Schmidt / Éditions
§ VIII — Privacy

Privacy
policy.

Last revised · MMXXVI · February · Applies to editions.dmrschmidt.de

§ 1Controller

The controller responsible for the processing of personal data on this site within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") is Dennis Schmidt. Postal address, telephone, and authorised representative are listed in the imprint. Data-related correspondence is handled at contact@dmrschmidt.de.

§ 2Scope

This policy describes how editions.dmrschmidt.de processes data when a visitor browses the catalogue, views a plate, or initiates a purchase via the linked Stripe Checkout page. The site does not set first-party cookies, does not use analytics, and does not embed advertising or social trackers.

§ 3What is collected, and on what legal basis

The site is delivered as static HTML; no account is created and no form data is collected here directly. The categories below are the only ones touched in connection with this site:

  • Server access logs. When a page is requested, the hosting infrastructure receives the technical request data (IP address, requested path, timestamp, referrer, user-agent string). This is necessary to deliver the page and is processed under Art. 6(1)(f) GDPR (legitimate interest in operating and securing the site). Logs are retained for no longer than necessary and are not used to profile visitors.
  • Email correspondence. When a visitor writes to contact@dmrschmidt.de, the message and contact details are processed on the basis of Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries), and retained as long as the matter requires.
  • Purchase data. A purchase is initiated by clicking "Acquire" on a plate, which redirects to Stripe Checkout. From that point, the data the buyer enters (name, billing and shipping address, payment data) is collected by Stripe; the atelier receives a fulfilment record (name, shipping address, plate, price, transaction reference) on the legal basis of Art. 6(1)(b) GDPR (performance of the sales contract). Payment-card data is never processed by or stored on this site.

§ 4Third parties involved in delivering the site

The site relies on three categories of external service. Each is named below, together with the data it receives and the legal basis under Art. 6(1)(f) GDPR (legitimate interest in delivering a fast, typographically consistent, payment-enabled site).

Hosting / log files

The site is served as a static page from [hosting provider — please confirm and replace this placeholder]. The hoster processes the access logs described in §3 on the atelier's behalf as a data processor within the meaning of Art. 28 GDPR; a data-processing agreement is in place.

Fonts — Bunny Fonts (BunnyWay d.o.o., Slovenia)

The display and monospace typefaces are loaded from Bunny Fonts, an EU-based mirror of the Google Fonts catalogue operated by BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. Bunny Fonts does not set cookies and, per its public commitment, does not log IP addresses for the purpose of profiling. Data leaves the visitor's browser solely to retrieve the CSS and font files. Bunny's privacy notice is available at bunny.net/privacy.

CSS framework — jsDelivr (Prospect One, Poland)

The Tailwind CSS runtime is loaded from the jsDelivr public CDN, operated by Prospect One sp. z o.o., Krakow, Poland, with edge nodes in the EU and elsewhere. The CDN receives the request data described in §3 in order to serve the script. jsDelivr's privacy notice is available at jsdelivr.com/privacy-policy-jsdelivr-net. The atelier intends to replace this runtime with a self-hosted, pre-built stylesheet; this section will be removed once the swap is in place.

Payment — Stripe Payments Europe, Ltd. (Ireland)

Acquisition links from individual plates redirect to checkout.stripe.com, operated by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe is the controller of the payment data processed there. The data the buyer enters in Checkout (name, billing and shipping address, payment instrument data) is collected by Stripe under its own privacy policy at stripe.com/privacy; the atelier receives only the fulfilment record described in §3. No Stripe scripts, cookies, or fingerprinting tools run on editions.dmrschmidt.de itself — they activate only after the redirect.

§ 5International transfers

The services named in §4 operate from EU member states (Slovenia, Poland, Ireland). Stripe may transfer payment data to its parent company in the United States; such transfers are covered by the EU–US Data Privacy Framework adequacy decision of 10 July 2023 and by Stripe's Standard Contractual Clauses. jsDelivr edge nodes outside the EEA are bound by SCCs. Bunny Fonts requests are served from EU infrastructure.

§ 6Cookies and tracking

This site sets no cookies and runs no analytics, advertising or social-tracking scripts. No consent banner is therefore presented. Should this change in the future, this policy will be updated and explicit consent will be obtained where the law requires it.

§ 7Your rights

Subject to the conditions set out in the GDPR, you have the following rights with respect to data we process about you:

  • Right of access (Art. 15 GDPR);
  • Right to rectification (Art. 16);
  • Right to erasure (Art. 17);
  • Right to restriction of processing (Art. 18);
  • Right to data portability (Art. 20);
  • Right to object to processing carried out under Art. 6(1)(f) (Art. 21);
  • Right to withdraw consent at any time where processing is based on consent (Art. 7(3)), without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, write to contact@dmrschmidt.de. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for the controller is the Berlin Commissioner for Data Protection and Freedom of Information (datenschutz-berlin.de).

§ 8Data security

The site is served over HTTPS. Email correspondence is exchanged via the providers chosen by the atelier and the visitor and is, by the nature of email, not end-to-end encrypted by default.

§ 9Changes to this policy

This policy applies as of the date shown above. Updates may be made to reflect changes in technology, legal requirements, or the third-party services involved in delivering the site. The version in force is always the one published at this URL.

terms of sale withdrawal shipping back to the catalogue →