Cart 0
← Back to shop

Privacy Policy

Privacy Policy

Thank you for your interest in vip-nummer.de. Protecting your personal data is important to us. This Privacy Policy explains which personal data we process when you visit our website, use our WooCommerce shop, place orders, make payments, contact us or use other website functions.

1. Controller

The controller responsible for data processing on this website is:

Adnan Al-Jechchy
Werkstraße 10
67346 Speyer
Germany

Phone: +49 1577 7777666
Email: info@vip-nummer.de
Website: vip-nummer.de

2. Data Protection Officer

No data protection officer has currently been appointed. You can contact the controller named above directly for all data protection questions.

3. General Information on Data Processing

We process personal data only to the extent necessary to provide this website, operate the WooCommerce shop, process orders and payments, communicate with customers, ensure security, analyse errors and fulfil legal obligations.

Personal data means any information that can identify you personally, for example name, address, email address, phone number, IP address, order data, payment status, customer account data or communication content.

4. Legal Bases

Processing is based in particular on the following legal bases:

  • Art. 6(1)(b) GDPR for contract performance or pre-contractual measures, for example orders, customer accounts, payment processing or product enquiries.
  • Art. 6(1)(c) GDPR for legal obligations, for example tax, commercial and accounting retention duties.
  • Art. 6(1)(f) GDPR for legitimate interests, for example IT security, abuse prevention, error analysis, server logs, shop functionality, fraud prevention or legal defence.
  • Art. 6(1)(a) GDPR where you give consent, for example for non-essential cookies, tracking, statistics, certain external content or optional marketing and analytics functions.

For storing information on your device or accessing information on your device, such as cookies or local storage, section 25 TDDDG also applies. Necessary cookies are used under section 25(2) TDDDG. Non-essential cookies are used only with your consent under section 25(1) TDDDG.

5. Hosting and Server Logs

Our website is operated through an external hosting provider, currently STRATO or another external hosting provider according to the project status.

When the website is accessed, the web server automatically processes technical access data. This may include IP address, date and time of access, requested page or file, transferred data volume, referrer URL, browser type and version, operating system, device, HTTP status code and technical protocol data.

The processing serves technical website delivery, stability, security, attack detection, error analysis and abuse prevention. The legal basis is Art. 6(1)(f) GDPR.

Where required, a data processing agreement under Art. 28 GDPR is concluded with the hosting provider. Server logs are generally deleted after no later than 30 days unless longer storage is required to investigate security incidents, abuse or technical faults.

6. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons. You can recognise an encrypted connection by the “https” address and the lock symbol in your browser.

7. Cookies, Consent Management and CookieYes/WPConsent

Our website uses cookies and similar technologies. Some are technically necessary for the website and shop, such as cart, checkout, login, security functions or storing cookie choices. Other cookies and technologies are used for statistics, analytics, convenience functions or external services and are used only after consent.

We use a consent management system, in particular CookieYes and/or WPConsent, to manage and document consent, show cookie categories and enable withdrawal.

Processed data may include consent status, cookie categories, time of consent or rejection, technical identifiers, browser and device information, language, visited website and your cookie banner selection.

Necessary cookies may include cookieyes-consent, WooCommerce cart/session cookies and WordPress login/session cookies.

The legal basis for necessary cookies is section 25(2) TDDDG and Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR for shop and checkout functions. Non-essential cookies and analytics/tracking technologies are based on consent under section 25(1) TDDDG and Art. 6(1)(a) GDPR.

8. Online Shop with WooCommerce

We operate an online shop with WooCommerce. WooCommerce provides cart, checkout, customer accounts, order management, payment status, invoices and shop communication.

When you place an order, we process in particular name, billing address, delivery address where applicable, email address, phone number, selected VIP number, order date, order number, payment method, payment status, invoice data, cart data, customer account data, IP address, technical checkout data and order communication.

The processing is used to accept, process and fulfil orders, handle payments, provide customer accounts, issue invoices, communicate with customers, meet legal obligations and handle warranty, return, support or legal matters.

Customer Account

If you create a customer account, we store login and account data, order history, invoice data and saved address data where applicable. You may request deletion of your account; legally required data is blocked for other purposes instead of being deleted.

Guest Orders

If guest orders are enabled, you can order without creating an account. Required order, payment, invoice and contract data is still processed.

9. Payment Processing

We use external payment providers. Depending on the chosen payment method, order and payment data may be transmitted to the relevant provider, including name, billing address, email address, phone number, order number, purchase amount, currency, payment status, transaction ID, device/browser data and IP address.

The legal basis is Art. 6(1)(b) GDPR for payment processing, Art. 6(1)(f) GDPR for fraud prevention, security and legal defence, and Art. 6(1)(c) GDPR for legal obligations.

PayPal

If you pay with PayPal, the required payment data is transmitted to PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Depending on the activated functions, PayPal Checkout, Pay Later, Ratepay, Braintree or PayPal objects may be involved.

Credit Card, Apple Pay, Google Pay and WooPayments/Stripe

Credit card, Apple Pay, Google Pay or WooPayments payments are processed through WooPayments and/or Stripe. Full card data is generally not stored permanently by us. We usually receive only payment status, transaction ID, amount, currency and shortened payment information.

SEPA Direct Debit via GoCardless

If SEPA direct debit is used, GoCardless may process name, email address, IBAN, mandate data, payment amount, payment status, transaction data and technical data.

