Privacy policy

1. Introduction

This Privacy Policy explains how Bling Inc. collects, uses, and protects your personal data when you visit or make a purchase from bling-inc.com. We comply with the General Data Protection Regulation (GDPR) and applicable German data protection law (BDSG).

We only collect data that is necessary for running our store, fulfilling orders, and meeting our legal obligations. We do not sell your data to third parties.

2. Data Controller

The data controller responsible for your personal data is:

Jakub Sebastian Cybula Grossbeerenstr. 17a 10963 Berlin, Germany

Email: contact@bling-inc.com

Bling Inc. operates as a Kleinunternehmen under §19 UStG.

3. Personal Data We Collect

We collect the following categories of personal data:

  • Identity & contact data: name, billing and shipping address, email address, phone number (if provided)

  • Order data: items purchased, order history, payment method (card type/last digits — full payment details are processed by Shopify Payments or PayPal and never stored by us)

  • Communication data: emails and messages exchanged with us

  • Technical data: IP address, browser type and version, device type, pages visited, and time spent on site — collected via cookies and analytics tools

  • Review data: if you submit a product review via Judge.me, your name and review content are collected and displayed publicly

4. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfil your order, including dispatch and delivery

  • To communicate with you about your order, returns, or warranty claims

  • To comply with tax and accounting obligations under German law (§147 AO — 10-year retention)

  • To prevent fraud, abuse, and chargebacks

  • To improve our website and shopping experience via analytics

  • To serve relevant advertising via Meta and Google, based on your consent

  • To send marketing emails in the future — only with your explicit opt-in consent

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Art. 6(1)(b) GDPR — Contract performance: processing necessary to fulfil your order and manage returns or warranty claims

  • Art. 6(1)(c) GDPR — Legal obligation: retention of transaction records for tax and accounting purposes

  • Art. 6(1)(f) GDPR — Legitimate interests: fraud prevention, security, and basic site operation

  • Art. 6(1)(a) GDPR — Consent: analytics tracking (Google Analytics), advertising pixels (Meta Pixel), and future marketing emails — all require your explicit consent and can be withdrawn at any time

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our site. A consent banner is displayed on your first visit — no non-essential cookies are loaded until you give explicit consent.

We use the following categories of cookies:

  • Strictly necessary cookies: required for the site to function (shopping cart, checkout, security). These do not require consent.

  • Analytics cookies: Google Analytics is used to understand how visitors interact with our site. This requires your consent and can be declined or withdrawn at any time.

  • Marketing cookies: Meta Pixel is used to measure ad performance and serve relevant ads on Facebook and Instagram. This requires your consent and can be declined or withdrawn at any time.

You can manage or withdraw cookie consent at any time via the cookie settings on our website, or through your browser settings.

For more detail, see the Shopify Cookie Policy.

7. Sharing of Personal Data

We share your data only with the following third parties, and only to the extent necessary:

  • Shopify Inc. — our e-commerce platform provider. Shopify Privacy Policy

  • PayPal — for payment processing where selected. PayPal Privacy Policy

  • Shipping carriers (DHL, DPD, UPS, FedEx) — your name and delivery address are shared to enable dispatch and delivery

  • Judge.me — for product reviews. Your name and review content may be displayed publicly. Judge.me Privacy Policy

  • Google LLC — for Google Analytics (with your consent). Google Privacy Policy

  • Meta Platforms Inc. — for Meta Pixel advertising (with your consent). Meta Privacy Policy

We do not sell, rent, or trade your personal data. All third-party processors are bound by data processing agreements.

8. International Data Transfers

Some of our third-party service providers (including Shopify, Google, and Meta) are based outside the European Economic Area. Where data is transferred internationally, appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) as approved by the European Commission — to ensure your data is protected to the same standard as within the EU.

9. Data Retention

We retain your personal data only for as long as necessary:

  • Order and transaction data: 10 years, as required by German tax law (§147 AO / Handelsgesetzbuch)

  • Communication data: up to 3 years, in case of disputes or warranty claims

  • Analytics and tracking data: as defined by Google and Meta's respective retention settings

  • Review data: retained as long as the review is published on our store

When data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you

  • Right to rectification — request correction of inaccurate or incomplete data

  • Right to erasure — request deletion of your data, subject to legal retention obligations

  • Right to restriction — request that we limit how we use your data

  • Right to data portability — receive your data in a structured, machine-readable format

  • Right to object — object to processing based on legitimate interests

  • Right to withdraw consent — withdraw consent for analytics or marketing at any time, without affecting prior processing

To exercise any of these rights, contact us at contact@bling-inc.com. We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Alt-Moabit 59–61, 10555 Berlin www.datenschutz-berlin.de

11. Data Security

Our store uses SSL/TLS encryption for all data transmitted between your browser and our site. Shopify, our platform provider, maintains industry-standard security infrastructure including PCI-DSS compliance for payment data. We do not store full payment card details.

In the unlikely event of a data breach that affects your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by Art. 33–34 GDPR.

12. Children's Privacy

Our store is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will always reflect the most recent version. For significant changes, we will notify customers via email where possible.

14. Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact us at contact@bling-inc.com.

Jakub Sebastian Cybula Grossbeerenstr. 17a 10963 Berlin, Germany

Bling Inc. is operated as a Kleinunternehmen registered in Berlin, Germany.