Privacy Policy
Privacy Policy
1. Data Controller
TrainShorts
Christian Heinisch
Hugo-Beyerle-Str. 19
71263 Weil der Stadt
Germany
Email: support@trainshorts.com
2. Overview of Data Processing
We take the protection of your personal data seriously. This Privacy
Policy explains what data we collect, how we use it, and what rights you
have regarding your data, in accordance with the General Data Protection
Regulation (GDPR).
3. Data We Collect
When you visit our website or place an order, we may collect the
following data:
- Contact information: name, email address, shipping address, phone
number
- Order information: products purchased, order value, payment method
- Payment data: processed by our payment providers (see Section 6) —
we do not store full credit card details ourselves
- Technical data: IP address, browser type, device information, pages
visited, referring website
- Cookies and tracking data (see Section 5)
4. Purpose and Legal Basis of Processing
We process your data for the following purposes:
- To process and fulfill your orders (Art. 6(1)(b) GDPR — performance
of a contract)
- To communicate with you regarding your order or inquiries (Art. 6(1)(b)
GDPR)
- To comply with legal obligations, e.g. tax record-keeping (Art. 6(1)(c)
GDPR)
- To run marketing and advertising campaigns, including on TikTok
(Art. 6(1)(a) GDPR — consent, where required)
- To analyze and improve our website performance (Art. 6(1)(f) GDPR —
legitimate interest)
5. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies, including:
- Essential cookies required for the website and checkout to function
- Analytics cookies to understand website usage
- Marketing cookies, including the TikTok Pixel, to measure and optimize
advertising campaigns
The TikTok Pixel collects data about your interactions with our website
(e.g. pages visited, products viewed, purchases made) and shares this
with TikTok to help us measure ad performance and show you relevant ads.
For more information, see TikTok's own privacy policy:
https://www.tiktok.com/legal/privacy-policy
Where required by law, we obtain your consent before activating
non-essential cookies via a cookie consent banner. You can withdraw your
consent at any time through your cookie settings or browser settings.
6. Third-Party Service Providers
We work with the following categories of third-party providers, who may
process your data on our behalf or as independent controllers:
- E-commerce platform: Shopify Inc. — hosts our online store and
processes order data
- Payment providers: e.g. PayPal, Stripe, Apple Pay, Google Pay —
process payment transactions
- Fulfillment and dropshipping partners: AutoDS and affiliated suppliers
(including AliExpress-based suppliers) — receive your name, shipping
address, and order details in order to fulfill and ship your order
directly to you
- Advertising platforms: TikTok — receives data via the TikTok Pixel for
advertising and analytics purposes
- Email service providers: used to send order confirmations and, where
applicable, marketing emails (with your consent)
Some of these providers may be located outside the European Economic Area
(EEA), including in the United States or China. Where this is the case,
we ensure appropriate safeguards are in place, such as Standard
Contractual Clauses (SCCs) approved by the European Commission.
7. Data Retention
We retain your personal data only as long as necessary to fulfill the
purposes outlined in this Privacy Policy, or as required by applicable
law (e.g. tax and commercial retention obligations of up to 10 years for
invoice data under German law).
8. Your Rights
Under the GDPR, you have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Request restriction of processing
- Object to processing based on legitimate interest or for direct
marketing purposes
- Request data portability
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with a supervisory authority
To exercise any of these rights, please contact us at
support@trainshorts.com.
The competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Germany
9. Data Security
We implement appropriate technical and organizational measures to protect
your data against unauthorized access, loss, or misuse. Data transmitted
through our website is encrypted using SSL/TLS technology.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in
our practices or legal requirements. The current version is always
available on this page.
Last updated: 04.07.2026