Privacy Policy

Privacy Policy

Last updated: 2026-04-11

This privacy policy explains how Maxwel Shop ("we", "us") processes personal data when you visit and use our online shop.

1. Data Controller

Max Welhöner Paul-Lincke-Ufer 33 10999 Berlin Germany Email: mail@maxwel.xyz

2. What we collect

When you browse: We collect technical information (IP address, browser type, device, pages visited, referrer) for security and statistical purposes. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating a secure website).

When you order: We collect your name, billing/shipping address, email, and payment-related identifiers (handled by Stripe — we never see your card data). Legal basis: Art. 6 (1) (b) GDPR (contract).

When you contact us: Email content and your address. Legal basis: Art. 6 (1) (b) and (f) GDPR.

3. Payment processing

Card and alternative payments are processed by Stripe Payments Europe, Ltd. Stripe acts as an independent controller for fraud prevention and card-network compliance. See https://stripe.com/privacy for details.

4. Cookies

We use technically necessary cookies (cart session, language, authentication). No analytics or advertising cookies without your explicit consent.

5. Your rights (Art. 15-22 GDPR)

You have the right to: access your data, request rectification, request erasure, restrict processing, data portability, and object to processing. You can also lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at mail@maxwel.xyz.

6. Retention

Order data: 10 years (German tax law, § 147 AO). Contact emails: 3 years from last contact. Server logs: 14 days.

(TODO: confirm retention periods with a Datenschutzbeauftragten if revenue grows large enough to require one.)