Privacy Policy
Last updated: [month year]
Template provided for guidance only. This policy must reflect your actual data processing and be reviewed by legal counsel or your data protection officer (DPO) before publication, in accordance with the GDPR and German law (BDSG).
Contents
1. Introduction
Pounies places great importance on protecting your privacy. This policy explains what personal data we collect, why we process it, how long we keep it, and what your rights are.
It applies to everyone using the Platform: visitors, buyers and sellers.
2. Data controller
The controller of your data is:
[Pounies GmbH][Street and number]
[Postal code] [City], Germany
Email: [privacy@pounies.com]
[If you have appointed a data protection officer (DPO), provide their contact details here.]
3. Data we collect
Depending on how you use the Platform, we may process the following categories of data:
Account data: name, email address, password (encrypted), preferences. Order data: products purchased, delivery address, history. Payment data: handled by our provider; we do not store your full banking details. Seller data: identity verification information (KYC), contact details, data required for tax obligations. Communication data: messages exchanged through the internal messaging system. Technical data: IP address, browser type, connection and browsing data.
4. How we collect your data
We collect data directly when you create an account, place an order, become a seller or contact us.
We also collect certain data automatically when you browse the Platform, by means of strictly necessary cookies (see the Cookies section).
5. Why we use your data
We process your data to: create and manage your account; process and track your orders; enable communication between buyers and sellers; ensure the security of the Platform and prevent fraud; verify sellers' identity (KYC); comply with our legal, accounting and tax obligations; and improve our services.
6. Legal bases
In accordance with Article 6 of the GDPR, our processing relies on the following bases:
Performance of the contract: to manage your account and orders. Compliance with legal obligations: for invoicing, accounting, identity verification and tax obligations. Our legitimate interest: for security, fraud prevention and service improvement. Your consent: where required by law, which you may withdraw at any time.
7. Cookies
We use only cookies necessary for the website to function. No tracking cookies, no advertising cookies, no third-party analytics tools.
pounies-token / pounies-refresh: authentication and session maintenance (duration: 15 minutes / 7 days). pounies-locale: remembers your preferred language (duration: 1 year). pounies-cookie-info: remembers that you have seen the information banner (duration: 1 year).
8. Sharing your data
We never sell your data. We share it only when necessary:
With sellers / buyers: the information needed to fulfil an order (for example the delivery address provided to the seller). With our providers: payment, hosting, email, strictly for the needs of the service. With authorities: where required by law.
9. Transfers outside the EU
Your data is processed within the European Union. Should a transfer to a third country occur (for example via a provider), it would be governed by appropriate safeguards compliant with the GDPR (standard contractual clauses, adequacy decision). [To be specified according to your actual providers.]
10. Data retention
We keep your data for as long as necessary for the purposes described, then for the applicable legal periods.
Account data is kept while your account is active. Order and invoicing data is kept for the legal accounting retention period. Verification data (KYC) is kept in accordance with legal obligations. [Specify the exact periods with legal counsel.]
11. Security
We implement technical and organisational measures to protect your data: password encryption, secure connections, restricted access to data, and access monitoring. As no transmission over the Internet is completely secure, we cannot guarantee absolute security, but we strive to protect your data as best we can.
12. Your rights
In accordance with the GDPR, you have the following rights over your data:
Right of access: obtain a copy of your data. Right to rectification: correct inaccurate data. Right to erasure: request the deletion of your data. Right to restriction: restrict certain processing. Right to portability: receive your data in a structured format. Right to object: object to certain processing. Withdrawal of consent: at any time, where processing is based on it.
13. How to exercise your rights
To exercise your rights, contact us at [privacy@pounies.com]. We may ask you to confirm your identity. We respond within the timeframes set by the GDPR (in principle one month, extendable depending on complexity).
14. Complaints
If you believe the processing of your data does not comply with the regulations, you have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the data protection authority of the relevant federal state (Land). [Indicate the authority corresponding to your registered office.]
15. Changes
We may update this policy to reflect legal or technical developments. The date of the last update appears at the top of the page. In the event of a substantial change, we will inform you by an appropriate means.
16. Contact
For any question about this policy or your personal data, contact us at [privacy@pounies.com] or via our Contact page.