Data Protection

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 General Information

We are pleased that you are visiting our website and thank you for your interest in our company and our products. In this privacy policy, we inform you about how we process personal data when you use our website and our online shop.

Personal data is any data with which you can be personally identified, e.g., name, address, email address, IP address, order data.

1.2 Controller

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

AchievePrime GmbH
Mauerkircherstrasse 177
81925 Munich
Germany

Managing Director: Elena Bukreeva

Email: info@achieveprime.com
Web: https://www.achieveprime.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 SSL/TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by "https://" and the lock symbol in your browser's address bar.

2. Data Collection When Visiting Our Website (Server Log Files)

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (or to the servers of our hosting provider) (so-called "server log files").

The following data is automatically collected:

• Page visited / URL
• Date and time of access
• Amount of data transferred
• Source/referrer from which you reached the page
• Browser used
• Operating system used
• IP address used (in shortened/anonymized form)

The processing is based on Art. 6 (1) (f) GDPR due to our legitimate interest in the technical stability, security, and functionality of the website. The IP address is anonymized after 7 days, so that it is no longer possible to establish a reference to a person. The log files are only evaluated in the event of security incidents or for error analysis. This data is not passed on, unless there are concrete indications of illegal use; in this case, we reserve the right to carry out a subsequent review.

3. Hosting, Platform & Content Delivery

Shopify as Platform and Host
Our online shop is operated via the service "Shopify":

Shopify International Ltd.
2nd Floor, 1-2 Victoria Buildings
Haddington Road, Dublin 4, D04 XN32
Ireland

Shopify provides us with the technical infrastructure for the shop, hosting, the shop system, checkouts, and parts of the payment processing. Shopify processes on our behalf, among other things:

• Server log data (see above)
• Order and contract data
• IP addresses
• Browser and device data
• Payment and checkout data

The processing is based on Art. 6 (1) (b) GDPR (contract fulfillment) and Art. 6 (1) (f) GDPR (legitimate interest in a secure, stable shop operation).

Shopify may process data in Canada (a country with an EU Commission adequacy decision) and in the USA. For data transfers to the USA, we rely on the Standard Contractual Clauses of the EU Commission. We have assessed the data protection risks of such a transfer and, within the scope of what is possible for us, have taken additional technical and organizational measures to protect your data from access by US authorities. Further information on data processing by Shopify and international data transfers can be found in Shopify's privacy policy: https://www.shopify.com/legal/datenschutz.

4. Cookies

4.1 General Information on Cookies

To make visiting our website attractive, to enable certain functions, and to implement statistics and marketing measures, we use cookies. These are small text files that are stored on your end device.

Among others, a distinction is made between:

• Session cookies (are deleted after closing the browser)
• Persistent cookies (remain stored for a defined period)
• First-party cookies
• Third-party cookies through tools like Meta, Google, TikTok, Pinterest, etc.

Depending on the purpose, cookies can process the following data, for example:

• Session ID
• Shopping cart contents
• Language settings
• IP address (possibly shortened)
• Browser and device data
• Usage behavior (clicks, pages visited, conversions)

4.2 Legal Bases

Technically necessary cookies:
Art. 6 (1) (f) GDPR (legitimate interest in providing a functional website and shop, e.g., shopping cart, login, checkout).

Statistics and marketing cookies (Google Analytics, Google Ads, Meta Pixel, TikTok Pixel, Pinterest Tag, etc.):
Art. 6 (1) (a) GDPR (consent via our cookie/consent banner).

4.3 Shopify Consent API

We use the Shopify Consent API as a consent management solution. On your first visit to the website, you will be informed via a banner about the use of cookies and similar technologies. There you can consent to or reject certain categories (e.g., marketing, statistics).

Your decisions are stored in a cookie so that the banner does not reappear on every visit, unless you delete your cookies or change your selection.

4.4 Cookie Control in the Browser

You can set your browser to inform you about the setting of cookies, to decide on the acceptance of cookies in individual cases, to generally exclude cookies, or to automatically delete cookies when closing the browser.

Please note that if you disable cookies, some functions of our shop (especially shopping cart and checkout) may be restricted.

5. Contacting Us

When you contact us (e.g., by email or contact form), we process the personal data you provide:

• Name (if provided)
• Email address
• Any further contact details
• Content of your message

The purpose of the processing is to handle your request and any follow-up communication.

