Privacy policy

Privacy Policy (Datenschutzerklärung)

Last updated: January 15, 2026

1. Introduction

Priscila Nathalia Pinatel Strahner operates this online store and website, including all related information, content, features, tools, products, and services (the “Services”).

This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website, place an order, contact us, or otherwise interact with our Services, in accordance with the EU General Data Protection Regulation (GDPR) and Austrian data protection law.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy governs matters related to personal data processing.

2. Data Controller

The data controller responsible for processing your personal data is:

Business name: Priscila Nathalia Pinatel Strahner
Business owner: Priscila Nathalia Pinatel Strahner
Blumauergasse 4/1/23
1020 Vienna
Austria
📧 Email: thelatintouch.eu@gmail.com

3. Personal Data We Process

Depending on how you interact with our Services, we may process the following categories of personal data:

Contact data: name, billing address, shipping address, phone number, email address
Order and transaction data: purchased items, order history, payment confirmation, returns or exchanges
Payment data: payment method details (processed securely via our payment providers; we do not store full payment card numbers)
Account data: login details, preferences (if you create an account)
Communication data: messages you send us via email or contact forms
Technical data: IP address, browser type, device information
Usage data: interactions with our website, pages visited, time spent

4. Sources of Personal Data

We collect personal data:

Directly from you (e.g. when placing an order, contacting us)
Automatically through your use of our website (e.g. cookies, log files)
From service providers who support our business operations (e.g. Shopify, payment processors, shipping partners)

5. Purposes and Legal Bases of Processing

We process personal data for the following purposes and legal bases under GDPR:

a) Performance of a contract (Art. 6(1)(b) GDPR)

Processing orders and payments
Shipping products
Managing returns and refunds
Customer support

b) Legal obligations (Art. 6(1)(c) GDPR)

Accounting and tax obligations
Compliance with legal requirements

c) Legitimate interests (Art. 6(1)(f) GDPR)

Website security
Fraud prevention
Improving our Services

d) Consent (Art. 6(1)(a) GDPR)

Marketing emails (only where you have given consent)
Non-essential cookies (where required by law)

You may withdraw your consent at any time with effect for the future.

6. Marketing Communications

We only send marketing communications (e.g. newsletters) where permitted by law or where you have given your explicit consent.

You may unsubscribe at any time by using the unsubscribe link in our emails or by contacting us directly.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our website.

Where required by law, we obtain your consent before placing non-essential cookies. You can manage your cookie preferences through your browser settings or any cookie banner provided on our website.

8. Disclosure of Personal Data

We may share your personal data with trusted third parties only where necessary, including:

Shopify (website hosting and e-commerce platform)
Payment service providers (for payment processing)
Shipping providers (to deliver your orders)
IT and support service providers

These parties process personal data only on our instructions or under their own GDPR-compliant obligations.

9. International Data Transfers

Some service providers (e.g. Shopify) may process data outside the European Economic Area (EEA).

In such cases, data transfers are protected by appropriate safeguards, such as EU Standard Contractual Clauses or adequacy decisions of the European Commission.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

11. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time

To exercise your rights, please contact us using the details above.

12. Complaints

If you believe that we process your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority.

Competent authority in Austria:
Austrian Data Protection Authority (Datenschutzbehörde)

13. Children’s Data

Our Services are not intended for children. We do not knowingly collect personal data from minors.

14. Security

We implement appropriate technical and organisational measures to protect personal data. However, no system is completely secure, and we cannot guarantee absolute security.

15. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.