Privacy Policy

1. Data Controller

The party responsible for data processing on this website is:

HatiHati Studios GmbH
Heckscherstraße 1a, 20253 Hamburg, Germany
E-mail: info@hatihatistudios.com
Represented by the Managing Directors: Paulina Stopa, Kinga Kalinowski

2. General Information on Data Processing

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The legal bases are, in particular, consent (Art. 6(1)(a) GDPR), performance of a contract (Art. 6(1)(b) GDPR), a legal obligation (Art. 6(1)(c) GDPR) and our legitimate interest (Art. 6(1)(f) GDPR).

3. Hosting / Shopify

This website is operated on the e-commerce platform of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland). Shopify processes the data collected via the website on our behalf (data processing pursuant to Art. 28 GDPR). Where data is transferred to third countries (e.g. the USA), this is done on the basis of appropriate safeguards (EU Standard Contractual Clauses or the EU-US Data Privacy Framework). The legal basis is our legitimate interest in providing a secure and efficient online shop (Art. 6(1)(f) GDPR) and the performance of a contract (Art. 6(1)(b) GDPR).

4. Server Log Files

When you access our website, information is automatically collected in server log files (e.g. IP address, date and time, page accessed, browser type). This data is used for the technical provision and security of the website. The legal basis is Art. 6(1)(f) GDPR.

5. Cookies & Consent Management

Our website uses cookies. Technically necessary cookies are set on the basis of Art. 6(1)(f) GDPR and Section 25(2) TDDDG. All non-essential cookies (e.g. for statistics or marketing) are only set after your express consent via our consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). You can withdraw your consent at any time with effect for the future.

6. Order Processing & Customer Account

To process your order, we process the data you provide (name, address, e-mail address, payment and, if applicable, delivery data). Processing is carried out for the performance of a contract (Art. 6(1)(b) GDPR) and to comply with tax and commercial retention obligations (Art. 6(1)(c) GDPR). You may optionally create a customer account; processing is then based on your consent (Art. 6(1)(a) GDPR).

7. Payment Service Providers

To process payments, we pass on your payment data to the selected payment service provider. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR). We use:

  • Shopify Payments (Shopify International Ltd., Ireland)
  • PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg)
  • Klarna (Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden)
  • Apple Pay (Apple Inc.) and Google Pay (Google Ireland Ltd.)

The respective providers process your data as independent controllers in accordance with their own privacy policies.

8. Shipping

To deliver your order, we pass on your address and, if applicable, contact data to our shipping provider Hermes (Hermes Germany GmbH, Essener Straße 89, 22419 Hamburg). The legal basis is the performance of a contract (Art. 6(1)(b) GDPR).

9. Contacting Us

If you contact us by e-mail, we process your information to handle your request. The legal basis is Art. 6(1)(b) GDPR (for contract-related requests) or Art. 6(1)(f) GDPR (legitimate interest in responding).

10. Newsletter

If you subscribe to our newsletter, we process your e-mail address via Shopify Email (Shopify International Ltd.). The newsletter is sent using the double opt-in procedure on the basis of your consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time via the unsubscribe link.

11. Reach Analysis (Shopify Analytics)

We use the analytics functions integrated into Shopify to evaluate and improve the use of our shop. Insofar as non-essential cookies are used for this purpose, this is only done with your consent (Art. 6(1)(a) GDPR).

12. Social Media

We maintain a presence on social networks (e.g. Instagram, Facebook). When you visit our profiles, the privacy policies of the respective provider apply. Processing is based on our legitimate interest in public presentation and communication (Art. 6(1)(f) GDPR).

13. Retention Period

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods (in particular commercial and tax law, generally 6 to 10 years).

14. Your Rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may withdraw any consent given at any time with effect for the future. To exercise your rights, simply send a message to info@hatihatistudios.com.

15. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is: The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany.

16. Data Security

We use SSL/TLS encryption to protect the transmission of your data. You can recognise an encrypted connection by the "https://" and the lock symbol in your browser bar.

Last updated: June 2026. This privacy policy will be updated if our services or the legal situation change.