Legal bases:

• Art. 6 (1) (b) GDPR (pre-contractual or contractual inquiries)
• Art. 6 (1) (f) GDPR (our legitimate interest in customer communication)

The data will be deleted as soon as your inquiry has been finally processed and no statutory retention obligations oppose deletion.

6. Data Processing when Opening a Customer Account and for Contract Processing

6.1 Customer Account

You can create a customer account in our shop. For this purpose, we process, among other things:

• Name
• Address
• Email address
• Login data (password in hashed form)
• Order history, if applicable

Legal basis: Art. 6 (1) (b) GDPR (contract / pre-contractual measures).

You can have your customer account deleted by us at any time. Please write to us at the email address mentioned above for this purpose.

6.2 Orders

For orders, we process:

• Master data: Name, billing and delivery address
• Contact data: Email, possibly telephone
• Order data: Products, prices, discounts, shipping method
• Payment data (depending on the chosen payment method)

Legal basis: Art. 6 (1) (b) GDPR (fulfillment of the purchase contract);
Storage due to commercial and tax law obligations according to Art. 6 (1) (c) GDPR.

7. Use of Your Data for Direct Marketing (Email Newsletter)

7.1 Newsletter Registration

If you subscribe to our newsletter, we use your email address to regularly send you information about products, promotions, and news.

Mandatory information: Email address

Optional (for personalization): Name

For registration, we use the double opt-in procedure:

• You enter your email address on the website.
• You receive a confirmation email with a link.
• Your registration only becomes active after clicking on this link.

We store upon registration:

• Email address
• IP address
• Date and time of registration and confirmation

Legal basis: Art. 6 (1) (a) GDPR (consent).

You can revoke your consent at any time with effect for the future, e.g., via the unsubscribe link in the newsletter or by email to us. Your email address will then be deleted from the distribution list, unless further consent exists or there is a legal obligation for further storage.

7.2 Technical Dispatch (Shopify Email)

For sending the newsletter, we use the email service "Shopify Email". Your email address and, if applicable, other registration data are transmitted to this service. Shopify may process this data in Canada and the USA; protection is ensured through appropriate guarantees (EU Standard Contractual Clauses).

Analysis of User Behavior: If you have given us separate consent for this (Art. 6 (1) (a) GDPR), we analyze whether a newsletter was opened and which links were clicked (tracking). This serves the statistical evaluation and optimization of our newsletters. A direct personal reference cannot be established by us from these statistics. This consent is voluntary and can be revoked at any time.

8. Processing of Data for Order Processing

8.1 Disclosure to Shipping & Logistics Service Providers (Packlink PRO and Direct Commissioning)

To process orders, we pass on personal data to our shipping service providers. For this purpose, we use, among others, the service Packlink PRO (Auctane S.L.U., Spain).

Via Packlink PRO and/or through direct commissioning via the websites of the shipping service providers, our shipping data is transmitted to the following transport service providers depending on the shipping method, as far as this is necessary for delivery:

• DHL Paket
• Deutsche Post
• DPD
• Hermes
• GLS
• UPS
• FedEx
• InPost (Parcel Stations)

Processed data includes in particular:

• Name
• Delivery address
• Email address and/or telephone number for shipment tracking / delivery information, if applicable
• Information about the shipment (weight, package content in descriptive form, tracking number)

Legal basis for data processing: Art. 6 (1) (b) GDPR (contract fulfillment, delivery of goods).

If you expressly consent during the ordering process that we pass on your email address or telephone number to the respective shipping service provider for notification and shipping information (e.g., parcel announcement, delivery options), this transmission is additionally based on Art. 6 (1) (a) GDPR (consent). You can revoke a given consent at any time with effect for the future.

8.2 Payment Service Providers and Payment Processing

To process payments, we use the following payment methods / providers:

• Shopify Payments (incl. Stripe, Klarna, credit card and possibly other methods integrated in Shopify Payments)
• PayPal

Depending on the chosen payment method, the necessary data is transmitted to the respective payment service provider:

• Name
• Billing address
• Delivery address, if applicable
• Payment information (e.g., IBAN, credit card data in token form, transaction ID)
• Order amount, currency, date

Legal basis: Art. 6 (1) (b) GDPR (contract processing).

