Login

Language

PRIVACY POLICY - June 2026

Data Protection Contact:

Christian Kernchen e.K.
Joergstr. 31 | D-80689 Munich | Germany

Tel.: +49 89 289 747 35
Fax.: +49 89 289 747 36

E-Mail: privacy (at) froosty (dot) com
Website: www.froosty.com

Registered Court: Amtsgericht Munich
Registration Number: HRA 96743

VAT Number according to § 27a German VAT Act: DE 275199715

 

1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data means all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Christian Kernchen e.K., Joergstr. 31, 80689 Munich, Germany, phone: +49 89 289 747 35, fax: +49 89 289 747 36, email: contact (at) froosty (dot) com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 Questions relating to data protection may be addressed to: Christian Kernchen e.K., Joergstr. 31, 80689 Munich, Germany, email: privacy (at) froosty (dot) com.

1.4 For security reasons and to protect the transmission of personal data and other confidential content, such as orders, enquiries or withdrawal declarations, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website

If you only use our website for informational purposes, i.e. if you do not register, place an order, submit a form or otherwise provide us with information, we only collect data that your browser transmits to our server or to the technical service providers used by us. This data is technically necessary to display the website to you and to ensure stability and security.

This may include:

- visited website;
- date and time of access;
- amount of data sent in bytes;
- source or reference from which you came to the page;
- browser used;
- operating system used;
- IP address used, where applicable in shortened or anonymised form;
- technical access and log data.

The processing takes place in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability, security and functionality of our website. The data will not be passed on or used in any other way, unless this is technically necessary, legally required or necessary to investigate misuse or unlawful use.

3) Hosting & Content Delivery Network

3.1 Hosted by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting, operating and displaying the online shop. All data collected on our website may be processed on Shopify’s systems.

As part of Shopify’s services, data may also be processed by Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc., depending on the respective service and processing context.

Processing is carried out for the performance of contracts in accordance with Article 6 (1) (b) GDPR, for compliance with legal obligations in accordance with Article 6 (1) (c) GDPR and on the basis of our legitimate interest in the secure, efficient and reliable operation of our online shop in accordance with Article 6 (1) (f) GDPR.

Further information on Shopify’s data protection practices is available at: https://www.shopify.com/legal/privacy

3.2 Cloudflare

On our website we may use a Content Delivery Network (“CDN”) from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”). A CDN is an online service used to deliver large media files, graphics, page content, scripts and other technical content through a network of regionally distributed servers connected via the Internet. Using Cloudflare helps us to optimize loading speeds, stability and security.

Processing is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in providing our website securely and efficiently and improving the stability and functionality of our website.

Further information is available in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/

3.3 Fastly

On our website we may use a Content Delivery Network (“CDN”) from Fastly Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA (“Fastly”). A CDN is used to deliver media files, graphics, page content, scripts and other technical content through a network of distributed servers. Using Fastly helps us to optimize loading speeds, stability and functionality.

Processing is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in providing our website securely and efficiently and improving the stability and functionality of our website.

Further information is available in Fastly’s privacy policy: https://www.fastly.com/privacy

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (“session cookies”), while other cookies remain on your end device for a longer period of time and enable page settings or technical preferences to be saved (“persistent cookies”).

If personal data is processed by cookies used by us, the processing takes place in accordance with Article 6 (1) (b) GDPR where this is necessary for the performance of a contract, in accordance with Article 6 (1) (a) GDPR where consent has been given, or in accordance with Article 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality, security and customer-friendly design of the website.

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them, or exclude the acceptance of cookies for certain cases or in general. Please note that if cookies are not accepted, the functionality of our website may be restricted.

Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser and explains how you can change your cookie settings. Information for common browsers is available here:

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies

Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en

Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

5) Customer account, orders and contract processing

If you place an order in our online shop, create a customer account, use checkout functions, make a payment, request delivery, contact us in relation to an order or otherwise provide information for the purpose of contract processing, we process the personal data required for the conclusion, performance and administration of the contract.

This may include, in particular, name, billing address, delivery address, email address, telephone number, order data, product data, payment data, invoice data, delivery data, communication data and any other information required for processing the respective order or contractual relationship.

The processing is carried out for the performance of a contract or for taking steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR. Where processing is necessary to comply with legal obligations, in particular tax, commercial, accounting or documentation obligations, processing is carried out in accordance with Article 6 (1) (c) GDPR. Where processing is necessary to protect our legitimate interests in proper administration, documentation, security and defence of legal claims, processing is carried out in accordance with Article 6 (1) (f) GDPR.

The data will be stored for as long as necessary for contract processing and thereafter for the duration of applicable statutory retention periods, in particular under commercial and tax law. After expiry of the relevant retention periods, the data will be deleted or restricted in accordance with the statutory provisions.

6) Payment processing

Depending on the payment method selected during checkout, payment data may be transmitted to the respective payment service provider, bank, credit card company, payment processor or payment platform for the purpose of payment processing.

The categories of data processed may include name, billing address, email address, order amount, transaction data, payment method, payment status and other data required for payment processing, fraud prevention, chargeback handling and legal documentation.

