PRIVACY POLICY

1) WHO WE ARE

ONLYDIRTFANS

Vierhausstr. 92, 44807 Bochum, Germany

Email: hello@onlydirtfans.com

This policy explains what personal data we collect, why we collect it, and the rights you have.

2) WHAT DATA WE COLLECT

  • You give us: contact details (name, email, phone), addresses, order details, returns info, messages via forms/WhatsApp/email.
  • Collected automatically: IP address, device & browser info, pages viewed, time stamps, cookies/consents.
  • When you shop: products, order value, payment method (tokenized), delivery & billing addresses.
  • When you subscribe/engage: newsletter preferences, open/click behavior (if you consent), campaign interactions.

3) WHY WE USE YOUR DATA (PURPOSES & LEGAL BASIS)

  • Run our site & shop (hosting, security, load balancing). Art. 6(1)(f) GDPR
  • Process orders & returns (contract performance, payments, shipping). Art. 6(1)(b) GDPR
  • Customer support & communications (forms, WhatsApp, Zendesk). Art. 6(1)(b)/(f) GDPR
  • Analytics & performance (cookies, pixels, A/B tests). Consent: Art. 6(1)(a) GDPR / §25 TTDSG
  • Marketing & remarketing (if you consent). Art. 6(1)(a) GDPR
  • Legal duties, fraud prevention, security. Art. 6(1)(c)/(f) GDPR

4) COOKIES & CONSENT

We use cookies and similar tech. Essential cookies run on legitimate interests to make the site work. Analytics/marketing cookies only run with your consent via our banner (CookieFirst). You can change your preferences anytime via the consent manager or your browser settings (functionality may be limited).

5) HOSTING & CDN

  • Shopify International Ltd., Dublin, Ireland – store hosting, e-commerce platform, checkout. See Shopify Privacy.
  • Cloudflare Inc., USA – CDN, security (DDoS protection), DNS. Transfers safeguarded (SCC/DPF where applicable).

6) CONSENT MANAGEMENT

  • CookieFirst (Digital Data Solutions B.V., NL) – records your cookie consents and stores a consent cookie (IP anonymized, user agent, consent time/URL).

7) ANALYTICS, MEASUREMENT & TAGS (WITH CONSENT)

  • GOOGLE TAG MANAGER (Google Ireland Ltd.) – loads tags; GTM itself does not profile users.
  • GOOGLE ANALYTICS (with IP anonymization) – page views, sessions, device data, ecommerce measurement.
  • HOTJAR – heatmaps, clicks, scrolls, session insights, on-site feedback.
  • KLAR ATTRIBUTION (Klar Insights GmbH) – reach/attribution measurement; opt-out link available in our policy or consent banner.

8) ADVERTISING & REMARKETING (WITH CONSENT)

  • GOOGLE ADS / REMARKETING / CONVERSION TRACKING – shows relevant ads and measures conversions; may use customer match.
  • META (FACEBOOK/INSTAGRAM) PIXEL & CONVERSIONS API – ad performance, custom audiences, advanced matching.
  • TIKTOK PIXEL – ad performance, audiences and conversion measurement.

You can manage ad settings in your platform accounts (Google Ad Settings, Facebook Ad Preferences, TikTok Settings) or withdraw consent in our cookie banner.

9) EMBEDS & PROTECTION TOOLS (WITH CONSENT WHERE REQUIRED)

  • YOUTUBE (ENHANCED PRIVACY MODE) – video embeds (local storage used by YouTube).
  • GOOGLE RECAPTCHA – protects forms from bots.
  • SPOTIFY EMBEDS – music player integrations.
  • ZENDESK – CRM/helpdesk for support tickets.

10) NEWSLETTER (KLAVIYO)

If you subscribe, we use Klaviyo (USA) to send emails. We operate double opt-in, track opens/clicks with your consent, and you can unsubscribe anytime via the link in every email. Legal bases: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) (compliance & deliverability). SCCs apply for US transfers.

11) COMMUNICATION VIA WHATSAPP BUSINESS

We use WhatsApp Business (WhatsApp Ireland Ltd.) for fast support. Content is end-to-end encrypted; metadata may be processed by WhatsApp/Meta. Legal basis: Art. 6(1)(f) GDPR (efficient support) or Art. 6(1)(a) if you initiate chat and consent to this channel.

12) PAYMENTS

We integrate third-party payment providers to process secure payments. Depending on your choice, name, order total, masked payment details are shared with the provider solely for payment. Each provider is a separate controller with its own policy. Providers may include:

Shopify Payments, PayPal, Apple Pay, Google Pay, Klarna (incl. Sofort), Mollie, American Express, Mastercard, VISA.

Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) (fraud prevention). International transfers are protected by SCCs/DPF or equivalent safeguards.

13) DATA SHARING

We share data with processors (hosting, logistics, payments, support, analytics) under data processing agreements. We only share what’s necessary. For international transfers, we use EU Standard Contractual Clauses and/or EU-US Data Privacy Framework certifications, plus additional safeguards where required.

14) HOW LONG WE KEEP DATA

We keep data only as long as needed for the purposes stated (orders: statutory retention; support: until resolved; marketing: until consent withdrawal). If you withdraw consent or request deletion, we erase data unless legal obligations require retention.

15) YOUR RIGHTS

You have the right to:

  • Access your data,
  • Rectify inaccurate data,
  • Erase data (“right to be forgotten”),
  • Restrict processing,
  • Object to processing based on legitimate interests or direct marketing,
  • Data portability,
  • Withdraw consent at any time (affects future processing).

Contact: hello@onlydirtfans.com. You also have the right to lodge a complaint with your local data protection authority.

16) SECURITY (SSL/TLS & PAYMENTS)

Our site uses HTTPS (SSL/TLS). Payment data is processed by certified providers over encrypted connections. We implement technical and organizational measures to protect your data; no method is 100% secure, but we follow best practices.

17) RETURNS, CONTACT FORMS & ACCOUNT

  • Forms/Email/Phone: We process your inputs to handle your request. Art. 6(1)(b)/(f) GDPR.
  • Returns: We process order/identity data to manage returns or exchanges. Art. 6(1)(b) GDPR.
  • Accounts (if enabled): We process registration data to provide account features. Art. 6(1)(b) GDPR.

18) NO UNSOLICITED MARKETING

We do not use your legal-notice contact details for unsolicited advertising. You can object to marketing at any time.

19) CHILDREN

Our website is not intended for children under 16. We do not knowingly collect data from children.

20) UPDATES TO THIS POLICY

We may update this policy to reflect legal or technical changes. The latest version applies at the time of your visit.

CONTACT

Questions or requests?

ONLYDIRTFANS – Data Protection

Email: hello@onlydirtfans.com

Address: Vierhausstr. 92, 44807 Bochum, Germany