No products in the cart.
Last updated: 3 July 2025
1. Introduction
We at Thalia Botsari (“we”, “us”, “our”) are committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, and store your personal data when you visit our website, purchase our products, or interact with us in any way.
We operate in compliance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act of Germany (BDSG).
2. Data Controller
The data controller responsible for the processing of your personal data is:
Thalia Botsari
Kinzigstrasse 26
Berlin
Germany
Email: [email protected]
3. What Personal Data We Collect
We may collect the following categories of personal data: your contact details including name, address, email, and telephone number; order information such as billing and shipping address and product selections; payment information including payment method and transaction ID (note that payment processing is handled by third-party providers); marketing data such as newsletter opt-in, preferences, and click behavior; technical data including IP address, browser type, device ID, cookies, and website usage statistics. If you use Facebook login, we may also receive your public profile and email address with your consent.
4. Purposes of Processing
We process your data to fulfil your orders and provide customer support, to manage trade account registrations, to send email newsletters (only if you have given consent), to improve our website functionality and user experience, to analyze traffic, optimize ads, and run our affiliate program, and to comply with legal obligations.
5. Legal Basis for Processing
Under GDPR, the lawful bases we rely on include:
Art. 6(1)(b) GDPR for the performance of a contract (such as fulfilling orders via WooCommerce, Stripe, or PayPal);
Art. 6(1)(a) GDPR where we have your consent (such as newsletter subscriptions via MailerLite or Brevo, use of Facebook login, or Pinterest tracking);
Art. 6(1)(c) GDPR for compliance with legal obligations (such as tax regulations);
Art. 6(1)(f) GDPR for our legitimate interests (such as website analytics via Google Analytics or remarketing via Google Ads and Pinterest).
6. Cookies and Tracking
We use cookies and similar technologies on our website. These include services such as Google Analytics (for website usage analysis), Google Ads Remarketing (to display targeted ads), Pinterest Conversion Tag and Retargeting Pixel (for campaign tracking and retargeting), Facebook Login and associated social plugins, and Google Tag Manager (to manage and load scripts efficiently). You will be informed about cookies upon your first visit and can manage your preferences via our cookie banner.
7. Newsletter and Marketing Communications
You will only receive our newsletter or promotional emails if you have explicitly opted in. We use MailerLite and Brevo (formerly Sendinblue) as our email marketing platforms. You can unsubscribe at any time via the link in each email or by contacting us directly.
8. Data Sharing and Transfers
We do not sell your data. However, we may share data with the following service providers: Cloudflare for website security and content delivery; MailerLite and Brevo for email campaigns; WooCommerce and YITH Affiliates for order and affiliate tracking; Stripe, WooCommerce PayPal Payments, and PayPal for payment processing; Google Fonts to render website typography; Google Analytics, Google Tag Manager, and Google Ads for analytics and advertising; Pinterest and Facebook for advertising and retargeting purposes; as well as web hosting and IT infrastructure providers. Where data is transferred outside the EU or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or participation in the EU-U.S. Data Privacy Framework.
9. Your Rights Under the GDPR
Under the GDPR, you have the right to access your personal data (Art. 15), correct inaccurate data (Art. 16), erase your data (“right to be forgotten”, Art. 17), restrict processing (Art. 18), object to processing (Art. 21), request data portability (Art. 20), withdraw consent at any time (Art. 7), and lodge a complaint with the supervisory authority (Art. 77).
10. Data Retention
We store your data only as long as necessary to fulfill the purposes outlined in this policy or as required by law, such as a 10-year retention period for invoices and tax documents.
11. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse.
12. Supervisory Authority
If you believe your data protection rights have been violated, you may contact your local data protection authority. In Germany, this is:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Straße 153
53117 Bonn
Website: https://www.bfdi.bund.de
13. Changes to This Policy
We reserve the right to update this privacy policy from time to time. The latest version will always be available on our website.
14. Third-Party Services Overview
The following third-party services are used on our website and may process your personal data:
Cloudflare is used for web security and content delivery.
Brevo (Sendinblue) is used for sending newsletters and marketing communications.
WooCommerce PayPal Payments, Stripe, and PayPal process customer payments.
MailerLite is used for managing newsletters and marketing opt-ins.
Facebook Login allows optional login with Facebook credentials.
Google Web Fonts are used to render custom typography.
Google Analytics helps analyze website performance and visitor behavior.
Google Tag Manager manages all script and tag deployments.
Google Ads Remarketing is used to display relevant advertising to users.
Pinterest Conversion Tag and Retargeting Pixel are used for campaign measurement and ad targeting.
YITH WooCommerce Affiliates helps manage our affiliate program.