top of page

Privacy Policy

​

 
1    INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA


1.1    Shapesintoart ApS, CVR no. 45209083, "we", "us", "our" or “the data controller” is obligated to protect the personal data processed about you under the General Data Protection Regulation and the Data Protection Act. 


1.2    Your data security is important to us, and we therefore emphasise that your personal data is handled in a responsible manner. Below you can read how we process personal data about you when we act as data controller. You can also read about your rights in connection with our processing.

 

2    OUR ROLE AS DATA CONTROLLER


2.1    In connection with the operation of our business, we process a range of personal data. We do this in order to provide you with the best possible service. We mainly collect and process gen-eral (non-sensitive) personal data. 


2.2    If you have any questions regarding our processing of your personal data, please contact us here:


Shapesintoart ApS
CVR: 45209083
Kasernevej 8, 2., 8800 Viborg

Contact person:
Name: Bibi Ehlers 
Email: bibiehlers@shapesintoart.com
 
3    WHAT PERSONAL DATA WE COLLECT AND WHY


3.1    In general
We can process personal data about you in several different situations. Read more about our processing below.

​

3.2    Visitors to our website and users of our online services


3.2.1    When you visit our websites (i.e. bibiehlers.com and shapesintoart.com) or use our other online services (e.g. YouTube, TikTok and LinkedIn), we may process information about your IP ad-dress as well as information about your computer, device, and browser.


3.2.2    We also process personal data that you provide to us in connection with your use of the website or our online services, for example when you use our online contact form, including your name, email address, product interest, and other information you provide to us.


3.2.3    We process information about your visit (e.g., information about how you access our websites, how you navigate around them, which pages you visit, content you view, your searches, advertisements you have seen, etc.). Personal data is collected through cookies, log files and other technologies. You can read more about our use of cookies here: Cookie Policy.


3.2.4    We process your personal data to enable us to make relevant products deliveries, and services ("Services") available to you and to improve your experience of our websites, online-services, and the Services we offer. We also use the personal data to show you content on our and other websites based on your activities and preferences and to limit the number of times you see the same content.


3.2.5    Our legal basis for processing is our legitimate interests in making our website (and online-services) available to you cf.

 

Article 6(1)(f) of the General Data Protection Regulation. Our basis for processing may also be based on your consent cf. Article 6(1)(a) of the General Data Protection Regulation and Section 3 of the Danish Executive Order on Cookies.


3.2.6    We store personal data collected in connection with your visit to our website(s). After this, the personal data will be deleted. For information about storage of personal data collected in connection with cookies, please refer to our cookie policy.

​

3.3    Customers of the data controller


3.3.1    When you are our customer and make purchase through our webshop, we process personal data about your name, address, email address, phone number, your purchases, payment details and information from publicly available sources and other information that you provide to us. 


3.3.2    We process the personal data for the purpose of fulfilling the agreement with our customers, for the purpose of providing the Services, invoicing, keeping statistics and performing quality management as well as for maintaining our customer records and providing general service, marketing, and sales to our customers. 


Our legal basis for processing is the agreement with you cf. Article 6(1)(b) of the General Data Protection Regulation, Article 6(1)(c) of the General Data Protection Regulation for our obligations under accounting and VAT legislation (such as the Danish Bookkeeping Act) or our legitimate interests in managing your personal data as a customer with us cf. Article 6(1)(f) of the General Data Protection Regulation.


3.3.3    We store personal data about our customers for the duration of the customer relationship. After the end of the customer relationship, personal data is generally stored in accordance with the Danish Bookkeeping Act for a subsequent period of five years from the end of the financial year to which the accounting material relates.

​

3.4    Recipients of marketing


3.4.1    When you receive marketing communications, including newsletters, we process personal data about name and email. We also process information about your marketing or communication preferences, your use of the marketing we send to you (including, for example, whether you have opened an email from us, whether the email has been read and which links you have opened), and any other information you provide to us.


3.4.2    We process your personal data for the purpose of marketing our company and Services, and for setting up and managing your marketing subscription. We use the personal data about your 

preferences and usage to understand the way customers receive our marketing messages and to improve our marketing to you and other customers going forward.


3.4.3    We will only send you marketing material by email, text messages or other electronic means once we have obtained your consent where this is required under the Danish Marketing Practices Act. 


3.4.4    Our legal basis for sending newsletters and marketing to you is your consent pursuant to Article 6(1)(a) of the General Data Protection Regulation, which you have consented to under the Dan-ish Marketing Practices Act. 


3.4.5    If you withdraw your consent to receive our newsletters and marketing, you will not receive any further marketing from us. We may continue to contact you if we have a legal basis for this in other contexts.


3.4.6    We store personal data about you as recipients of our marketing as long as the contact is ac-tive, and you have not withdrawn your consent. If you withdraw your consent, documentation of the original consent will be stored for two years from the date of withdrawal in accordance with the guidelines and requirements of the Danish Consumer Ombudsman. Our legal basis for processing this documentation is our legal obligation under Article 6(1)(c) of the General Data Protection Regulation.    

​

3.5    Visitors on our social media


3.5.1    When you visit our social media profiles e.g. Facebook, Instagram, and LinkedIn, we may process personal data about you that you have made available on our social media, your reactions to our posts, your sharing thereof and comments to our posts.


3.5.2    We process your personal data for the purposes of making content available and on social me-dia, including responding to your inquiries, allowing you to participate in our competitions and contacting you if you win a competition. 


3.5.3    We are jointly responsible with Meta for compliance with data protection law on our Facebook page. When using Facebook, we have entered into a joint data responsibility agreement that clarifies the roles and responsibilities between the parties. The agreement can be read here. This means that Meta also processes personal data on our Facebook page for their own purposes for which we have no control or responsibility for. Read more about Meta’s processing of per-sonal data here.