10. Contact and WPForms

If you contact us by email, phone or contact form, we process the data you provide, such as name, email address, phone number, message, time of request, IP address and technical form data.

We use WPForms Lite for forms. WPForms may provide form fields, store entries depending on configuration or forward them by email. Spam protection functions may also be used.

Contact requests are generally deleted no later than 6 months after final processing unless legal retention duties, contractual relationships, open questions or legal claims require longer storage.

11. Spam Protection

Akismet may be used to prevent spam in forms or comments. If captcha services such as hCaptcha, reCAPTCHA or Cloudflare Turnstile are used, they protect against automated submissions, spam and abuse and may process technical data such as IP address, browser/device data, interaction data and timestamps.

12. Matomo Analytics

We use Matomo to measure reach and statistically analyse website usage. According to the current project status, Matomo is integrated locally or self-hosted in WordPress.

Matomo may process shortened or anonymised IP address, visited pages, date and time, duration, referrer, browser, operating system, device type, screen resolution, language, click paths and technical usage data.

Matomo is used only after consent if tracking cookies or non-essential analytics functions are used. Raw Matomo data is stored for a maximum of 90 days and aggregated statistics for a maximum of 14 months.

13. Google Analytics, Google Site Kit and MonsterInsights

Google Analytics, Google Site Kit, MonsterInsights or Google Tag Manager may be used if activated. These services analyse website usage and integrate Google services.

If Google Analytics is active, data such as IP address, device and browser information, page views, clicks, duration, referrer, interactions, identifiers, cookie IDs and technical location information may be processed. Use is based on consent.

14. Videos and External Media Content

External videos or media, for example via FV Player, YouTube, Vimeo or BunnyCDN/Bunny Stream, may be embedded where used. Loading external media may transmit IP address, device information, browser data, referrer, visited page, video interactions and cookies or similar technologies to the provider.

15. Security Functions, Rate Limiting and CSP Reports

We use technical security measures such as security headers, content security policy, access restrictions, rate limiting, abuse detection and security logging. CSP reports may process blocked resource, affected page, time, violation type, browser information and technical counters. IP addresses are currently processed in hashed form for rate limiting.

16. WooCommerce, WordPress and Error Logs

System, error and shop logs may be created to analyse errors, ensure security and maintain shop stability. Such logs may contain personal data such as email addresses, phone numbers, order numbers, payment status, error messages or IP addresses.

These logs are generally deleted no later than 90 days unless longer storage is required for a technical issue, payment case, security incident or legal claim.

17. Backups

We create backups to secure the website and shop data. Systems such as WPvivid, Duplicator or server-side backup functions may be used. Backups may contain website files, database, media, plugin data, orders, customer data, invoice data, form requests, logs and settings. Backups are generally deleted after no later than 90 days.

18. Comments and Product Reviews

Comments, product reviews and XML-RPC functions are currently disabled according to the project status. Therefore, we generally do not process personal data in this context.

19. Email Communication and Order Notifications

If you order or contact us, we may send transactional emails such as order confirmations, payment information, invoices, status messages or support replies. This may include email address, name, order data, communication content and technical sending information.

20. Recipients of Personal Data

Depending on the process, personal data may be passed to hosting and IT providers, payment providers, banks, tax advisors, accounting, legal advisors, support and maintenance providers, consent, security and analytics providers, communication/email providers and authorities where legally required.

21. Third-Country Transfers

Some services may process data outside the European Union or European Economic Area, especially payment, analytics, security, cloud or video services. Transfers take place only under the conditions of Art. 44 et seq. GDPR, such as adequacy decisions, the EU-U.S. Data Privacy Framework, EU standard contractual clauses or consent.

22. Storage Duration and Deletion

We store personal data only as long as necessary for the respective purposes or as required by law. Shop, invoice, payment and accounting data may be subject to retention periods of 6, 8 or 10 years. Typical regular periods include contact requests 6 months, server logs 30 days, WooCommerce/error logs 90 days, security reports 30 days, backups 90 days, Matomo raw data 90 days, Matomo statistics 14 months and consent records up to 3 years.

23. Your Rights

You have the rights of access, rectification, deletion, restriction of processing, data portability, objection, withdrawal of consent and complaint to a supervisory authority under the GDPR.

24. Right to Object under Art. 21 GDPR

If we process personal data on the basis of Art. 6(1)(f) GDPR, you may object at any time for reasons arising from your particular situation. We will then no longer process the data unless compelling legitimate grounds override your interests, rights and freedoms or the processing serves legal claims.

25. Right to Lodge a Complaint

You may complain to a data protection supervisory authority. For Rhineland-Palatinate, the competent authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz

Phone: 06131 8920-0
Email: poststelle@datenschutz.rlp.de

26. Obligation to Provide Data

Certain personal data is required to use the website, place an order, create an account, make a payment or contact us. Without required data, we cannot provide the website, process orders and payments, create invoices or answer requests.

27. Automated Decision-Making

We do not make automated decisions within the meaning of Art. 22 GDPR that have legal effects or similarly significant effects on you. Payment providers may carry out their own automated checks for fraud prevention, payment approval, risk assessment or identity verification.

28. Changes to this Privacy Policy

We may update this Privacy Policy if our website, services, plugins, payment methods, legal requirements or technical processes change. The current version is available on this website.

Secure payment SSL encrypted, PayPal and credit card.
Verified shop Reliable seller based in Germany.
Directly to your home Your SIM card arrives quickly and securely.