Privacy policy

Privacy Policy

Last updated: April 27, 2026

Thank you for your interest in our online shop. The protection of your personal data is important to us. In this Privacy Policy, we inform you about which personal data we process, for what purposes this is done, on what legal basis the processing takes place, and what rights you have.

1. Controller

The controller within the meaning of the General Data Protection Regulation is:

REVOLTRA
Owner: Sabrina Eisl
Hofgasse 11
4063 Hörsching
Austria

Email: contact@revoltra.store

A data protection officer has not been appointed, as there is no legal obligation to do so.

1. General Information on Data Processing

We process personal data only to the extent necessary and where there is a legal basis for doing so. Personal data means any information relating to an identified or identifiable natural person, for example name, address, email address, telephone number, IP address, order data, or payment information.

The legal bases for processing are in particular:

Art. 6 para. 1 lit. a GDPR, if you have given us your consent;
Art. 6 para. 1 lit. b GDPR, if the processing is necessary for the performance of a contract or for taking steps prior to entering into a contract;
Art. 6 para. 1 lit. c GDPR, if we are legally obliged to process the data;
Art. 6 para. 1 lit. f GDPR, if the processing is necessary to protect our legitimate interests or the interests of a third party and your interests or fundamental rights do not override them.

1. Visiting Our Website

When you visit our website, technically necessary data is processed so that the website can be displayed and operated securely. This may include in particular the following data:

IP address,
date and time of access,
pages accessed,
browser type and browser version,
operating system,
referrer URL,
device information,
server log data.

The processing is carried out to provide the website, ensure technical stability, analyze errors, and maintain IT security.

Legal basis: Art. 6 para. 1 lit. f GDPR.
Our legitimate interest lies in the secure and functional operation of our online shop.

Server log data is generally stored only for as long as is necessary for the purposes mentioned. Longer storage may take place if this is necessary to investigate security incidents or to assert, exercise, or defend legal claims.

1. Hosting and Shop System Shopify

Our online shop is operated via the Shopify platform. Depending on the contractual and service relationship, the provider is in particular Shopify International Limited or affiliated companies of the Shopify group.

Shopify processes personal data that arises when visiting and using our shop, in particular technical data, order data, contact data, payment information, shipping information, and usage data. Shopify supports us in operating the shop, order processing, hosting, security, payment and checkout functions, and other shop functions.

Depending on the specific processing, Shopify may act as a processor, independent controller, or in another data protection role. Further information can be found in Shopify’s privacy information.

Legal bases:

Art. 6 para. 1 lit. b GDPR for providing the shop, carrying out orders, and contract processing;
Art. 6 para. 1 lit. f GDPR for the secure and efficient operation of our shop;
Art. 6 para. 1 lit. c GDPR where legal obligations are concerned;
Art. 6 para. 1 lit. a GDPR where functions requiring consent are used.

Shopify may also transfer data to countries outside the European Economic Area. Where required, such transfers are carried out on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses or adequacy decisions.

1. Customer Account

If you create a customer account, we process the data you provide, in particular:

name,
email address,
password or login data,
billing and shipping address,
telephone number, if provided,
order history,
account settings.

The processing is carried out to provide you with the customer account, manage orders, display previous orders, and make it easier for you to use our shop.

Legal basis: Art. 6 para. 1 lit. b GDPR.

You may have your customer account deleted at any time, provided that there are no statutory retention obligations or legitimate interests preventing deletion.

1. Orders and Contract Processing

When you place an order in our shop, we process the data required for the order and contract processing. This includes in particular:

name,
email address,
billing address,
shipping address,
telephone number, if required,
ordered products,
order date,
payment information,
shipping information,
communication regarding the order.

The processing is carried out for the acceptance, processing, delivery, and handling of your order, payment processing, handling of returns, complaints and warranty claims, and customer communication.

Legal basis: Art. 6 para. 1 lit. b GDPR.

Where we are required to store data due to tax or commercial law retention obligations, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

1. Payment Processing

We use payment service providers for payment processing. Depending on the payment methods offered in the shop, the following data may be processed in particular:

name,
billing address,
email address,
order data,
payment amount,
payment status,
transaction data,
payment information, if applicable.