3.5.4    Our basis for processing is our legitimate interests in making content available and marketing through social media in accordance with Article 6(1)(f) of the General Data Protection Regula-tion.


3.5.5    We store personal data collected on social media for up to three years after publication.

​

3.6    Participants in competitions 


3.6.1    When you participate in competitions, we process personal data about name and email. We process your personal data for the purposes of managing competitions, drawing winners, etc.


3.6.2    Our legal basis for processing is our legitimate interests in running the competition and contacting the winner cf. Article 6(1)(f) of the General Data Protection Regulation.


3.6.3    We store personal data about participants in competitions who have consented to receive newsletters as described in Section 3.4.    


3.6.4    If no consent is given to receive marketing, we will generally delete the personal data no later than thirty days after we have drawn a winner.

   

3.7    Participants in the data controllers’ events


3.7.1    When you register and participate in events organised by us, we process personal data about your name and email.  

 
3.7.2    We process this personal data for the purpose of managing the event and for security reasons, as well as to be able to send you relevant material.


3.7.3    Our legal basis for processing is our legitimate interests in holding events cf. Article 6(1)(f) of the General Data Protection Regulation or your consent cf. Article 6(1)(a) of the General Data Protection Regulation and Section 10 of the Danish Marketing Practices Act.


3.7.4     We store personal data about participants in events for 30 days.

​

3.8    Business partners and/or suppliers to the data controller


3.8.1    When you are a business partner, supplier, or a contact person of a business partner/supplier, we process personal data about you such as name phone no. and email as well as publicly available information and other information you provide to us. 


3.8.2    We process personal data for the purpose of contract management, receiving goods and services from our suppliers and business partners, and where appropriate to fulfil agreements with our customers.


3.8.3    Our legal basis for processing is the agreement with you cf. Article 6(1)(b) of the General Data Protection Regulation or our legitimate interests in managing the relationship with you/the company you represent as a business partner/supplier cf. Article 6(1)(f) of the General Data Protection Regulation.


3.8.4    We store the personal data about business partners and/or suppliers for as long as it is necessary in accordance with the contract. After the end of the collaboration, the personal data is generally stored in accordance with the Danish Bookkeeping Act for a subsequent period of five 5 years from the end of the financial year to which any accounting material relates.

​

3.9    Other general purposes of processing 


3.9.1    We may enrich the personal data described above with information from other sources. This can be publicly available information – including information that we get from commonly available sources.


3.9.2    Personal information that we have collected for the purposes described above may also be pro-cessed by us for the purposes of complying with laws and regulations which we are subject to in the course of operating our business or in order to comply with various reporting or disclosure obligations under applicable laws and regulations cf. Article 6(1)(c) of the General Data Protec-tion Regulation.


3.9.3    If we sell all or part of our business or sell or transfer our assets or is otherwise involved in a merger or transfer of all or a substantial part of our business, we may transfer your personal data to the party or parties involved in the transfer as part of the transaction where we  are permitted to by law cf. Article 6(1)(c) of the General Data Protection Regulation.


3.9.4    Finally, we may process your personal data to enforce or defend our or third parties' legal rights or legitimate interests, where necessary, objectively, and proportionally cf. Article 6(1)(c) of the General Data Protection Regulation.    

​

4    DISCLOSURE OF PERSONAL DATA


4.1    We may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business as well as to our group affiliates.


4.2    We may also disclose your personal data to a public authority and external advisors such as auditors and lawyers in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject. 


4.3    It may for example be necessary to disclose personal data to the following recipients:


•    Delivery services such as PostNord, GLS etc. 
•    MobilePay 
•    Nets
•    Printful.de
•    Amazon.de


4.4    We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.


4.5    We may also disclose your personal data to our data processors. Our data processors only process your personal data for our purposes and under our instructions.

​

5    TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE OF EU/EEA


5.1    General


5.1.1    In connection with our processing of your personal data, we may transfer your personal data to countries outside the EU/EEA (third countries).


5.1.2    Your personal data may be transferred to countries where the European Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).

​

5.2    Transfer of personal data to unsecure third countries


5.2.1    We may also transfer your personal data to unsecure third countries. The transfer of your personal data to unsecure third countries will be based on the Standard Contractual Clauses (SCC) developed by the European Commission specifically designed to ensure an adequate level of protection or for companies established in the United States as a result of the US company's adherence to the EU-U.S. Data Privacy Framework (DPF).


5.2.2    We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.


5.2.3    Our transfer of personal data may be made to the following categories of recipients:


•    Printful, located in Germany, print, package and ship products.
•    Amazon, located in Germany, print, package and ship products.


5.2.4    You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website. You can also find an overview of US companies registered with the DPF here: https://www.dataprivacyframework.gov/s/participant-search.


5.2.5    If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.

​

6    STORAGE, DATA INTEGRITY AND SECURITY


6.1    When your personal data is no longer needed, we will ensure that it is deleted in a secure man-ner. 


6.2    It is our policy to protect personal data by taking adequate technical and organisational security measures.


6.3    We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures. 

​

7    YOUR RIGHTS


7.1    As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.


7.2    You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.


7.3    You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.


7.4    Your rights also include the following:

​

  • Right of access: You have the right to access the personal data we process about you.

  • Right to rectification: You have the right to obtain rectification of any inaccurate and in-complete personal data about you.    

  • Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.    

  • Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.    

  • Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.

  • Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.    

  • Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk where you can also find further information on your rights as a data subject.

​

8    UPDATES TO OUR PRIVACY POLICY


8.1    From time to time, it will be necessary to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing of personal data. We will publish new versions of the policy on our website.


8.2    This policy has version no. 2 and is valid from 27 March 2025.

bottom of page