Privacy policy


Packonic GmbH operates the Packonic store. As a company based in Germany, we take the protection of your personal data very seriously. This policy explains how we collect, use, and protect your information in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws when you use our services or make a purchase.

1. Responsible party and contact information

The “controller” responsible for processing your data in accordance with European data protection laws is:

Packonic GmbH

Weserstr. 13a

10247 Berlin

Email: info@packonic.de

Represented by: Franka Mahlow

Since we generally employ fewer than 20 people who are regularly involved in automated data processing, we are not obligated under German law to appoint a formal data protection officer (DPO), unless specific high-risk processing takes place. However, all inquiries can be directed to the address above.

2. Legal basis for processing

We only process your data if there is a legal basis according to the GDPR (Art. 6):

  • Contract fulfillment: For processing orders and managing your account.

  • Legal obligation: To comply with German tax and commercial laws.

  • Legitimate interest: To improve our services, to ensure security, and for direct marketing.

  • Consent: When you choose to subscribe to newsletters or use non-essential cookies (opt-in).

3. Data Collected

We collect information to ensure a smooth shopping experience:

  • Identity and contact details: Name, shipping/billing address, email address and telephone number.

  • Transaction data: Details of purchased products, payment status (Note: We do not store full credit card numbers; these are processed by our payment service providers).

  • Technical data: IP address, browser type, device information and usage patterns collected via Shopify.

  • Communication: Records of support requests or correspondence.

4. International Sales and Data Transfers

Since our store is powered by Shopify, your data is processed by Shopify International Limited (Ireland). However, data may also be transferred to Shopify Inc. in Canada or the USA.

  • Manufacturing, Production & Logistics (Turkey): To provide direct-to-factory commercial pricing and maintain custom manufacturing control, our primary production lines, factory infrastructure, and key logistical hubs are located in Turkey.

  • Scope of Data Transfer: When executing your purchase agreement or processing custom-printed specifications, essential contract-fulfillment data (specifically the recipient's name, company name, delivery address, telephone number, and commercial customs invoice details) is securely transferred to our wholly-owned production assets and logistics partners based in Turkey. No financial profiles or marketing parameters are shared or stored in this process.

  • Guarantees: Transfers to third countries outside the European Economic Area (EEA)—including Canada, the USA, and Turkey—are heavily protected by Standard Contractual Clauses (SCCs) approved by the European Commission. This ensures a level of data handling safety, processing restriction, and data protection completely equivalent to the rules of the GDPR.

5. Disclosure to third parties

We do not sell your personal data. We only share information with:

  • Service providers: Shopify (hosting), payment gateways (e.g. Stripe, PayPal), and internal factory operations management.

  • Logistics Partners: International and domestic shipping companies (e.g., DHL, UPS, FedEx, or specialized overland freight carriers) strictly to fulfill the physical delivery of your purchase agreement.

  • Marketing partners: With your consent for targeted advertising (e.g., Google/Meta-Pixel).

  • Legal requirements: If required by German or international law (e.g., cross-border customs declarations or tax authorities).

6. Your rights (GDPR & International)

According to the GDPR, you have the following rights regarding your data:

  • Right of access (Art. 15): Request for a copy of the data stored about you.

  • Rectification (Art. 16): Correction of inaccurate data.

  • Erasure (Art. 17): Request to have your data erased (“right to be forgotten”).

  • Restriction (Art. 18): Limiting the way in which we use your data.

  • Data portability (Art. 20): Receiving your data in a machine-readable format.

  • Right to object (Art. 21): Objection to processing based on legitimate interests or for direct marketing.

  • Revocation of consent: If you have given us your consent (e.g. for a newsletter), you can revoke it at any time.

To exercise these rights, please contact us at the email address provided above.

7. Storage duration

We only store your data for as long as necessary:

  • Order data: Stored for 10 years to comply with German commercial and tax law retention periods (HGB and Abgabenordnung).

  • Account details: These will be stored until you request the deletion of your account.

  • Marketing data: Will be stored until you unsubscribe or withdraw your consent.

8. Safety

We use industry-standard SSL/TLS encryption for all data transfers. Although we take extensive measures to protect your data, no transmission over the internet is 100% secure. We recommend that you use strong passwords and keep your login details confidential.

9. Complaints

If you believe that our processing of your data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. In Germany, this is usually the data protection authority of the federal state in which we are based.

Berlin Commissioner for Data Protection and Freedom of Information Alt-Moabit 59-61, 10555 Berlin

https://www.datenschutz-berlin.de

Excl. VAT Incl. VAT
🛑 Momsify is disabled: Complete your subscription in the app administration.