Processing is carried out for the performance of a contract in accordance with Article 6 (1) (b) GDPR, to comply with legal obligations in accordance with Article 6 (1) (c) GDPR and, where applicable, on the basis of our legitimate interest in secure, reliable and fraud-resistant payment processing in accordance with Article 6 (1) (f) GDPR.

We do not generally receive or store full credit card numbers or comparable complete payment credentials. Payment processing is carried out by the respective payment service providers in accordance with their own technical and legal requirements.

7) Delivery, shipping and fulfilment

If goods are delivered to you, the personal data required for delivery may be transmitted to shipping service providers, logistics partners, fulfilment service providers or other delivery partners.

This may include, in particular, name, delivery address, email address, telephone number, order number, shipment data, tracking data and information required for delivery, shipment notification or handling of delivery issues.

Processing is carried out for the performance of a contract in accordance with Article 6 (1) (b) GDPR and, where applicable, on the basis of our legitimate interest in reliable shipment processing, shipment tracking, customer communication and proper documentation in accordance with Article 6 (1) (f) GDPR.

8) Contact, enquiries and communication

If you contact us by email, contact form, telephone or other means, we process the personal data you provide in order to process and respond to your enquiry.

This may include, in particular, name, email address, telephone number, message content, order references, attachments, communication history and any other information voluntarily provided by you.

If your enquiry relates to a contract or pre-contractual measures, processing is carried out in accordance with Article 6 (1) (b) GDPR. In all other cases, processing is carried out on the basis of our legitimate interest in properly responding to enquiries, documenting communication and managing our business communication in accordance with Article 6 (1) (f) GDPR. Where legal obligations apply, processing may also be carried out in accordance with Article 6 (1) (c) GDPR.

Enquiry and communication data will be stored for as long as necessary to process the enquiry and thereafter only where statutory retention periods, documentation requirements or legitimate interests in the assertion, exercise or defence of legal claims require further storage.

9) Electronic withdrawal function and withdrawal form

We provide an electronic withdrawal function on our website. If you use the withdrawal form, we process the personal data required to receive, document, assign and process your withdrawal declaration.

This may include, in particular, first name, last name, email address, order number, affected order or items, the content of your withdrawal declaration, date and time of receipt, technical submission data and communication data relating to the withdrawal.

Processing is carried out for the performance and reversal of a contract in accordance with Article 6 (1) (b) GDPR, for compliance with legal obligations relating to consumer rights, documentation and statutory retention obligations in accordance with Article 6 (1) (c) GDPR and, where applicable, on the basis of our legitimate interest in proper documentation, fraud prevention and the assertion, exercise or defence of legal claims in accordance with Article 6 (1) (f) GDPR.

The data submitted via the withdrawal form may be processed through Shopify Forms, Shopify Flow and technical email or workflow services used for the receipt, routing, confirmation, internal notification and documentation of the withdrawal declaration.

After submission of the withdrawal form, you may receive an automatic confirmation of receipt by email. This confirmation only confirms technical receipt of your withdrawal declaration and does not constitute a final legal assessment of the validity, timeliness or scope of the withdrawal.

Withdrawal-related data will be stored for as long as necessary to process the withdrawal and thereafter for the duration of applicable statutory retention periods and limitation periods, or as long as necessary for the assertion, exercise or defence of legal claims.

10) Shopify Forms, Shopify Flow and technical workflow services

We may use Shopify Forms, Shopify Flow or comparable technical workflow functions within the Shopify system to receive form submissions, process customer enquiries, route internal notifications, trigger email confirmations and document certain business processes.

Depending on the form or workflow used, the data processed may include name, email address, order number, message content, form submissions, timestamps, technical metadata and any information voluntarily entered by the user.

Processing is carried out, depending on the specific purpose, for the performance of a contract or pre-contractual measures in accordance with Article 6 (1) (b) GDPR, to comply with legal obligations in accordance with Article 6 (1) (c) GDPR, on the basis of our legitimate interest in efficient, secure and documented processing of business operations in accordance with Article 6 (1) (f) GDPR or, where required, on the basis of consent in accordance with Article 6 (1) (a) GDPR.

Shopify acts as a technical service provider and processor or independent controller depending on the specific service and processing context. Further information on Shopify’s data protection practices is available at: https://www.shopify.com/legal/privacy

11) Email delivery, transactional emails and FlowMail

For transactional emails, confirmations, internal notifications and workflow-based messages, we may use technical email delivery services, including FlowMail or comparable services connected to Shopify.

Depending on the respective process, the data processed may include name, email address, order number, form content, message content, timestamps, delivery status, technical email metadata and communication-related information.

Processing is carried out, depending on the respective purpose, for the performance of a contract in accordance with Article 6 (1) (b) GDPR, to comply with legal obligations in accordance with Article 6 (1) (c) GDPR and on the basis of our legitimate interest in secure, reliable and documented email communication in accordance with Article 6 (1) (f) GDPR.

Transactional and workflow-related emails are not sent for advertising purposes unless you have separately consented to receive marketing communications or another legal basis applies.

