Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Larissa Wagner

Haidberg 8

93491 Stamsried

Germany

Email: hello@vinkl.com

Website: vinkl.com

We only process personal data of our users insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data is carried out on the basis of the following legal grounds:

• Art. 6(1)(a) GDPR — Consent of the data subject
• Art. 6(1)(b) GDPR — Processing for the performance of a contract or pre-contractual measures
• Art. 6(1)(c) GDPR — Processing for compliance with a legal obligation
• Art. 6(1)(f) GDPR — Processing for the purposes of legitimate interests

Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. Consent may be withdrawn at any time.

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA (“Vercel”). When you visit our website, Vercel automatically collects information in so-called server log files that your browser transmits automatically. This includes:

• IP address of the requesting device
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (page visited)
• Access status / HTTP status code
• Amount of data transferred
• Referring website (referrer)
• Browser, operating system, and its interface

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our website).

Vercel is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection for the transfer of personal data to the USA.

For more information, please refer to Vercel's privacy policy: https://vercel.com/legal/privacy-policy

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the browser's address line changing from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser. We use the following categories of cookies:

Essential cookies (technically necessary)

These cookies are strictly necessary for the operation of the website. They enable basic functions such as page navigation, access to protected areas of the website, and storing your cookie preferences. The website cannot function properly without these cookies.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Analytics cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information. All information collected by these cookies is aggregated and therefore anonymous.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie consent banner).

Marketing cookies

These cookies are used to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie consent banner).

You can adjust your cookie preferences at any time via our cookie consent banner or withdraw your consent. You can also configure your browser to notify you when cookies are being set and to allow cookies only on a case-by-case basis.

We use Vercel Analytics, a web analytics service provided by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel Analytics collects anonymised usage data to analyse the performance and usage of our website. The following data is collected:

• Page views and navigation behaviour
• Web Vitals (load times, interactivity, visual stability)
• Device type and browser information (anonymised)
• Geographic location (country level)
• Referrer information

Vercel Analytics does not collect any personal data and does not use cookies. No IP addresses are stored and no user profiles are created.

Purpose: Analysis and optimisation of our website performance.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the optimisation of our website).

More information: https://vercel.com/legal/privacy-policy

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that enable an analysis of your use of our website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the USA.

IP anonymisation: We have activated IP anonymisation on this website. This means that your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA.

Data collected:

• Anonymised IP address
• Pages visited and time spent on pages
• Operating system and browser used
• Origin of the visitor (referrer)
• Screen resolution and device type
• Time of access

Purpose: Analysis of user behaviour to improve and optimise our website.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie consent banner). Google Analytics is only activated after your explicit consent via our cookie consent banner.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

Opt-out: You can prevent data collection by Google Analytics by withdrawing your consent via our cookie consent banner. You can also download and install the browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout

More information: https://policies.google.com/privacy

We use Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a tag management system that allows us to manage tracking codes and related code fragments (so-called “tags”) on our website.

Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform any independent data collection. It serves solely as a container system for the management and deployment of other tags, which in turn may collect data. The respective privacy policies apply to these integrated tools (see the corresponding sections of this privacy policy).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the efficient management of website tags).

More information: Google Tag Manager Terms of Service

We use the Meta Pixel (formerly Facebook Pixel) on our website, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). The Meta Pixel is a JavaScript code embedded on our website that enables us to measure the effectiveness of our advertisements on Facebook and Instagram and to deliver targeted advertising.

Data collected:

• HTTP header information (IP address, browser, location)
• Pixel-specific data (pixel ID, Facebook cookie)
• Button click data (buttons clicked, page names)
• Optional values (e.g. conversion value, page type)
• Form field names (e.g. email, name at checkout)

Purpose: Conversion tracking, creation of custom audiences for targeted advertising on Facebook and Instagram, remarketing, and analysis of advertising effectiveness.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie consent banner). The Meta Pixel is only activated after your explicit consent.

Data transfer to the USA: Meta Platforms Inc. is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection for the transfer of personal data to the USA.

Opt-out: You can withdraw your consent at any time via our cookie consent banner. You can also adjust the advertising settings in your Facebook account: https://www.facebook.com/settings/?tab=ads

More information: Meta Privacy Policy

We use Hotjar on our website, an analytics service provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (“Hotjar”). Hotjar enables us to analyse and better understand user behaviour on our website.

Data collected:

• Mouse movements, clicks, and scrolling behaviour (heatmaps)
• Session recordings (anonymised playback of user interactions)
• Device type, screen size, and browser type
• Geographic location (country level)
• Pages visited and time spent on pages

Hotjar anonymises IP addresses and automatically masks sensitive input fields (e.g. password fields) in session recordings. No personal data such as email addresses or passwords is collected.

Purpose: Analysis of user behaviour through heatmaps and session recordings to improve the usability and design of our website.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie consent banner). Hotjar is only activated after your explicit consent.

Opt-out: You can withdraw your consent at any time via our cookie consent banner. You can also disable tracking by Hotjar via the following link: https://www.hotjar.com/legal/compliance/opt-out

More information: Hotjar Privacy Policy

For our online shop, we use the e-commerce platform Shopify provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). Shopify provides us with the technical infrastructure for the operation of our online shop, including the processing of orders and payment processing.

Data collected:

• Order data (name, address, email, phone number, products ordered)
• Payment data (processed by Shopify Payments)
• Shipping data
• Account information (if a customer account is created)
• Communication data (e.g. emails related to order processing)

Purpose: Order processing, payment processing, shipping, customer service, and compliance with statutory retention obligations.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) for the processing of order and payment data, and Art. 6(1)(c) GDPR (legal obligation) for compliance with tax-related retention obligations.

Data transfer: Shopify may transfer data to servers in Canada and the USA. Shopify is certified under the EU-US Data Privacy Framework.

More information: Shopify Privacy Policy

As a data subject, you have the following rights under the GDPR with regard to your personal data:

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right of access to such personal data and to the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of personal data without undue delay where one of the grounds specified in Art. 17 GDPR applies, e.g. where the data is no longer necessary for the purposes for which it was collected.

Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain restriction of processing where one of the conditions specified in Art. 18 GDPR applies, e.g. where you contest the accuracy of the data.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance.

Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing.

To exercise your rights, you can contact us at any time at: hello@vinkl.com

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18

91522 Ansbach

Germany

Website: https://www.lda.bayern.de

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will apply to your next visit.

As of: March 2026