Depending on the selected payment method, payment data is processed directly by the respective payment service provider. As a rule, we do not receive complete credit card data, but only payment confirmations, transaction information, or payment status information.

Possible payment service providers include in particular:
Shopify Payments / PayPal / Klarna / credit card providers / Apple Pay / Google Pay

Legal basis: Art. 6 para. 1 lit. b GDPR.
Where fraud prevention, security checks, or legal obligations are concerned, the processing may additionally be based on Art. 6 para. 1 lit. f or lit. c GDPR.

Please also note the privacy information of the respective payment service provider.

1. Shipping and Delivery

For the delivery of your order, we pass on the necessary data to shipping and logistics service providers. This includes in particular:

name,
shipping address,
email address,
telephone number, if required for delivery,
shipment data.

The data is passed on so that your order can be delivered and so that you may receive shipping notifications, if applicable.

Possible shipping service providers include:
Austrian Post, DPD, or similar providers.

Legal basis: Art. 6 para. 1 lit. b GDPR.
If your email address or telephone number is passed on for shipping notifications, this is done, depending on the setup, either for the performance of the contract or on the basis of your consent.

1. Contact and Customer Support

If you contact us by email, contact form, social media, or in any other way, we process the data you provide, in particular:

name,
email address,
content of your message,
order number, if provided,
other information provided by you.

The processing is carried out to handle your inquiry, communicate with you, and document the inquiry.

Legal basis:

Art. 6 para. 1 lit. b GDPR, if your inquiry is related to a contract or order;
Art. 6 para. 1 lit. f GDPR for general inquiries. Our legitimate interest lies in the efficient handling of customer and prospective customer inquiries.

1. Newsletter and Email Marketing

If you subscribe to our newsletter, we process your email address and, if applicable, further voluntary information in order to send you information about products, offers, promotions, and news.

Registration takes place only with your consent. To document the consent, the time of registration, IP address, and confirmation status may be stored.

Legal basis: Art. 6 para. 1 lit. a GDPR.

You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter email or by sending us a message.

We use the following service to send the newsletter:
Shopify Email

The respective provider processes data on our behalf or, if applicable, under its own responsibility. Further information can be found in the privacy information of the respective provider.

1. Direct Advertising to Existing Customers

If you purchase goods or services from us, we may use your email address to send you information about similar own products or offers, provided this is legally permissible and you have not objected to it.

Legal basis: Art. 6 para. 1 lit. f GDPR.
Our legitimate interest lies in direct advertising to existing customers.

You may object to this processing at any time without incurring any costs other than transmission costs according to the basic rates.

1. Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device. Similar technologies may include, for example, pixels, tags, local storage, or tracking scripts.

We distinguish between:

12.1 Technically Necessary Cookies

These cookies are required for the website to function, for example for the shopping cart, checkout, login, language settings, security functions, or payment processing.

Legal basis: Art. 6 para. 1 lit. f GDPR as well as the relevant provisions of Austrian telecommunications law.
Our legitimate interest lies in the functional and secure operation of our online shop.

12.2 Statistics, Marketing, and Tracking Cookies

We use these technologies only if you have given your prior consent. They may be used in particular to analyze the use of our website, personalize content, display advertising, or measure the success of advertising campaigns.

Legal basis: Art. 6 para. 1 lit. a GDPR.

You may withdraw or change your consent at any time with effect for the future via our cookie consent tool.

1. Web Analytics and Marketing Services

If you have given your consent, we may use analytics and marketing services to understand the use of our shop, improve our offers, and target advertising to our audiences.

In this context, the following data may be processed in particular:

IP address,
device and browser information,
page views,
click behavior,
shopping cart and purchase events,
referrer information,
pseudonymous user identifiers,
interactions with advertisements.

Legal basis: Art. 6 para. 1 lit. a GDPR.

You may withdraw your consent at any time via the cookie settings.

1. Social Media

We may provide links to our profiles on social networks on our website. If you click on these links, you leave our website. The respective platform operator is generally responsible for the processing of personal data on the relevant platforms.

If you interact with our social media profiles, for example through comments, messages, likes, or sharing content, we may process the data you provide.

