Privacy policy

rivacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offer").

The terms used are not gender-specific.

Last updated: June 5, 2026

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transmission of Personal Data
  • International Data Transfers
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Business Services
  • Provision of the Online Offer and Web Hosting
  • Use of Cookies
  • Contact and Inquiry Management
  • Newsletter and Electronic Notifications
  • Promotional Communication via Email, Post, Fax, or Telephone
  • Customer Reviews and Rating Processes
  • Changes and Updates
  • Definitions

Controller

Sandro Khurtsidze VortexMini Centa-Herker-Bogen 82, Munich

Authorized representative: Sandro Khurtsidze

Email address: sandrobusiness707@gmail.com

Legal notice: https://vortexmini-2.myshopify.com/policies/legal-notice

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Master data
  • Employee data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Log data

Categories of data subjects

  • Recipients of services and clients
  • Employees
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners
  • Third parties
  • Whistleblowers

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Office and organizational procedures
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Provision of our online offer and user-friendliness
  • IT infrastructure
  • Whistleblower protection
  • Sales promotion
  • Business processes and operational procedures

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence or domicile.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making in individual cases including profiling.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include in particular securing the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as access, input, transmission, securing availability, and separation of data. We have also established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data threats. Furthermore, we take data protection into account during the development and selection of hardware, software, and processes in accordance with the principle of privacy by design and privacy by default.

Securing online connections via TLS/SSL encryption (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are the cornerstones of secure data transmission on the internet. These technologies encrypt information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. When a website is secured with an SSL/TLS certificate, this is indicated by HTTPS in the URL.

Transmission of Personal Data

In the course of processing personal data, it may be transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of such data may include IT service providers or providers of services and content embedded in a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: Where we transfer data to a third country (i.e., outside the European Union or the European Economic Area), or where this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this is done in compliance with legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission.

For data transfers to other third countries, appropriate safeguards apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Further information is available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or no further legal basis for processing exists. Data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or the protection of the rights of others, is archived accordingly.

Retention periods under German law:

  • 10 years – Books and records, annual financial statements, inventories, management reports, opening balance sheets, and related organizational documents (§ 147(1) No. 1 AO, § 257(1) No. 1 HGB)
  • 8 years – Accounting documents such as invoices and expense receipts (§ 147(1) No. 4 AO, § 257(1) No. 4 HGB)
  • 6 years – Other business documents including received and sent business correspondence and other tax-relevant documents (§ 147(1) No. 2, 3, 5 AO, § 257(1) No. 2, 3 HGB)
  • 3 years – Data required to consider potential warranty and liability claims, stored for the standard statutory limitation period (§§ 195, 199 BGB)

Rights of Data Subjects

Rights under the GDPR (Art. 15–21 GDPR):

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR, including profiling. Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive information about such data.
  • Right to rectification: You have the right to request the completion or correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right to request the immediate erasure of data concerning you, or alternatively to request restriction of processing.
  • Right to data portability: You have the right to receive data concerning you in a structured, commonly used, and machine-readable format, or to request its transfer to another controller.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe the processing of your personal data violates the GDPR.

Business Services

We process personal data of our contractual and business partners, including customers, clients, interested parties, suppliers, and other cooperation partners, for the purpose of initiating, performing, and completing contractual relationships. This includes pre-contractual measures taken at the request of the data subject and communication relating to the respective contractual relationship.

Data processed includes master data such as name and address, contact data such as email address and telephone number, contract and service data, usage and performance data, payment and billing data, as well as communication content and histories.

Legal bases: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(f) GDPR (legitimate interests).

Online shop, order forms, e-commerce, and service fulfillment: We process customer data to enable them to select, purchase, and order products and services, as well as to process payment and arrange delivery. Where required for order fulfillment, we use service providers such as postal, freight, and shipping companies. Payment processing is handled by banks and payment service providers. Legal basis: Art. 6(1)(b) GDPR.

Provision of the Online Offer and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

  • Data processed: Usage data; meta, communication, and procedural data; log data
  • Data subjects: Users
  • Purposes: Provision of online offer; IT infrastructure; security measures
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

Hosting on rented server space: We use storage space, computing capacity, and software rented from a server provider (web host) to provide our online offer. Legal basis: Art. 6(1)(f) GDPR.

Collection of access data and log files: Access to our online offer is logged in the form of server log files, which may include the address and name of the pages and files accessed, date and time of access, data volumes transferred, browser type and version, operating system, referrer URL, and IP addresses. Log files are stored for a maximum of 30 days and then deleted or anonymized. Legal basis: Art. 6(1)(f) GDPR.

Use of Cookies

"Cookies" refers to functions that store and retrieve information on users' devices. We use cookies in accordance with legal requirements and obtain prior consent where required. Where consent is not required, we rely on our legitimate interests.

