Privacy Policy | PINO PANDA

DRAFT -- Have reviewed by legal counsel before publishing!

Data Controller

[Enter company name]

[Enter address]

Email: [Enter email]

Data Collected

We collect the following personal data: email address (for orders and download links), IP address (server logs for security and error analysis).

Legal Basis

Your data is processed on the basis of Art. 6(1)(b) GDPR (contract performance, e.g. purchase processing and download provision) and Art. 6(1)(f) GDPR (legitimate interest, e.g. server security and error analysis).

Cookies

We only use technically necessary cookies: NEXT_LOCALE (strictly necessary, language setting) and cookie_consent (strictly necessary, storing your cookie preference). No tracking or marketing cookies are used.

Data Processors

We use the following data processors: Stripe (payment processing, USA), Cloudflare R2 (file storage, global), Resend (email delivery, USA), Vercel (hosting, global). Data processing agreements and EU standard contractual clauses are in place with all processors.

Data Retention

Order data: 10 years (tax law retention obligation). Server logs: 30 days. Data is deleted after the retention period expires.

Data Subject Rights

You have the following rights under Art. 15-22 GDPR: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21). To exercise your rights, contact us at the email address listed above.

Right to Lodge Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at) if you believe that the processing of your personal data is unlawful.

Fonts

This website uses the Outfit font, which is locally embedded via next/font. No requests are made to Google servers. Fonts are downloaded during the build process and self-hosted (GDPR compliant).