Dynamic Background

Merch Store Policy

Last updated: 21.08.2025

Holy Infa™ ("we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you make purchases from our merchandise store.

1. Information We Collect

  • Contact information (name, email address, phone number for delivery).
  • Shipping address (street, city, postal code, country for delivery).
  • Order details (products purchased, quantities, prices, order date).
  • Payment information (processed securely through third-party providers).
  • Communication records (customer support inquiries and responses).
  • Cookie consent preferences (see our Cookie Policy for details).

2. How We Use Your Information

We use your data to:

  • Process and fulfill your merchandise orders.
  • Send order confirmations, invoices, and shipping updates.
  • Handle returns, exchanges, and customer support requests.
  • Comply with legal obligations (tax records, consumer protection).
  • Improve our products and services based on feedback.

We do not sell or share your information with third parties for marketing purposes.

3. Legal Basis for Processing

We process your data based on:

  • Contract Performance - necessary to fulfill your order (GDPR Art. 6(1)(b)).
  • Legal Obligation - compliance with tax and consumer protection laws (GDPR Art. 6(1)(c)).
  • Legitimate Interest - fraud prevention and service improvement (GDPR Art. 6(1)(f)).
  • Consent - for marketing communications if you opt-in (GDPR Art. 6(1)(a)).

4. Data Sharing

We share your data only with:

  • Printful - our print-on-demand fulfillment partner (for order production and shipping).
  • Shipping carriers - DHL, UPS, FedEx (for delivery).
  • Payment processors - for secure payment handling.
  • Legal authorities - when required by law.

5. Your Rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion of your data (where legally permitted).
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with your local data protection authority.

6. Data Retention

We retain your data for:

  • Order records: 7-10 years (German tax law requirements).
  • Support inquiries: 3 years after resolution.
  • Marketing consent: Until you withdraw consent.

7. Security

We protect your data with SSL/TLS encryption, secure payment processing, access controls, and regular security audits.

8. Contact Us

For questions or data requests, email us at contact@holyinfa.com.