Skip to content
🎁FIRSTDANCE15— 15% off your first order!
Tutu & Tiaras

Privacy Policy

Datenschutzerklärung / Privacy Notice

1. Verantwortlicher / Data Controller

Tutu and Tiaras Shop (a brand of Debored AI)
Michael Guiao
Leverkusen, Germany

E-Mail: hello@tutu-and-tiaras.shop

2. Overview of Data Processing / Übersicht über die Datenverarbeitung

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is any data with which you could be personally identified.

3. Data We Collect / Erhebung und Speicherung personenbezogener Daten

a) When You Place an Order

When you place an order on our website, we collect the following personal data necessary for fulfilment of the contract:

  • Full name
  • Email address
  • Shipping address (street, city, postal code, country)
  • Billing address (if different from shipping address)
  • Phone number (if provided)
  • Order details and order history

The legal basis for processing this data is Article 6(1)(b) GDPR (performance of a contract). We retain order data for the duration of the statutory retention period (typically 10 years for tax purposes).

b) When You Contact Us

If you contact us by email, we process the information you provide (name, email address, message content) to handle your enquiry. The legal basis is Article 6(1)(f) GDPR (legitimate interest in customer service).

c) Newsletter

If you subscribe to our newsletter, we store your email address to send you promotional communications. You can unsubscribe at any time using the link in each newsletter. The legal basis is Article 6(1)(a) GDPR (consent).

4. Cookies and Tracking Technologies / Cookies und Tracking-Technologien

a) Essential Cookies

We use essential cookies that are necessary for the operation of the website, such as session cookies for the shopping cart and authentication. These cookies do not require your consent under Article 6(1)(f) GDPR.

b) Analytics (Umami)

We use Umami Analytics, a privacy-friendly, GDPR-compliant web analytics tool hosted on our own servers. Umami anonymises all data and does not use cookies that track users across websites. No personal data is shared with third parties. The legal basis is Article 6(1)(f) GDPR (legitimate interest in website optimisation).

5. Payment Processing / Zahlungsabwicklung

Payments on our website are processed by our payment service provider (e.g., Stripe) or our e-commerce system provider. Your payment data (credit card number, bank details, etc.) is transmitted directly to the payment provider and is not stored on our servers.

Please refer to the payment provider's own privacy policy for details on how they process your data.

6. Data Storage Location / Datenspeicherung in der EU

All personal data collected through this website is stored and processed on servers located within the European Union (EU). We do not transfer your personal data to countries outside the EU unless explicitly stated and an adequate level of data protection is ensured.

7. Your Rights / Ihre Rechte

Under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:

  • Right of Access (Art. 15 GDPR): You have the right to request information about the personal data we hold about you.
  • Right to Rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
  • Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to Restriction of Processing (Art. 18 GDPR): You may request that we restrict the processing of your personal data under certain conditions.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time.
  • Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on your consent, you may withdraw it at any time with future effect.
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

8. Contact / Kontakt

For any questions regarding data protection or to exercise your rights, please contact us at:

E-Mail: hello@tutu-and-tiaras.shop

This privacy policy was last updated: March 2026. We reserve the right to update this policy at any time. The current version is always available on this page.

© 2026 Tutu and Tiaras Shop. All rights reserved.

Built with 💖 by Debored AI