Skip to Content

Privacy Policy

Last updated: 1. Mai 2026

This privacy policy applies to the use of the online shop at idcraft.shop and its associated online services (hereinafter "Shop"). We take the protection of your personal data very seriously. All data is collected and processed in accordance with applicable data protection law, in particular the EU General Data Protection Regulation (GDPR).

1. Data Controller

IDCRAFT GmbH

Siemensstraße 5b

67141 Neuhofen, Deutschland

E-Mail:.

Telefon: +49 6236 4494 685

2. Collection and Processing of Personal Data

2.1 Orders and Purchase Processing

When you place an order in our shop, we process the following personal data to fulfil the purchase contract:

  • Name and address (delivery and billing address)
  • Email address
  • Phone number (if provided)
  • Order details (products, quantities, prices)
  • IP address and order timestamp

The legal basis is Art. 6(1)(b) GDPR (contract performance). Data is retained for as long as required to process the contract and to comply with statutory retention obligations (in particular tax law, typically 10 years).

2.2 Customer Account and Login

If you create a customer account in our shop, we process the following data:

  • Name and email address
  • Password (stored in encrypted form)
  • Order and account history
  • IP address and time of registration/login

The customer account allows you to manage your orders, addresses and personal data. The legal basis is Art. 6(1)(b) GDPR (contract initiation/performance) and Art. 6(1)(f) GDPR (legitimate interest in secure access). You may request deletion of your account at any time by contacting us at info@idcraft.com.​.

2.3 Access Data / Server Log Files

When you visit the shop, connection data is collected automatically, including:

  • IP address (anonymised)
  • Date and time of access
  • Pages visited / URLs
  • Browser and operating system type
  • HTTP status code

This data is used solely for the secure operation of the shop and is not evaluated on a personal basis. Legal basis: Art. 6(1)(f) GDPR.

2.4 Cookies

Our shop uses cookies. Technically necessary cookies (e.g. for the shopping cart, session and login) are required for the operation of the shop and are set without separate consent (Art. 6(1)(f) GDPR). For optional analytics and marketing cookies, we obtain your consent. You can adjust cookie settings at any time in your browser.

2.5 Odoo as a Platform

Our shop is based on Odoo software (Odoo S.A., Chaussée de Namur 40, B-1367 Grand-Rosière, Belgium). The platform processes your order and account data to operate the shop. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Odoo S.A. For more information, please refer to the Odoo Privacy Policy at https://www.odoo.com/privacy.https://www.odoo.com/privacy

2.6 Contact

If you contact us by email or contact form, we process your name, email address, subject and message content to handle your enquiry. Legal basis: Art. 6(1)(b) or (f) GDPR. Data is deleted once your enquiry has been fully processed, unless statutory retention obligations apply.

2.7 Google Analytics

We use Google Analytics (Google LLC, USA) with IP anonymisation enabled. Data is only collected after obtaining your consent. A data processing agreement has been concluded with Google LLC. For more information: https://policies.google.com/privacy.https://policies.google.com/privacy

2.8  snafu – Hosting & IT Services

Our Odoo platform and online shop are hosted and operated by snafu Gesellschaft für interaktive Netzwerke mbH, Knesebeckstraße 59–61, 10719 Berlin, Germany (www.snafu.de). snafu is a certified Odoo Silver Partner and is responsible for hosting the entire shop and ERP infrastructure as a data processor pursuant to Art. 28 GDPR. In the course of hosting, personal data (in particular IP addresses, order and account data) may be processed on snafu servers located exclusively in Germany. A data processing agreement has been concluded with snafu. For more information, please visit https://www.snafu.de/rechtliches/datenschutz/.

3. Transfer of Data to Third Parties

Personal data is only shared where necessary to fulfil the contract (e.g. with logistics providers for delivery) or where required by law. No data is passed on to third parties for advertising purposes.

4. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure / "right to be forgotten" (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact us by email at info@idcraft.com.

5. Data Security

The shop and all data transmissions are secured using SSL/TLS encryption. We implement technical and organisational measures to protect your data against unauthorised access and continuously adapt these to the current state of the art.

6. Automated Decision-Making

No automated decision-making or profiling with legal or similarly significant effects takes place.