12) Enquiry forms, collector’s editions and price enquiries

If we provide enquiry forms, contact forms, “Enquire” functions or similar request options for collector’s editions, limited works, special editions or individual enquiries, we process the personal data submitted by the user in order to receive, review and respond to the respective enquiry.

This may include, in particular, name, email address, telephone number, country, message content, requested artwork or edition, product reference, enquiry details, communication history and any information voluntarily provided by the user.

Processing is carried out for taking steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR and on the basis of our legitimate interest in responding to enquiries, documenting communication and managing potential customer relationships in accordance with Article 6 (1) (f) GDPR.

Enquiry data will be stored for as long as necessary to process the enquiry and thereafter only where statutory retention periods, documentation requirements or legitimate interests in the assertion, exercise or defence of legal claims require further storage.

13) Customer reviews, testimonials and user-generated content

If users submit reviews, testimonials, feedback, comments, images or other user-generated content, we process the data provided for the purpose of reviewing, managing, publishing or documenting the respective content.

This may include, in particular, name, display name, email address, content submitted, rating, product reference, date of submission and technical metadata.

Processing is carried out on the basis of consent in accordance with Article 6 (1) (a) GDPR where required, or on the basis of our legitimate interest in presenting customer feedback, ensuring authenticity, preventing misuse and managing our online presence in accordance with Article 6 (1) (f) GDPR.

Published content may remain visible until it is removed, the underlying consent is withdrawn where processing is based on consent, or another legal reason requires deletion or restriction.

14) Email marketing and newsletter

If we offer email marketing, newsletters, product updates or comparable marketing communications, we process your email address and, where applicable, your name, consent status, registration time, confirmation time, IP address, marketing preferences and communication data.

Marketing emails are sent only where you have given your consent in accordance with Article 6 (1) (a) GDPR or where another legal basis applies. You may withdraw your consent at any time with effect for the future.

Transactional emails relating to orders, contract processing, withdrawal declarations, customer service or legally relevant communication are not considered marketing emails.

15) Security, abuse prevention and legal defence

We may process personal data, technical data, communication data, transaction data and documentation data where this is necessary to protect our website, systems, customers, rights and business operations against misuse, fraud, security incidents, unlawful access, spam, contractual breaches or other unlawful conduct.

Processing is carried out on the basis of our legitimate interest in secure and lawful business operations, abuse prevention, fraud prevention, IT security, documentation and the assertion, exercise or defence of legal claims in accordance with Article 6 (1) (f) GDPR. Where legal obligations apply, processing may also be carried out in accordance with Article 6 (1) (c) GDPR.

16) Recipients and categories of recipients

Personal data may be disclosed to or processed by service providers and third parties where this is necessary for the respective processing purpose. This may include, in particular, hosting providers, shop system providers, payment service providers, shipping and logistics providers, email and communication service providers, IT service providers, workflow and automation providers, tax advisors, legal advisors, authorities, banks and other parties involved in contract processing, payment processing, delivery, legal compliance or legal defence.

Where service providers process personal data on our behalf, this is done on the basis of appropriate data processing agreements where required by law.

17) International data transfers

In the course of using Shopify, hosting, content delivery, payment, email, workflow or other technical services, personal data may be transferred to countries outside the European Union or the European Economic Area.

Where such transfers occur, they are carried out only where an adequate level of data protection is ensured, for example on the basis of an adequacy decision of the European Commission, standard contractual clauses, additional safeguards or another legal transfer mechanism permitted under the GDPR.

18) Storage period and deletion

We process and store personal data only for as long as necessary for the respective processing purpose or as required by statutory retention obligations, limitation periods, documentation obligations or legitimate interests in the assertion, exercise or defence of legal claims.

Once the relevant purpose no longer applies and no statutory retention period or other legal basis for storage exists, the personal data will be deleted or restricted in accordance with the statutory provisions.

19) Rights of data subjects

As a data subject, you have the following rights under the GDPR, subject to the respective legal requirements:

- right of access in accordance with Article 15 GDPR;
- right to rectification in accordance with Article 16 GDPR;
- right to erasure in accordance with Article 17 GDPR;
- right to restriction of processing in accordance with Article 18 GDPR;
- right to data portability in accordance with Article 20 GDPR;
- right to object in accordance with Article 21 GDPR;
- right to withdraw consent at any time with effect for the future where processing is based on consent;
- right to lodge a complaint with a competent supervisory authority.

To exercise your rights, you may contact us using the contact details provided in this Privacy Policy.

20) Right to object

If we process personal data on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation in accordance with Article 21 GDPR.

If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such marketing purposes. If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

21) Contact regarding data protection

If you have any questions about data protection or wish to exercise your rights as a data subject, you may contact us as follows:

Christian Kernchen e.K.
Joergstr. 31
80689 Munich
Germany

Email: privacy (at) froosty (dot) com

22) Status of this Privacy Policy

This Privacy Policy is currently valid and was last updated in June 2026.

Creator & Copyright © 2026 - all rights reserved

Christian Kernchen e.K. | FROOSTY®
Joergstr. 31
80689 Munich
Germany

www.froosty.com | contact (at) froosty (dot) com