Legal basis: Art. 6 para. 1 lit. f GDPR.
Our legitimate interest lies in public relations, customer communication, and marketing our products.

1. Reviews and User-Generated Content

If you submit product reviews, comments, or other content in our shop, we process the information you provide, for example name or display name, review, comment, product reference, and time of submission.

The processing is carried out to display and manage reviews and to improve our offering.

Legal basis:

Art. 6 para. 1 lit. a GDPR, if you voluntarily submit the review with consent;
Art. 6 para. 1 lit. f GDPR, insofar as we use reviews for product presentation and quality assurance.

1. Fraud Prevention, Security, and Legal Enforcement

We also process personal data to prevent, detect, or investigate misuse, fraud, payment defaults, security incidents, or unlawful acts.

This may include, in particular, technical data, order data, payment status, IP address, and communication data.

Legal basis: Art. 6 para. 1 lit. f GDPR.
Our legitimate interest lies in protecting our shop, our customers, our systems, and our legal claims.

Where we are legally obliged to process data, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR.

1. Recipients of Personal Data

We only pass on personal data if this is necessary, if there is a legal basis, or if you have given your consent.

Recipients may include in particular:

Shopify and affiliated Shopify service providers,
payment service providers,
shipping and logistics service providers,
IT and hosting service providers,
newsletter and email service providers,
marketing and analytics providers, if you have given your consent,
customer service tools,
tax advisors, legal advisors, and authorities,
banks and payment institutions,
other service providers who support us in operating the shop.

Where required, we conclude contracts with processors in accordance with Art. 28 GDPR.

1. International Data Transfers

Personal data may also be processed outside the European Economic Area, in particular if we use service providers that have their registered office or server locations in third countries.

Where there is no adequacy decision by the European Commission for the respective country, transfers are carried out only on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses, additional protective measures, or your explicit consent.

1. Retention Period

We store personal data only for as long as is necessary for the respective purposes or as long as statutory retention obligations exist.

In particular, the following principles apply:

Order and invoice data is generally stored for up to 7 years due to tax and commercial law obligations.
Contract and communication data may be stored for the duration of statutory limitation periods, insofar as this is necessary to assert, exercise, or defend legal claims.
Customer account data is generally stored until the customer account is deleted, provided that no statutory retention obligations prevent deletion.
Newsletter data is stored until you withdraw your consent.
Cookie and tracking data is stored in accordance with the information provided in the cookie consent tool and the respective cookie lifetimes.

After the respective periods have expired, the data will be deleted or anonymized, provided there is no further legal basis for processing.

1. Your Rights

Under the GDPR, you have the following rights:

right of access pursuant to Art. 15 GDPR,
right to rectification pursuant to Art. 16 GDPR,
right to erasure pursuant to Art. 17 GDPR,
right to restriction of processing pursuant to Art. 18 GDPR,
right to data portability pursuant to Art. 20 GDPR,
right to object pursuant to Art. 21 GDPR,
right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR,
right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR.

To exercise your rights, you can contact us at contact@revoltra.store.

1. Right to Object

If we process personal data on the basis of Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation.

If we process personal data for direct advertising purposes, you have the right to object to this processing at any time. In this case, we will no longer use your personal data for direct advertising.

1. Withdrawal of Consent

If you have given us consent, you may withdraw it at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected.

Consent to cookies and tracking can be changed or withdrawn via the cookie settings on our website.

1. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

For Austria, the competent authority is in particular:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria
Website: dsb.gv.at

1. No Automated Decision-Making

We do not use your personal data for exclusively automated decision-making, including profiling within the meaning of Art. 22 GDPR, which produces legal effects concerning you or similarly significantly affects you.

Should we use such procedures in the future, we will inform you separately.

1. Minors

Our shop is not aimed at children. We do not knowingly process personal data of children without the consent of their legal guardians, where such consent is legally required.

If you believe that a child has transmitted personal data to us, please contact us at contact@revoltra.store so that we can review the matter and delete the data if necessary.

1. Changes to This Privacy Policy

We may amend this Privacy Policy if legal, technical, or business requirements change. The current version is available on our website.