Shopify Payments / Stripe
Stripe Payments Europe Ltd.
Harcourt Centre, Block 4, Harcourt Road
Dublin 2, Ireland
Privacy Policy: https://stripe.com/de/privacy

Klarna (via Shopify Payments)
Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden
Privacy Policy: https://www.klarna.com/de/datenschutz/

PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

The payment service providers may in turn conduct credit checks and process further data; please refer to the respective privacy policies of the providers for details.

9. Online Marketing & Web Analysis

9.1 Google Analytics 4 (GA4) incl. Google Signals

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Processed data:

• IP address (shortened/anonymized)
• Device information (browser, device type, operating system)
• Usage behavior (pages visited, clicks, dwell times, conversions)
• Approximate location data (country, region, city)
• Technical events (scrolls, video views, purchases, etc.)

We have activated IP anonymization, so that your IP address is shortened within the EU/EEA.

We also use Google Signals, provided you have activated personalized advertising in your Google account. In this context, Google can aggregate cross-device usage data (e.g., usage on smartphone and laptop).

Legal basis: Art. 6 (1) (a) GDPR (consent via the cookie banner).

You can:

• Change or revoke your consent in the cookie banner at any time
• Use a browser add-on to disable it: https://tools.google.com/dlpage/gaoptout

9.2 Google Ads Conversion Tracking & Remarketing

We use Google Ads and the associated Conversion Tracking to measure the success of our Google ads and to display interest-based advertising.

Google uses cookies or similar technologies (e.g., Advertising IDs) for this purpose. Processed data includes, among others:

• Cookie ID / Advertising ID
• IP address (shortened)
• Pages accessed, clicks
• Completed conversions (e.g., purchase, newsletter registration)

We also use Google Ads Remarketing to address visitors again with personalized ads.

Legal basis: Art. 6 (1) (a) GDPR (consent).

You can influence personalized advertising, among other ways, here:

• https://adssettings.google.com
• Via the settings in your browser / mobile device

9.3 Google reCAPTCHA

We use "Google reCAPTCHA" on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA serves to protect the input forms on our website from misuse by automated programs (bots) and to ensure the security of the shop operation.

Among others, the following data is processed:

• IP address
• Date and duration of the visit
• Mouse movements and user interactions
• Device and browser information (e.g., operating system, language, screen resolution)
• Existing Google cookies, if applicable

The analysis by reCAPTCHA starts automatically as soon as you access a page with reCAPTCHA content. The collected information is usually transmitted to a Google server and stored there, possibly also in the USA.

The use of Google reCAPTCHA is based on Art. 6 (1) (f) GDPR (legitimate interest in preventing misuse and securing our IT systems). If cookies or similar technologies are set in connection with reCAPTCHA and you have given your consent via our consent banner, the processing is additionally based on Art. 6 (1) (a) GDPR.

Further information on data processing by Google can be found in Google's privacy policy: https://policies.google.com/privacy

as well as in the terms of use for reCAPTCHA: https://www.google.com/recaptcha/intro/v3.html

10. Retargeting, Social Media & Pixels

10.1 Meta Pixel (Facebook/Instagram) & Conversions API

We use Meta Pixel and Meta Conversions API on our website (Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

This allows us to:

• Attribute conversions (e.g., purchases) to Meta
• Define audiences ("Custom Audiences")
• Optimize our ads on Facebook and Instagram

Processed data:

• IP address
• Device information
• Browser data and cookie IDs
• Pages accessed, interactions
• Purchase events (e.g., shopping cart, checkout) in pseudonymized form

Legal basis: Art. 6 (1) (a) GDPR (consent in the cookie banner).

You can control personalized advertising from Meta, among other ways, here: https://www.facebook.com/ads/preferences

10.2 TikTok Pixel

We use the TikTok Pixel to measure conversions and to display personalized advertising on TikTok.

Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Processed data:

• IP address
• Device and browser information
• Cookie IDs
• Interactions and conversions (e.g., purchases)

Legal basis: Art. 6 (1) (a) GDPR.

10.3 Pinterest Tag

We use the Pinterest Tag to enable conversion tracking and interest-based advertising on Pinterest.

Provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Processed data:

• Cookie IDs
• IP address
• Device information
• Usage of our shop (e.g., pages visited, purchases)

Legal basis: Art. 6 (1) (a) GDPR.

11. Use of Shopify Apps and Other Tools

We use various apps within our Shopify shop. These apps are usually data processors and process personal data only as far as necessary for their function.

