Privacy Policy

Privacy Policy

This Privacy Policy explains how HEART//SYSTEM Records (“we”, “us”) processes personal data when you visit or shop on our website. We operate from Germany and comply with the EU GDPR.

Controller: Rick Fuchs & Laura Braß, Auf den Grünerlen 8B, 35713 Eschenburg, Germany • info@heart-system-records.com

1) What data we process

• Device & usage data (e.g., IP address, browser, pages visited, timestamps).
• Order data (name, billing/shipping address, email, purchased items, payment status).
• Contact data (messages you send via forms/email).
• Newsletter data (email address, consent, and email interaction metrics).

2) Why we process it (legal bases)

• Contract (GDPR Art. 6(1)(b)) — to process orders and provide digital downloads.
• Legal obligations (Art. 6(1)(c)) — accounting, tax retention duties.
• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, basic performance analytics.
• Consent (Art. 6(1)(a)) — newsletter marketing and non-essential cookies/technologies where applicable.

3) Shopify hosting & store platform

Our store is hosted on Shopify. Shopify processes personal data as a processor to provide the e-commerce platform (hosting, checkout, order management, fraud prevention, and store analytics).

Depending on your location, data may be processed in countries outside the EU/EEA. Where required, transfers are protected via appropriate safeguards (e.g., standard contractual clauses) used by Shopify and its sub-processors.

4) Payments

We offer the following payment methods (availability may depend on your country):

• Shopify Payments (incl. cards) • Apple Pay • Google Pay
• PayPal
• Klarna
• Sofort

Payment providers process your payment data under their own responsibility (controller) or as processors, depending on the service. We receive only the information necessary to confirm payment and fulfill your order.

5) Digital downloads

If you buy digital products, we process your order data to provide access to the download(s) and to prevent abuse. Download access can be delivered immediately after purchase.

6) Contact form & support

When you contact us, we process the information you provide (e.g., name, email, message content) to respond and document communication.

7) Newsletter (Shopify Email)

If you subscribe to our newsletter, we use Shopify Email to send updates about releases, drops and news. Subscription requires your consent. You can unsubscribe anytime via the link in each email.

8) Cookies & consent (Shopify Customer Privacy)

We use cookies and similar technologies. Some are necessary for the website to function (e.g., cart, checkout, security), while others help us understand usage or support marketing. Where required, we use Shopify Customer Privacy / Shopify Consent to obtain and manage your choices.

You can change or withdraw your consent at any time via the cookie/consent settings shown on our site (where available).

9) Embedded content (Spotify)

Our website may include Spotify embeds. When you interact with an embed, data may be transmitted to Spotify. Spotify processes data under its own privacy policy. If you prefer, avoid interacting with embedded players.

10) Data retention

We keep personal data only as long as necessary for the purposes described above, including legal retention obligations (e.g., for invoices and accounting).

11) Your rights

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing. Where processing is based on consent, you can withdraw it anytime with effect for the future.

You also have the right to lodge a complaint with a supervisory authority (data protection authority) in the EU/EEA.

12) Security

We take reasonable technical and organizational measures to protect personal data. No method of transmission is 100% secure, but we work to keep the risk low.

13) Changes

We may update this Privacy Policy from time to time. The most recent version will be published on this page.