Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.

2. Responsible Party

The party responsible for data processing on this website is:

VisionaireX Can Harbelioglu Auf dem Lölfert 29a 58119 Hagen, Germany Email: support@visionairex.de

3. Data Collection on This Website

How do we collect your data?

Your data is collected in part by you providing it to us. This could be data you enter in an order form or in a design request. Other data is collected automatically (e.g. technical information about your browser and operating system).

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data serves to process your order, to respond to your inquiries, or — with your consent — to analyse your usage behaviour.

What rights do you have?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. A complete overview is provided in section 11.

4. Hosting

Hostinger

This website is hosted by Hostinger. The provider is Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. The servers are located in the EU (Lithuania/Netherlands). Hostinger processes the data for the provision of the website based on our legitimate interest in a secure and reliable presentation (Art. 6 (1) (f) GDPR).

Fulfillment (Podbase)

Production and shipping are handled through Podbase (Print-on-Demand). Production partners are located in the EU. For order processing, the recipient's name, delivery address, and order details are transmitted to Podbase — this transfer is necessary for contract performance (Art. 6 (1) (b) GDPR).

5. Orders and Contract Processing

When placing an order or design request, we collect the following data:

First and last name
Email address
Delivery address
Phone number (optional)
Ordered products and variants
For design requests: uploaded image files and request description

Legal basis: Art. 6 (1) (b) GDPR (contract performance).

Storage duration: Order data is stored for the statutory retention period (10 years under § 147 of the German Fiscal Code). Uploaded image files are automatically deleted after 7, 30, or 90 days following order completion (tiered by order status, in accordance with GDPR Art. 17).

6. Payment Service Provider (Stripe)

We use Stripe for payment processing.

Provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland.

Data processed: Name, email address, billing and delivery address, payment data (card number, expiry, CVC are entered directly with Stripe and not transmitted to us in plaintext), transaction ID, amount.

Legal basis: Art. 6 (1) (b) GDPR (contract performance).

Data Processing Agreement: We have concluded a Data Processing Agreement with Stripe in accordance with Art. 28 GDPR.

Stripe Privacy Policy: https://stripe.com/privacy

7. Email Service Provider (Resend)

For sending transactional emails (order confirmations, shipping notifications, magic links for the customer portal, abandoned cart reminders, design journey notifications), we use the service Resend.

Provider: Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA · https://resend.com

Data processed: Recipient email address, sender email address, subject, email content (incl. order details and magic-link tokens), delivery status, technical metadata (timestamps, logging).

Legal basis: Art. 6 (1) (b) GDPR (contract performance) for transactional emails · Art. 6 (1) (f) GDPR (legitimate interest in customer communication) for administrative emails.

Third-country transfer: Resend has server locations in the USA. The transfer is based on EU Standard Contractual Clauses (SCCs) and supplementary technical and organisational measures.

Data Processing Agreement: We have concluded a Data Processing Agreement with Resend in accordance with Art. 28 GDPR (DPA: https://resend.com/dpa).

Resend Privacy Policy: https://resend.com/legal/privacy-policy

8. Error Tracking and Monitoring (Sentry)

For detection and resolution of technical errors, we use Sentry.

Provider: Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA · https://sentry.io

Data processed: Technical error information (stack traces, browser version, operating system, anonymised paths). Personal data is actively filtered out (sendDefaultPii: false, an upstream filter removes cookies, authorisation headers, email addresses, and IP addresses before transmission).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in stable operation of the website).

Third-country transfer: Sentry servers are located in the USA. The transfer is based on EU Standard Contractual Clauses (SCCs).

Data Processing Agreement: Available at https://sentry.io/legal/dpa/.

Sentry Privacy Policy: https://sentry.io/privacy/

9. Website Analytics (PostHog)

If you consent to the use of analytics cookies in the cookie banner, we use PostHog for anonymised analysis of usage behaviour.

Provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA · EU data location: PostHog Cloud EU (Frankfurt, Germany).

Data processed: Anonymised IP address (truncated), pages viewed, referrer, browser type, time spent, device type. No session recording.

Legal basis: Art. 6 (1) (a) GDPR (consent via cookie banner). You can withdraw your consent at any time (see section 10 "Cookies").

Data location: We use PostHog Cloud EU with data location Frankfurt/Germany. User data remains in the EU.

PostHog Privacy Policy: https://posthog.com/privacy

10. Cookies

This website uses cookies and comparable storage technologies (e.g. localStorage). We distinguish between:

Necessary Cookies / Storage: For shopping cart, cookie consent settings, and magic-link auth of the customer portal. These are technically required (Art. 6 (1) (f) GDPR) and are set without consent.
Analytics Cookies (PostHog): Only with your consent via the cookie banner. You can adjust or withdraw your consent in the footer of the website at any time.
Marketing Cookies: Currently we do not use marketing cookies. Should this change, you will be informed via the cookie banner.

Storage duration: Your cookie consent is reset after 12 months — you will then be asked again for consent (GDPR-compliant re-consent obligation).

11. Your Rights

You have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR) — free information about stored data
Right to Rectification (Art. 16 GDPR) — correction of incorrect data
Right to Erasure (Art. 17 GDPR) — deletion of your data under the statutory conditions
Right to Restriction (Art. 18 GDPR) — restriction of processing
Right to Data Portability (Art. 20 GDPR) — receipt of your data in machine-readable format
Right to Object (Art. 21 GDPR) — objection to processing
Right to Lodge a Complaint with a supervisory authority (Art. 77 GDPR) — e.g. State Commissioner for Data Protection and Freedom of Information NRW

For questions about data protection or to exercise your rights, please contact: support@visionairex.de

Last Updated: 23 May 2026