Storage duration:

  • Temporary cookies (session cookies): Deleted when the user leaves the online offer and closes their device.
  • Permanent cookies: Remain stored after the device is closed, for up to two years unless otherwise specified.

Users may withdraw consent at any time and object to processing via their browser's privacy settings.

  • Legal bases: Art. 6(1)(f) GDPR (legitimate interests); Art. 6(1)(a) GDPR (consent)

Cookie consent management: We use a consent management solution to obtain, log, manage, and enable the withdrawal of user consent for the use of cookies and related technologies. Consent records are stored for up to two years. Legal basis: Art. 6(1)(a) GDPR.

Categories of Cookies We Use

We use the following categories of cookies on our website. You can manage your preferences at any time via our cookie settings.

Required These cookies are strictly necessary for the website to function properly. They enable core features such as logging in and adding items to the shopping cart. These cookies cannot be disabled as the website would not function without them. No consent is required for these cookies.

Personalization These cookies store information about your actions and preferences to personalize your experience on future visits to our website, such as remembering your language or region settings. These cookies are only set with your consent. Legal basis: Art. 6(1)(a) GDPR.

Marketing These cookies are used by us and our partners, including Shopify, to optimize marketing communications and show you relevant advertisements on other websites. They track your activity across websites to build a profile of your interests. These cookies are only set with your consent. Legal basis: Art. 6(1)(a) GDPR.

Analytics These cookies help us understand how visitors interact with our website. We use this data to identify areas for improvement and optimize the user experience. These cookies are only set with your consent. Legal basis: Art. 6(1)(a) GDPR.

You can withdraw your consent at any time by clicking on "Manage preferences" in the cookie banner or footer of our website.

Contact and Inquiry Management

When you contact us (e.g., via contact form, email, telephone, or social media), we process the personal data provided to the extent necessary to respond to the inquiry.

  • Data processed: Contact data; content data; meta, communication, and procedural data
  • Data subjects: Communication partners
  • Purposes: Communication; organizational procedures; feedback; provision of online offer
  • Legal bases: Art. 6(1)(f) GDPR; Art. 6(1)(b) GDPR

Contact form: Data submitted via our contact form or by email is used exclusively to respond to the inquiry. Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR.

Newsletter and Electronic Notifications

We send newsletters and other electronic notifications only with the recipient's consent or on a legal basis. An email address is generally sufficient to subscribe. Unsubscribed email addresses may be retained for up to three years to document prior consent, after which they are deleted or stored in a blocklist solely to honor opt-outs.

Contents: Information about us, our services, promotions, and offers.

  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Opt-out: You may unsubscribe at any time via the link in each newsletter or by contacting us directly.

Promotional Communication via Email, Post, Fax, or Telephone

We process personal data for promotional communication purposes via various channels in accordance with legal requirements. Recipients may withdraw consent or object to promotional communication at any time free of charge. After withdrawal or objection, data necessary to document prior authorization may be retained for up to three years. Legal bases: Art. 6(1)(a) GDPR; Art. 6(1)(f) GDPR.

Customer Reviews and Rating Processes

We participate in review and rating processes to evaluate, optimize, and promote our services. Where customers consent, we transmit data (including name, email address, and order number) to the relevant rating platform solely to verify the authenticity of the reviewer.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

Rating widget: We embed rating widgets in our online offer. When a widget is displayed, a data connection is established with the widget provider's server, which receives technical access data including the user's IP address. Legal basis: Art. 6(1)(f) GDPR.

Changes and Updates

We ask you to regularly review the content of this privacy policy. We update the policy whenever changes to our data processing activities require it. We will notify you when changes require your action (e.g., consent) or individual notification.

Definitions

  • Master data: Information necessary for identifying and managing contractual partners and user accounts, including names, contact details, dates of birth, and user IDs.
  • Employee data: Information relating to persons in an employment relationship, including identification data, salary and banking details, working hours, and performance evaluations.
  • Content data: Information generated in the creation and publication of content, including texts, images, videos, and related metadata.
  • Contact data: Information enabling communication, including phone numbers, postal addresses, email addresses, and social media handles.
  • Meta, communication, and procedural data: Information about how data is processed and transmitted, including file metadata, communication logs, and audit trails.
  • Usage data: Information about how users interact with digital products, including page views, click paths, session durations, device types, and IP addresses.
  • Personal data: Any information relating to an identified or identifiable natural person.
  • Log data: Records of events or activities in a system, including timestamps, IP addresses, user actions, and error messages.
  • Controller: The natural or legal person who determines the purposes and means of processing personal data.
  • Processing: Any operation performed on personal data, including collection, storage, transmission, and deletion.
  • Contract data: Information relating to the formalization of an agreement, including contract terms, duration, pricing, and payment conditions.
  • Payment data: Information required to process financial transactions, including bank account details, invoice data, and transaction records.