Privacy Policy

We take the protection of your personal data very seriously. This Privacy Policy explains how LOVE TO DEUCE GmbH collects, uses, and protects your information when you use our website and online shop.

1. Controller

LOVE TO DEUCE GmbH
Am Schrägen Weg 12
9490 Vaduz
Liechtenstein

E-Mail: info@lovetodeuce.com

The controller responsible for data processing on this website is the above-named company. LOVE TO DEUCE GmbH is currently not required to appoint a Data Protection Officer under Art. 37 GDPR.

2. Personal Data We Collect

When you visit or use our website, we may collect the following categories of personal data:

  • Order data: name, billing and shipping address, email, phone number, ordered products, payment-related information (processed via our payment provider).
  • Account data (if you register): login details, saved addresses, order history, security-related logs (e.g. IP, login attempts) stored by our shop system (WooCommerce).
  • Communication data: messages sent to us via contact form or email, and any information you provide in that context.
  • Newsletter data: email address and, if provided, your name when you subscribe to our newsletter via MailPoet.
  • Technical data: IP address, device type, browser type and version, operating system, access times, pages viewed, referrer URL, and error logs.
  • Cookies and tracking data: see Section 7 below.

3. Purposes and Legal Bases of Processing

We process your data for the following purposes and on the following legal bases:

  • To operate our online shop, manage your customer account, and process your orders (Art. 6(1)(b) GDPR – performance of a contract).
  • To communicate with you, e.g. regarding customer service inquiries or questions about your order (Art. 6(1)(b) GDPR).
  • To comply with legal obligations (e.g. commercial and tax law retention obligations) (Art. 6(1)(c) GDPR).
  • For newsletters and marketing communication (only with your consent) (Art. 6(1)(a) GDPR).
  • To ensure website security, prevent fraud, maintain IT systems, and improve our services (Art. 6(1)(f) GDPR – legitimate interest).

4. Recipients of Data

We share personal data only where necessary and in accordance with applicable data protection law:

  • Payment provider (Stripe): When you pay by credit or debit card, your payment data is transmitted to our payment service provider Stripe in order to process the payment. Legal basis: Art. 6(1)(b) GDPR.
  • Shipping companies: To deliver your order, we transmit necessary address and contact data to shipping providers such as Swiss Post and, for shipments to the USA, FedEx.
  • Newsletter service (MailPoet): For sending newsletters, your email address (and, if applicable, your name) is processed by the MailPoet plugin integrated in our WordPress installation.
  • Hosting and IT service provider: Our website is hosted by Hostinger. In this context, server logs, technical data, and error logs may be processed.
  • Analytics provider: If you consent to analytics cookies, data about your website usage is processed by Google Analytics (GA4) with IP anonymisation.
  • Authorities: Where legally required, e.g. in the event of official requests or legal disputes.

We do not sell your personal data.

5. Transfers to Third Countries

Certain service providers (especially Google, Stripe, and some email/analytics services) may process data in countries outside the European Economic Area (EEA), such as the USA.

Where such transfers occur, we ensure an adequate level of protection through EU Standard Contractual Clauses (SCCs) or other safeguards permitted under the GDPR.

6. Data Retention

We retain your personal data only as long as necessary for the purposes stated in this Privacy Policy or as required by law:

  • Order and invoice data: 10 years (due to statutory retention obligations, in particular tax and commercial law).
  • Customer accounts: until the account is deleted by you or by us (e.g. due to inactivity or at your request).
  • Contact form and email inquiries: usually up to 12 months after final response, unless legal obligations require longer storage.
  • Newsletter data: until you unsubscribe from the newsletter.
  • Server logs and technical logs: typically 30–90 days, depending on the configuration of our hosting provider.
  • Cookies and analytics data: according to the storage periods defined for each cookie category (see cookie banner and Section 7).

7. Cookies, Analytics & Tracking Tools

Our website uses cookies and similar technologies to ensure essential shop functions, analyze website usage, and provide marketing functionalities. Cookies are small text files stored on your device. You can manage your preferences at any time via our cookie banner (CookieYes) or by adjusting your browser settings.

7.1 CookieYes (Consent Management Platform)

We use CookieYes to obtain, store, and manage your cookie consent. CookieYes sets technically necessary cookies to remember your preferences and ensure that no non-essential cookies are placed before you provide consent.