Important apps:

• Translate & Adapt: Serves the translation and localization of content. Legal basis: Art. 6 (1) (f) GDPR (better user experience).
• PayHelm: Analytics & Reports: Creates reports and analyses from shop data (orders, sales, products). Data is processed in pseudonymized form. Legal basis: Art. 6 (1) (f) GDPR (business analysis, reporting).
• Order Printer Pro: Serves to create invoices, delivery notes, etc. Processes order and customer data. Legal basis: Art. 6 (1) (b) GDPR (contract fulfillment).
• Packlink PRO: The processing of personal data by Packlink PRO as well as the transmission of shipping data to the respective transport service providers is carried out exclusively as described in section 8.1.
• Instafeed: Displays an Instagram feed in the shop. Processes, among others, IP address and technical data for display. Legal basis: Art. 6 (1) (f) GDPR (attractive presentation of the social feed), possibly Art. 6 (1) (a) GDPR (for tracking/marketing cookies).
• Search & Discovery: Improves product search and filter functions. Processes search queries, clicks, and interactions. Legal basis: Art. 6 (1) (f) GDPR (optimization of user navigation).
• Bundles: Enables the display and sale of product bundles. Processes order and product data. Legal basis: Art. 6 (1) (b) GDPR.
• Webrex AI SEO Optimizer: SEO optimization tool. Processes content (texts, images, metadata). Legal basis: Art. 6 (1) (f) GDPR (marketing & visibility).
• Flexify for Facebook: Creates product data feeds for Meta (Facebook/Instagram Shopping). Processes product data, prices, and availability. Legal basis: Art. 6 (1) (f) GDPR (product catalog for social shopping), in conjunction with Art. 6 (1) (a) GDPR (marketing tracking via Meta Pixel).

12. Recipients of Personal Data

We only pass on your personal data to such recipients who need this data to fulfill contractual or legal obligations or on the basis of our legitimate interests.

The categories of recipients include in particular:

• Shopify International Ltd. as platform provider and host for providing the shop platform, hosting, and payment processing (Legal bases: Art. 6 (1) (b) and (f) GDPR; data transfer to third countries, in particular USA and Canada, based on appropriate guarantees such as Standard Contractual Clauses).
• Payment service providers (Stripe, PayPal, Klarna) for processing payments (Legal basis: Art. 6 (1) (b) GDPR; data transfer to third countries may occur depending on the provider).
• Shipping service providers (e.g., DHL, Deutsche Post, DPD, Hermes, GLS, UPS, FedEx, InPost) for delivering your order (Legal basis: Art. 6 (1) (b) GDPR; generally no transfer to third countries).
• Marketing and analysis providers (e.g., Google, Meta, TikTok, Pinterest) for conducting advertising, conversion measurement, and web analysis (Legal basis: Art. 6 (1) (a) GDPR; data transfer in particular to the USA based on appropriate guarantees).
• Google Ireland Limited within the scope of the Google reCAPTCHA service for protection against misuse, spam, and bot detection (Legal bases: Art. 6 (1) (f) GDPR, possibly additionally Art. 6 (1) (a) GDPR; data transfer to the USA based on appropriate guarantees).
• Providers of Shopify apps (e.g., PayHelm, Packlink PRO, Instafeed, Webrex, Flexify) that provide specific shop functions (Legal bases: Art. 6 (1) (b) and (f) GDPR; data transfer to third countries may occur depending on the provider).

13. Rights of Data Subjects

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure / "Right to be forgotten" (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to object according to Art. 21 GDPR
If we process your data on the basis of Art. 6 (1) (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. If data is processed for direct marketing purposes, you can object to the processing for this purpose at any time; we will then no longer use the data for direct marketing.

Right to lodge a complaint
You have the right to lodge a complaint with the competent data protection supervisory authority. The competent authority for us is:

Der Bayerische Landesbeauftragte für den Datenschutz
Postfach 22 12 19, 80502 Munich
Website: https://www.datenschutz-bayern.de/

14. Duration of Storage

We store personal data only as long as necessary for the respective purposes or as long as statutory retention periods exist.

Examples:

• Tax and commercial law obligations (e.g., invoices, commercial books): usually 10 years (§ 147 AO, § 257 HGB)
• Contract-related data: for the duration of the contract and until the expiry of statutory limitation periods
• Data based on consent: until the consent is revoked, unless other legal bases oppose

After the purpose ceases to apply or statutory periods expire, personal data is routinely deleted or anonymized.

Last updated: November 22, 2025