Privacy Policy

1. Data Controller

This website is operated by:

Barbara Weber
acting on behalf of
PLAY AND LOVE TRADING LTD.
13/F, OTB Building
259–265 Des Voeux Road Central
Central / Sheung Wan
Hong Kong

Email (general & legal): notes@barbara-weber.com
Email (shop-related): shop@barbara-weber.com

For individuals located in the EU/EEA, PLAY AND LOVE TRADING LTD. is considered the data controller.

⸻

2. Hosting and Server Log Files

This website is hosted by an external provider.
When you access our website, automatically processed server log files may include:
• IP address
• date and time of access
• accessed pages
• referrer URL
• browser type and version
• operating system

These data are necessary for technical delivery, security, and stability.

Legal basis (EU):
Art. 6(1)(f) GDPR — legitimate interest in providing a secure and stable website.

⸻

3. Data We Collect

We process personal data only when necessary or when you voluntarily provide it.

a) Contact (Email / Form Submissions)

When you contact us, we process:
• your name (if provided)
• your email address
• the content of your message

Purpose: Responding to your enquiry.
Legal basis (EU):
Art. 6(1)(b) GDPR (contract or pre-contractual steps) or
Art. 6(1)(f) GDPR (legitimate interest in communication).

⸻

b) Customer Accounts & Orders (WooCommerce)

When you place an order through our online shop, we process:
• name, address, billing details
• email address
• order information (products, prices, dates)
• login credentials (if you create an account)

Purpose: Order processing, delivery of digital or physical goods, accounting, customer management.

Legal basis (EU):
Art. 6(1)(b) GDPR — performance of a contract.
Art. 6(1)(c) GDPR — compliance with legal obligations (tax laws).

⸻

4. Payment Processing

We offer several payment methods through secure third-party payment providers.
When you complete a transaction, the payment provider processes your data independently.

Depending on your chosen method, the following may be processed:
• name
• billing information
• credit card or bank details
• payment amount
• transaction ID

We do not store full credit card details.

Legal basis (EU):
Art. 6(1)(b) GDPR — contract performance.
Art. 6(1)(f) GDPR — secure, efficient payment processes.

Included payment services:

Stripe (Credit Cards / Apple Pay / Google Pay)
Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin, Ireland
Privacy Policy: https://stripe.com/privacy

giropay
paydirekt GmbH, Stephanstraße 14–16, 60313 Frankfurt am Main, Germany
Privacy Policy: https://www.paydirekt.de/agb/index.html

American Express
American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
Privacy Policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

Mastercard
Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html

VISA
Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, UK
Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

⸻

5. Cookies & Consent

Our website uses:
• essential cookies (necessary for shop functions such as cart, checkout, language settings)
• functional cookies (for performance and security)

If additional cookies (e.g. analytics or marketing) are used, we will obtain your explicit consent through a cookie banner, where required.

Legal basis (EU):
Art. 6(1)(f) GDPR — essential cookies.
Art. 6(1)(a) GDPR — consent for non-essential cookies.

⸻

6. Data Retention

Unless a specific retention period is stated, we store personal data only as long as necessary to:
• fulfill the purposes listed above, or
• comply with legal retention requirements

After this period, data will be deleted or anonymised.

⸻

7. International Data Transfers

As a Hong Kong-based company, some personal data may be processed outside the EU/EEA.
Where we process personal data from EU individuals, we implement safeguards (such as contractual measures) to ensure compliance with GDPR requirements.

⸻

8. Your Rights (EU/EEA Visitors)

Under the GDPR, you have the following rights:
• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Right to withdraw consent at any time

To exercise any of these rights, please contact us at notes@barbara-weber.com.

⸻

9. Security (SSL/TLS)

We use SSL/TLS encryption to protect the transmission of confidential data.
Encrypted connections are indicated by the lock symbol in your browser bar.

⸻

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to comply with legal requirements or reflect changes in our services. The updated version replaces previous versions.