Privacy Policy

§ 1 Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

§ 2 General Information on Data Processing

We only process personal data of our users insofar as this is necessary to provide a functional platform and our content and services. The processing of personal data regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by statutory provisions.

§ 3 Legal Basis for Processing

• •Art. 6 Abs. 1 lit. a DSGVO - Consent of the data subject
• •Art. 6 Abs. 1 lit. b DSGVO - Contract performance or pre-contractual measures
• •Art. 6 Abs. 1 lit. c DSGVO - Compliance with a legal obligation
• •Art. 6 Abs. 1 lit. f DSGVO - Legitimate interest (e.g., security, analytics)

§ 4 Registration and User Account

The following personal data is collected during registration on our platform:

• •First and last name
• •Email address
• •Password (stored encrypted)

For sellers, additional data is collected: company name, legal form, SIRET number, VAT ID, address data, phone number.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Contract performance).
Storage duration: Until the user account is deleted, unless statutory retention obligations apply.

§ 5 Orders and Payment Processing

We process the following data when placing an order:

• •Delivery address (name, street, postal code, city, country)
• •Order data (products, quantities, prices, order number)
• •Payment information (processed via Stripe - we do not store credit card data)

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Contract performance).
Storage duration: Order data is retained for 10 years in accordance with commercial and tax law retention obligations (§ 147 AO, § 257 HGB).

§ 6 Payment service providers

For payment processing we integrate several providers depending on the payment method chosen by the seller's customers. Shopisim itself does not store full credit card numbers or Mobile Money PINs.

Providers used: Stripe, Inc. (USA - EU-US Data Privacy Framework), PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg), Flutterwave (Nigeria/USA), CinetPay (Côte d'Ivoire), Orange Money (France/West Africa), MTN Mobile Money (West Africa). Bank transfer and cash on delivery are settled directly between the buyer and the seller. Stripe Privacy Policy.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Contract performance).

§ 7 Hosting and Server Log Files

Our platform is hosted on servers in Germany. When accessing our platform, the following data is automatically stored in server log files:

• •IP address of the requesting computer
• •Date and time of access
• •Browser type and operating system used
• •Referrer URL
• •Page/resource accessed

Legal basis: Art. 6 Abs. 1 lit. f DSGVO (Legitimate interest in the security and stability of the service).
Storage duration: Server log files are deleted after 30 days.

§ 8 Cookies

Our platform uses cookies. Cookies are small text files stored on your device.

We currently do not use any third-party tracking or analytics cookies (no Google Analytics, no Facebook Pixel).

§ 9 Email Communication

We send you emails exclusively in connection with your user account and your orders:

• •Registration confirmation and email verification
• •Order confirmations and status updates
• •Invoices and payment receipts
• •Password reset

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Contract performance). We do not send advertising emails without explicit consent.

§ 10 Data Sharing with Third Parties

Your personal data is only shared with third parties in the following cases:

• •To sellers: To process your order, your name and delivery address are shared with the respective seller on the platform.
• •Stripe: Payment data for transaction processing (see § 6).
• •Authorities: Where we are legally obligated to do so (e.g., tax audit).

We do not sell or otherwise commercially share your data with third parties.

§ 11 Data Security

We employ technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access:

• •SSL/TLS encryption for all data transfers
• •Encrypted password storage (bcrypt)
• •Regular security updates and system maintenance
• •Access control and role-based permissions

§ 12 Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

§ 13 Exercising Your Rights on Shopisim

We provide the following GDPR features directly in your user account:

§ 14 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Competent supervisory authority for North Rhine-Westphalia:

§ 15 Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit.

§ 16 Minors

Our platform is intended for adults and for sellers able to lawfully run a business. We do not knowingly collect personal data from children under 16 without parental consent. Should we become aware that we have processed data from a person under 16 without consent, we will delete it without delay. Parents and guardians are encouraged to supervise their children's online activity.

§ 17 Artificial Intelligence (AI)

Shopisim uses AI services to help sellers build their store - for example to generate product descriptions, translations and voice transcription. The following services are used:

• •Anthropic Claude (USA) - FR/EN/DE translations and editorial text generation. Only the content needed for processing (product name, description) is transmitted.
• •OpenAI Whisper (USA) - speech-to-text transcription, exclusively on the seller's explicit action (microphone button). Audio is not retained after transcription.

Legal basis: Legitimate interest (convenience and speed for sellers); contract performance for seller-package features.

These features are optional - no AI call is made without the seller clicking the dedicated button.

§ 18 Push notifications

If you explicitly consent (browser request), Shopisim may send push notifications - new order, new message, plan status. We use the Web Push standard (VAPID); the technical delivery goes through browser push servers (Google FCM, Mozilla autopush, Apple APNs). You can withdraw this consent at any time from your account settings or your browser settings.

Legal basis: Consent (Art. 6(1)(a) GDPR).

§ 19 International data transfers

Some of our processors are located outside the European Union. We ensure a GDPR-compliant level of protection through the following mechanisms:

• •United States: Stripe, Anthropic, OpenAI - relying on the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses (SCCs 2021/914) as the transfer basis.
• •West Africa: Flutterwave, CinetPay, Orange Money, MTN Mobile Money - these services are activated only when a seller explicitly enables them. Transfers are limited to the data required for the payment (amount, phone number, transaction ID). Each provider's privacy policy applies in addition.

On request we will provide you with the list of our processors and the corresponding safeguards - write to us at contact@digitalssolutions.de.