Platforms Ireland Ltd.): Interactions; Art. 6 para. 1 lit. f GDPR.
  • Pinterest plugins (Pinterest Inc.): Pins & interactions; Art. 6 para. 1 lit. f GDPR.

 

Contact WhatsApp

Use of the WhatsApp contact button (WhatsApp Inc., USA): Telephone number/profile picture are transmitted to WhatsApp servers; Art. 6 para. 1 lit. f GDPR.
Privacy policy: www.whatsapp.com/legal/#privacy-policy

 

13. actuality & changes

Valid from April 24, 2025; changes will be published with the new date.

en_GBEnglish
de_DEGerman en_GBEnglish
Cancellation policy