Privacy Policy

Last Updated: 20.09.2025

1. Controller

Theresa Brandauer
Sole Proprietorship
Birkengasse 10
2700 Wiener Neustadt
Austria, EU

Email: brandauert5@gmail.com
Website: www.theresabrandauer.com

2. Collection and Storage of Personal Data

We collect and process the following personal data when you use our website, purchase products, or subscribe to our newsletter:

  • Name, address

  • Email address, phone number

  • Payment details (for purchases in the online shop)

  • IP address and usage data (e.g. access time, visited pages)

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

  • Processing of orders and contracts

  • Issuing and sending invoices

  • Handling payments

  • Sending newsletters (if you have subscribed)

  • Analyzing website usage (Google Analytics)

  • Operating and improving our online shop

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds under Art. 6 GDPR:

  • Contract performance (Art. 6 (1) b GDPR)

  • Legal obligation (e.g. tax retention requirements, Art. 6 (1) c GDPR)

  • Legitimate interests (Art. 6 (1) f GDPR, e.g. analytics, website security)

  • Consent (Art. 6 (1) a GDPR, e.g. newsletter, cookies)

5. Data Retention and Deletion

  • Customer data for invoices → 7 years (in accordance with Austrian tax law).

  • Newsletter data → until you unsubscribe.

  • IP addresses / Analytics data → anonymized or deleted after 14 months.

  • Additionally, we review all customer data every 2 years to determine whether retention is still necessary.

6. Disclosure to Third Parties / Third-Party Services

We only share personal data with third parties when necessary to fulfill contracts or when you have given consent. These include:

  • Printful (production and shipping of products)

  • Payment providers:

    • Stripe (credit card, Apple Pay, Google Pay)

    • PayPal

    • Klarna (Sofort, invoice payments, etc.)

    • Banks for wire transfers

  • Google Analytics (website analysis, see Section 7)

All third parties process personal data in compliance with GDPR. Where data is transferred outside the EU, appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Cookies and Tracking

Our website uses cookies. We distinguish between:

  • Necessary cookies (e.g. cart functionality, login)

  • Analytics cookies (Google Analytics to optimize our website)

On your first visit, you will be asked to provide consent. You can adjust or withdraw your cookie preferences at any time via your browser settings.

8. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC. Cookies are used to analyze how visitors use the site. The collected data (e.g. IP address, usage patterns) may be transmitted to servers in the USA.

IP addresses are stored in anonymized form.
Analytics data is deleted after 14 months.

You can prevent cookies from being stored by adjusting your browser settings or by using the Google Analytics opt-out browser add-on.

9. Newsletter

If you subscribe to our newsletter, we will process your email address solely for sending the newsletter.
You may withdraw your consent at any time with effect for the future (e.g. via the “unsubscribe” link in each newsletter).

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your stored data

  • Right to rectification of inaccurate data

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to lodge a complaint with a supervisory authority

Supervisory authority in Austria:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna

11. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as necessary to reflect changes in legal requirements or our services.