Privacy policy
1. Preamble, International Scope, Normative Hierarchy, and Definition
Subject to the express, comprehensive, reserving, and, to the extent legally permissible, mandatory application of all applicable international, supranational, regional, national, federal, and other data protection, consumer protection, telecommunications, information security, and civil law provisions, including but not limited to the European Union General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act, the Singapore Personal Data Protection Act (PDPA), the Swiss Federal Act on Data Protection (FADP), as well as all comparable international data protection and consumer protection regulations, this Privacy Policy (hereinafter the “Policy”) governs mutatis mutandis et sine qua non the collection, storage, processing, use, analysis, disclosure, transfer, archiving, deletion, pseudonymisation, anonymisation, and any other processing of personal or personally identifiable data of natural or legal persons who directly or indirectly interact with the website, products, services, communication channels, platforms, analytical tools, or other business processes of the provider.
Where multiple jurisdictions apply simultaneously, interpretation shall be carried out in accordance with the principles lex superior derogat legi inferiori, lex specialis derogat legi generali, bona fide, as well as internationally recognised principles of transparency, data minimisation, purpose limitation, integrity, and proportionality.
2. Definitions
The terms used in this Policy, in particular “personal data”, “processing”, “consent”, “processor”, “third party”, “storage”, “transfer”, “deletion”, “use”, or “security”, include all associated conditions, limitations, exceptions, technical processes, legal requirements, and interpretative scope of their respective statutory definitions. The applicable data protection laws of the relevant jurisdiction shall prevail.
3. Controller
The controller within the meaning of the applicable data protection laws is:
HITMADE™
Business address: Im Zollhafen, 50678 Cologne, Germany
Email: hitmade@proton.me
Further information can be found in the legal notice (Impressum). Data protection-related inquiries, access requests, withdrawals, or complaints may be submitted at any time via the contact channels provided.
4. Types of Data Collected and Purposes of Processing
The provider collects, stores, and processes personal data solely to the extent necessary. This may include, in particular, name, address, payment information, email address, device information, IP addresses, cookies, usage data, communication content, as well as technical analysis and security data.
Processing occurs in particular for the following purposes:
- Contract performance and payment processing
- Delivery of digital or physical products
- Customer service and communication
- Technical provision and security of the website
- Statistical analysis and optimisation
- Marketing and reach measurement
- Fraud prevention and abuse detection
- Compliance with legal, tax, or regulatory obligations
All processing operations are carried out in accordance with the principles of data minimisation, storage limitation, integrity, and proportionality.
5. Legal Bases for Processing
Personal data is processed solely on the basis of at least one legally permissible legal ground, in particular:
- Contract performance or pre-contractual measures
- Explicit consent
- Legal obligations
- Legitimate interests of the provider
- Protection of vital interests
- Other legally permissible grounds under applicable law
Where national or international legal systems impose additional requirements or safeguards, these shall apply additionally.
6. Disclosure, Processing by Third Parties, and International Data Transfers
Personal data is only disclosed to third parties, service providers, processors, payment providers, hosting providers, analytics or security service providers to the extent necessary for the fulfilment of the purposes stated in this Policy or where legally permitted.
International data transfers may in particular be based on adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), Data Privacy Frameworks, or comparable legally recognised protection mechanisms.
All recipients are required to implement appropriate technical and organisational security measures.
7. Storage Periods, Deletion, and Security
Personal data is stored only for as long as necessary for the respective purposes or as required by law. Once the purpose no longer applies, the data will be deleted, blocked, or anonymised.
The provider implements appropriate technical and organisational security measures to protect data against loss, manipulation, unauthorised access, or unlawful processing.
8. Rights of Data Subjects
Where legally provided, data subjects have in particular the following rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent
- Right to lodge a complaint with supervisory authorities
- Opt-out from certain processing or marketing activities
The exercise of these rights may be subject to appropriate identity verification.
9. Cookies, Tracking, and Analytics
The website may use cookies, pixels, tracking technologies, analytics, and security tools to ensure functionality, security, reach measurement, usability, and marketing activities.
Users may manage or withdraw certain tracking or cookie settings at any time via browser settings or available consent mechanisms.
10. International Users and Territorial Application
This Policy applies worldwide to the extent permitted by law. Users acknowledge that personal data may be processed or stored in countries whose level of data protection may differ from that of the country of origin.
The provider endeavours to implement appropriate safeguards to ensure lawful international data transfers.
11. Changes to the Privacy Policy
The provider reserves the right to modify, amend, or supplement this Policy at any time with effect for future processing activities, to the extent permitted or required by law.
12. Severability Clause
Should any provision of this Policy be or become invalid, unenforceable, or non-binding in whole or in part, the validity of the remaining provisions shall remain unaffected. The invalid provision shall be replaced by a legally permissible provision that most closely reflects the economic purpose of the original provision.
13. Contact and Data Protection Requests
Data protection-related inquiries, complaints, withdrawals, or access requests may be directed at any time to:
HITMADE™
Email: hitmade@proton.me