Privacy policy

1) Introduction and Contact Details of the Controller

1.1
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data refers to all data that can be used to personally identify you.

1.2
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Amirhossein Tashayoee
Pengubin
Hoffmannstraße 26
09112 Chemnitz
Germany
Phone: 015560336165
Email: info@pengubin.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1
When you use our website purely for informational purposes – meaning you do not register or otherwise transmit information to us – we only collect data that your browser transmits to our server (known as "server log files"). When you access our website, we collect the following data, which is technically necessary to display the website to you:

  • The page you visited on our website

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referring URL from which you accessed the site

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

This processing is carried out pursuant to Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not disclosed or used in any other way. However, we reserve the right to subsequently review the server log files if there is concrete evidence of unlawful use.

2.2
For security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

3.1 Shopify
For hosting our website and displaying the content, we use the system provided by the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Cloudflare
We use a Content Delivery Network (CDN) provided by the following provider:
Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

This service allows us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. Processing takes place based on our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) lit. f GDPR.

We have concluded a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized disclosure to third parties.

For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision of the European Commission.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies — small text files that are stored on your device. Some cookies are automatically deleted after you close your browser (known as "session cookies"), while others remain on your device for a longer period and allow website settings to be stored (known as "persistent cookies"). The storage duration of these cookies can be found in your browser’s cookie settings overview.

If personal data is also processed through individual cookies we use, the processing is carried out either in accordance with Art. 6 (1) lit. b GDPR for the performance of a contract, in accordance with Art. 6 (1) lit. a GDPR if you have given your consent, or in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interest in ensuring the best possible functionality of the website and a user-friendly and efficient experience for visitors.

You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or in general.

Please note that if you choose not to accept cookies, the functionality of our website may be limited.

5) Contacting Us

When you contact us (e.g., via contact form or email), personal data is collected solely for the purpose of processing and responding to your request and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR.

Your data will be deleted once it can be inferred from the circumstances that the relevant issue has been fully resolved and provided there are no legal retention obligations that prevent deletion.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data will be collected and processed to the extent necessary when you provide it to us during the creation of a customer account. The specific data required for account registration can be found in the input fields of the corresponding form on our website.

You may delete your customer account at any time by sending a message to the address of the controller mentioned above. After deletion of your customer account, your data will be deleted, provided that all associated contracts have been fully processed, no statutory retention periods apply, and there is no legitimate interest on our part to continue storing the data.

7) Data Processing for Order Fulfillment

7.1 To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data we collect will be forwarded to the transport company commissioned with the delivery and to the financial institution commissioned with payment processing, in accordance with Art. 6 (1) lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will use the contact details you provided at the time of ordering to inform you personally in accordance with our statutory information obligations pursuant to Art. 6 (1) lit. c GDPR.
Your contact data will be used strictly for the purpose of sending legally required updates and will only be processed to the extent necessary for that purpose.

We also collaborate with the following service provider(s) to fulfill your order. Certain personal data will be transmitted to these providers in accordance with the following information.

7.2 To fulfill our contractual obligations to our customers, we collaborate with external shipping partners. We forward your name, shipping address, and, if required for delivery, your phone number to our selected shipping partner exclusively for the purpose of delivering goods, in accordance with Art. 6 (1) lit. b GDPR.

7.3 Printful
For order processing, we use the following provider:
Printful, Inc., 11025 Westlake Drive, Charlotte, NC 28273, USA
Name, address, and other personal data may be forwarded to this provider solely for the purpose of fulfilling your online order, in accordance with Art. 6 (1) lit. b GDPR.
Your data is only transmitted to the extent necessary for processing the order.
For data transfers to the USA, the provider relies on the Standard Contractual Clauses (SCCs) issued by the European Commission to ensure an adequate level of data protection.

8) Website Functionality

Best Currency Converter
This website uses the service “Best Currency Converter” provided by Grizzly Apps SRL, Str. Muresului Nr. 7 Bloc E23, Scara B, Apartament 15, Brasov, Romania.
Based on our legitimate interest in displaying prices in the local currency of your location, Best Currency Converter collects and processes your IP address in accordance with Art. 6 (1) lit. f GDPR, to adjust the currency display on the website to your geographic location. The IP address is not stored permanently.
Additionally, Best Currency Converter sets a functional cookie in your browser after the first currency adjustment. This cookie stores the selected currency for the duration of your session. The cookie is automatically deleted after the session ends.

9) Rights of the Data Subject

9.1 Applicable data protection laws grant you the following rights with respect to the processing of your personal data by the data controller (see cited legal basis for each):

  • Right to access according to Art. 15 GDPR;

  • Right to rectification according to Art. 16 GDPR;

  • Right to erasure ("right to be forgotten") according to Art. 17 GDPR;

  • Right to restriction of processing according to Art. 18 GDPR;

  • Right to notification according to Art. 19 GDPR;

  • Right to data portability according to Art. 20 GDPR;

  • Right to withdraw consent given, according to Art. 7 (3) GDPR;

  • Right to lodge a complaint with a supervisory authority, according to Art. 77 GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH PURPOSES AT ANY TIME. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of personal data storage is determined based on the applicable legal basis, the purpose of processing, and — if applicable — the statutory retention periods (e.g., commercial and tax law retention periods).

If data processing is based on your explicit consent according to Art. 6 (1) lit. a GDPR, the data will be stored until you revoke your consent.

If legal retention periods apply for data processed under a contract or similar legal obligation pursuant to Art. 6 (1) lit. b GDPR, such data will be routinely deleted after the retention period expires — unless they are still required to fulfill or initiate a contract, or we have a legitimate interest in continuing storage.

For data processed on the basis of Art. 6 (1) lit. f GDPR, the data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes under Art. 6 (1) lit. f GDPR, it will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless stated otherwise in this privacy notice for specific processing situations, personal data will be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.

© IT-Recht Kanzlei