Privacy policy

Last updated: August 15, 2025

This Privacy Policy describes how Finnass Trading UG (haftungsbeschränkt), operating as Red Hot Foods (“we,” “us,” “our,” or the “Site”), collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from redhotfoods.de (the “Site”) or otherwise communicate with us (collectively, the “Services”).

For purposes of this Privacy Policy, “you” and “your” means any user of the Services, whether as a customer, website visitor, or other individual whose information we collect.

By using or accessing the Services, you agree to the collection, use, and disclosure of your information as described here. If you do not agree, please do not use or access the Services.

 

1. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. The updated version will be posted on the Site with a new “Last updated” date.

 

2. Legal Bases for Processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

  • Art. 6(1)(b) GDPR – Performance of a contract (e.g., processing and shipping your order, providing customer service)

  • Art. 6(1)(c) GDPR – Compliance with legal obligations (e.g., record-keeping under German tax and commercial law)

  • Art. 6(1)(f) GDPR – Legitimate interests (e.g., fraud prevention, analytics, marketing to existing customers)

  • Art. 6(1)(a) GDPR – Consent (e.g., sending marketing emails, using non-essential cookies)

Where processing is based on your consent, you can withdraw it at any time.

 

3. What Personal Information We Collect

Information You Provide Directly

  • Contact details (name, billing and shipping address, phone number, email)

  • Order details (items purchased, payment confirmation)

  • Account credentials (username, password)

  • Shopping activity (cart contents, wishlist)

  • Customer service communications

Information Collected Automatically

  • Device and browser information

  • IP address and network details

  • Usage data collected via cookies, pixels, and similar technologies

Information from Third Parties

  • Shopify (platform provider)

  • Payment processors and shipping carriers

  • Advertising and analytics partners

 

4. How We Use Your Information

We use your personal information to:

  • Provide and manage the Services (process payments, fulfill orders, ship products, manage accounts, provide customer service) – Art. 6(1)(b)

  • Send transactional communications (order confirmations, shipping updates) – Art. 6(1)(b)

  • Improve and personalize the Services and marketing – Art. 6(1)(f)

  • Detect, prevent, and address fraud or illegal activity – Art. 6(1)(f)

  • Comply with legal obligations – Art. 6(1)(c)

  • Send marketing communications where you have consented – Art. 6(1)(a)

 

5. Shopify as a Service Provider

We use Shopify to power our online store. Shopify acts as our Data Processor under the Shopify Data Processing Addendum (DPA), including Appendix C for GDPR compliance in the EEA/UK.

Shopify processes your data on our behalf for purposes such as hosting the store, processing payments (via Shop Pay), order management, and fraud prevention.

For more information, see Shopify’s Consumer Privacy Policy.

PCI DSS Compliance: Shopify is certified Level 1 PCI DSS compliant, which helps protect payment information during transactions.

If you use features like Shopify Network Intelligence or other Enhanced Services, Shopify may act as an independent Data Controller for certain data uses, as described in its own privacy policy.

 

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Site, remember preferences, run analytics, and deliver personalized advertising.

Under the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG), we require your consent for non-essential cookies. These will only be set after you give your approval via our cookie consent tool. You can change your preferences at any time.

If you use the “accept all” setting in our cookie banner, third-party tools such as Shopify Pixel Manager or analytics integrations may also collect and process your data.

For details on Shopify’s cookies, see: Shopify Cookie Policy.

 

7. Data Retention

We retain personal data only as long as necessary:

  • Order and account data: up to 10 years (to comply with German tax/commercial law)

  • Customer service and marketing data: up to 3 years (unless you withdraw consent sooner)

  • Usage data: up to 2 years

After these periods, data will be securely deleted or anonymized unless further retention is legally required.

 

8. Disclosure of Personal Information

We share data only as necessary to provide our Services:

  • Service providers and vendors – Shopify, hosting providers, shipping carriers, marketing/analytics services

  • Payment processors – see section 9 below

  • Legal authorities – if required by law or to protect our rights

We do not sell personal data.

 

9. Payment Providers

We use Shopify Payments to process payments on our store. Shopify Payments is a service provided by Shopify and operated by Stripe. When you make a purchase, 
your payment information is processed by Stripe as an independent data controller.

Privacy Policies:
Shopify: https://www.shopify.com/legal/privacy/customers
Stripe: https://stripe.com/en-de/privacy

If you choose Klarna at checkout, Klarna processes your payment information as an independent data controller. Klarna Privacy Policy:  https://www.klarna.com/de/datenschutz/

When you choose a payment method, the relevant provider processes your data as an independent controller.

 

10. International Data Transfers

We use Shopify, based in Canada, and may process data in the United States or other countries.

  • Canada has an EU adequacy decision under GDPR.

  • Transfers to other countries are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

 

11. Third-Party Tools & Plugins (Now and Future)

We may use analytics tools, social media pixels, embedded content, and advertising platforms. These services may set their own cookies and collect personal data.

Where such tools are used, they are disclosed in our cookie consent tool and require your consent before activation.

 

12. Your Rights Under GDPR

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion or restriction of processing

  • Object to processing (including marketing)

  • Data portability

  • Withdraw consent at any time

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement. In Germany, the competent authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 27, 91522 Ansbach, Germany

Website: https://www.lda.bayern.de

 

13. Children’s Privacy

Our Services are not directed to children under 16, and we do not knowingly collect their personal information.

 

14. Security

We use appropriate technical and organizational measures to protect personal data, but no transmission method is 100% secure.

 

15. Online Dispute Resolution (ODR)

The European Commission provides a platform for online dispute resolution (ODR) at:

https://ec.europa.eu/consumers/odr

We are neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

 

16. Contact Information

Finnass Trading UG (haftungsbeschränkt), operating as Red Hot Foods

Kanalstrasse 7, 92348 Berg b. Neumarkt id Opf, Germany

Phone: +49 151 51028105

Email: info@redhotfoods.de