Privacy Policy for chrom-shop.com

Effective Date: April 24, 2025

  1. Purpose and Scope

This Privacy Policy applies to all activities related to the collection, processing, and use of personal data by CHROM in connection with the operation of our online shop. It applies to all employees and third-party service providers who process personal data on our behalf.

  1. Principles of Data Protection

We are committed to complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) for customers in the EU, and any other applicable regulations. Personal data will be processed in accordance with the following principles:

  • Lawfully, transparently, and for specified purposes

  • Minimally (only as necessary)

  • Accurately and kept up to date

  • Retained only as long as necessary, and deleted when no longer needed

  • Securely (protected both technically and organizationally)

  1. Types of Processed Data

We process the following types of personal data:

  • Customer Data: Name, address, email, phone number

  • Payment Data: Information related to payment methods (e.g., PayPal, Stripe, bank transfer), but we do not store full payment card details

  • Order Data: Product details, quantities, price, order date

  • Communication Data: Emails, support requests

  • Technical Data: IP addresses, usage data related to web hosting

  1. Purposes of Data Processing

Personal data is processed solely for the following purposes:

  • Processing and fulfillment of orders

  • Customer communication

  • Compliance with legal obligations (e.g., data retention requirements)

  • Improving our offerings and website

  • IT security and fraud prevention

  1. Data Processing and Data Sharing

We work with carefully selected third-party service providers (e.g., hosting providers, payment services, shipping companies) who process personal data only as part of an agreement (Data Processing Agreement) under the relevant data protection laws (e.g., GDPR or CCPA).

We will not share your personal data further unless there is a legal obligation or you have explicitly consented to such sharing.

  1. Data Retention

Personal data will be retained only as long as necessary for the processing purpose or as required by law. For example, accounting records must be kept for up to 10 years as per U.S. tax law and other applicable legal regulations.

Once retention periods expire, data will be automatically deleted or anonymized.

  1. Data Security

We implement technical and organizational security measures to protect personal data from loss, destruction, unauthorized access, alteration, or dissemination. These measures include:

  • SSL encryption for data transmission

  • Password protection and access controls

  • Regular software updates and backups

  • Privacy-friendly settings within our shop system

  1. Rights of Data Subjects

You have the following rights with respect to your personal data:

  • Right of access

  • Right to rectification

  • Right to erasure (Right to be forgotten)

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

Requests can be submitted to info@chrom-music.com. We will respond promptly and in accordance with the applicable data protection laws (e.g., GDPR, CCPA).

  1. Data Protection Officer (If Required)

Currently, we are not required to appoint a Data Protection Officer (DPO) under applicable laws such as GDPR. For any privacy-related questions, please contact:

Christian Marquis
Tuchmühle 21B
52355 Düren
Germany
Email: info@chrom-music.com

  1. Changes to this Policy

This Privacy Policy is regularly reviewed and updated as necessary to reflect legal or operational changes.

CHROM Shop

Contact

Imprint

info@chrom-music.com

© 2025. All rights reserved.

Privacy Policy

Right of Withdrawal

Shipping

Terms and Conditions