Privacy Policy

Privacy Policy

1. Data Controller

TrainShorts
Christian Heinisch
Hugo-Beyerle-Str. 19
71263 Weil der Stadt
Germany
Email: support@trainshorts.com

2. Overview of Data Processing

We take the protection of your personal data seriously. This Privacy 
Policy explains what data we collect, how we use it, and what rights you 
have regarding your data, in accordance with the General Data Protection 
Regulation (GDPR).

3. Data We Collect

When you visit our website or place an order, we may collect the 
following data:

- Contact information: name, email address, shipping address, phone 
  number
- Order information: products purchased, order value, payment method
- Payment data: processed by our payment providers (see Section 6) — 
  we do not store full credit card details ourselves
- Technical data: IP address, browser type, device information, pages 
  visited, referring website
- Cookies and tracking data (see Section 5)

4. Purpose and Legal Basis of Processing

We process your data for the following purposes:

- To process and fulfill your orders (Art. 6(1)(b) GDPR — performance 
  of a contract)
- To communicate with you regarding your order or inquiries (Art. 6(1)(b) 
  GDPR)
- To comply with legal obligations, e.g. tax record-keeping (Art. 6(1)(c) 
  GDPR)
- To run marketing and advertising campaigns, including on TikTok 
  (Art. 6(1)(a) GDPR — consent, where required)
- To analyze and improve our website performance (Art. 6(1)(f) GDPR — 
  legitimate interest)

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies, including:

- Essential cookies required for the website and checkout to function
- Analytics cookies to understand website usage
- Marketing cookies, including the TikTok Pixel, to measure and optimize 
  advertising campaigns

The TikTok Pixel collects data about your interactions with our website 
(e.g. pages visited, products viewed, purchases made) and shares this 
with TikTok to help us measure ad performance and show you relevant ads. 
For more information, see TikTok's own privacy policy: 
https://www.tiktok.com/legal/privacy-policy

Where required by law, we obtain your consent before activating 
non-essential cookies via a cookie consent banner. You can withdraw your 
consent at any time through your cookie settings or browser settings.

6. Third-Party Service Providers

We work with the following categories of third-party providers, who may 
process your data on our behalf or as independent controllers:

- E-commerce platform: Shopify Inc. — hosts our online store and 
  processes order data
- Payment providers: e.g. PayPal, Stripe, Apple Pay, Google Pay — 
  process payment transactions
- Fulfillment and dropshipping partners: AutoDS and affiliated suppliers 
  (including AliExpress-based suppliers) — receive your name, shipping 
  address, and order details in order to fulfill and ship your order 
  directly to you
- Advertising platforms: TikTok — receives data via the TikTok Pixel for 
  advertising and analytics purposes
- Email service providers: used to send order confirmations and, where 
  applicable, marketing emails (with your consent)

Some of these providers may be located outside the European Economic Area 
(EEA), including in the United States or China. Where this is the case, 
we ensure appropriate safeguards are in place, such as Standard 
Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the 
purposes outlined in this Privacy Policy, or as required by applicable 
law (e.g. tax and commercial retention obligations of up to 10 years for 
invoice data under German law).

8. Your Rights

Under the GDPR, you have the right to:

- Request access to the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Request restriction of processing
- Object to processing based on legitimate interest or for direct 
  marketing purposes
- Request data portability
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at 
support@trainshorts.com.

The competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit 
Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Germany

9. Data Security

We implement appropriate technical and organizational measures to protect 
your data against unauthorized access, loss, or misuse. Data transmitted 
through our website is encrypted using SSL/TLS technology.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in 
our practices or legal requirements. The current version is always 
available on this page.

Last updated: 04.07.2026