  • Data processed: IP address (anonymized), consent preferences, timestamp, device information
  • Legal basis: Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(f) GDPR (legitimate interest)
  • Retention: 6–12 months
  • Provider: CookieYes Limited, UK
  • Purpose: Ensuring GDPR-compliant cookie management

7.2 Essential Cookies (Required)

These cookies are necessary for the functioning of our online store and cannot be disabled, as the website would otherwise not operate correctly.

  • WooCommerce session cookies (e.g. shopping cart, checkout, customer login)
  • WordPress security cookies
  • Payment cookies (e.g. Stripe authentication and fraud prevention)
  • CookieYes consent cookies

Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interest)

7.3 Analytics Cookies (Google Analytics 4)

We use Google Analytics 4 (GA4) to understand how visitors use our website. Analytics cookies are only activated if you give your consent in the cookie banner. IP anonymisation is enabled by default.

  • Data processed: IP address (anonymized), device information, pages viewed, click behavior, duration of visits, referrer URL
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Provider: Google LLC, USA
  • Transfers: Based on EU Standard Contractual Clauses (SCCs)
  • Retention: 2–14 months (depending on GA4 settings)

7.4 Marketing Cookies (Pinterest Tag)

We use the Pinterest Tag to measure the success of Pinterest campaigns and to show relevant ads to users. This cookie is only activated if you consent to marketing cookies.

  • Data processed: Device data, IP address, referrer, page visits, interactions, purchase events
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Provider: Pinterest Europe Ltd.
  • Transfers: USA via SCCs
  • Retention: Up to 1 year

7.5 Newsletter Cookies (MailPoet)

When you subscribe to our newsletter, MailPoet may set essential cookies to ensure proper subscription handling and double-opt-in verification.

  • Data processed: Email address, name (optional), subscription status
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Provider: Automattic Inc.
  • Retention: Until you unsubscribe

MailPoet does not set analytics or marketing cookies unless you explicitly consent.

7.6 Payment Cookies (Stripe)

When paying via Stripe, Stripe may set cookies and similar technologies that are technically necessary for secure payment processing, authentication, and fraud prevention.

  • Data processed: Technical device identifiers, browser information, login or session tokens, anti-fraud markers, transaction identifiers
  • Legal basis: Art. 6(1)(b) GDPR (contract)
  • Provider: Stripe Payments Europe, Ltd. (EU/EEA) and Stripe, Inc. (USA)
  • Transfers: Possible transfers to the USA based on EU Standard Contractual Clauses (SCCs)

7.7 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie banner that allows you to accept or reject non-essential cookies. You can change or withdraw your consent at any time by accessing the cookie settings on our website or by deleting cookies in your browser.

8. Newsletter (MailPoet)

If you subscribe to our newsletter, we use your email address (and, if provided, your name) to send you information about our products, offers, and news relating to LOVE TO DEUCE.

  • Newsletter subscriptions follow a double opt-in procedure: after registering, you will receive an email asking you to confirm your subscription.
  • The newsletter is sent using the MailPoet plugin within our WordPress system.
  • You can unsubscribe at any time via the unsubscribe link in each newsletter or by contacting us directly.

The legal basis for processing your data for newsletter purposes is your consent in accordance with Art. 6(1)(a) GDPR.

9. Social Media

We maintain profiles on social media platforms such as Instagram and TikTok to communicate with our community and provide information about our brand.

When you visit or interact with our social media profiles, the respective platform operators also process your data for their own purposes and under their own responsibility. This may include usage statistics (e.g. “Insights” on Instagram).

For certain statistical and advertising functions, we and the platform operator may be considered joint controllers within the meaning of Art. 26 GDPR. In such cases, the platform operator provides the essential information of the joint controller agreement.

Further information on data processing can be found in the privacy policies of the respective platforms.

10. Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7(3) GDPR)

To exercise your rights, please contact us at info@lovetodeuce.com.

11. Supervisory Authority

You also have the right to lodge a complaint with the competent supervisory authority:

Datenschutzstelle Liechtenstein
Städtle 38, P.O. Box 684
9490 Vaduz
Liechtenstein
info.dss@llv.li
www.datenschutzstelle.li

12. Data Security

We use appropriate technical and organisational measures to protect your data against loss, misuse, and unauthorised access. All payment transactions and data transmissions during checkout are protected using SSL/TLS encryption.

13. Updates

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. The current version is always available on our website.

Last updated: November 2025