Privacy Policy

Privacy Policy

1. General Information

The protection of your personal data is important to us. In this privacy policy, we inform you about which personal data we process when you visit our website and use our online shop, for what purposes this is done, and what rights you have.

Personal data is any data that can be used to identify you personally, such as name, address, email address, IP address, order data, or payment information.

2. Controller

The controller responsible for data processing on this website is:

Thomas Pilgrim
August-Engel-Str. 24
59872 Meschede
Germany
Email: info@pilgrim.im

3. Hosting and Shopify Shop System

This website is operated as an online shop via Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

When you visit our website and use the shop, data necessary for the operation, display of the website, processing of orders, and technical security is processed. This may include, in particular, IP address, device information, browser information, pages accessed, date and time of access, order data, contact data, and payment information.

Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR, insofar as it is necessary for the implementation of pre-contractual measures or for the fulfillment of the contract. Insofar as processing is necessary for the secure and stable provision of the website, it is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and reliable operation of our online shop.

Shopify may also process data on servers outside the European Union. Insofar as data is transferred to third countries, this is done on the basis of appropriate data protection safeguards, in particular standard contractual clauses.

4. Collection of Access Data and Server Log Files

When you visit our website, technical data is automatically processed. This includes, in particular:

  • IP address
  • Date and time of access
  • Accessed page or file
  • Browser used
  • Operating system used
  • Referrer URL
  • Amount of data transferred

This data is required to display the website correctly, ensure technical stability, and detect misuse or attacks. The legal basis is Art. 6 para. 1 lit. f GDPR.

5. Contact by Email

If you contact us by email, we process the data you provide, in particular your email address, your name, the content of your message, and any other voluntary information.

Processing is carried out to handle your inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR, if your inquiry is related to an order or pre-contractual measures. In all other cases, processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding to your inquiry.

The data will be deleted as soon as your inquiry has been finally processed, provided there are no legal retention obligations to the contrary.

6. Orders in the Online Shop

If you place an order in our online shop, we process the data necessary for the order. This includes, in particular:

  • Name
  • Billing and shipping address
  • Email address
  • Order data
  • Payment data
  • If applicable, telephone number, if voluntarily provided or required for delivery

Processing is carried out for contract fulfillment, delivery of goods, payment processing, invoicing, and handling possible queries. The legal basis is Art. 6 para. 1 lit. b GDPR.

In addition, we process certain data to fulfill legal obligations, in particular commercial and tax law retention obligations. The legal basis is Art. 6 para. 1 lit. c GDPR.

7. Payment Processing

Payment service providers may be used for payment processing. Depending on the payment method offered in the shop and selected by you, payment data may be transmitted to the respective payment service provider.

Processed data may include name, billing address, email address, order amount, payment method, and transaction-related information. Processing is carried out for contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR.

Please also refer to the data protection notices of the respective payment service provider.

8. Shipping and Delivery

To deliver your order, we pass on the necessary data to the commissioned shipping service provider. This includes, in particular, name, delivery address and, if applicable, email address or telephone number, if these are necessary for delivery or shipment notification.

Processing is carried out for contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR.

9. Customer Account

If a customer account is offered in the shop and you create such an account, we process the data required for this, such as name, email address, addresses and order history.

Processing is carried out for the provision of the customer account and for the easier processing of future orders on the basis of Art. 6 para. 1 lit. b GDPR.

You can request the deletion of your customer account at any time, provided there are no legal retention obligations to the contrary.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your end device.

Some cookies are technically necessary for the website and online shop to function. This includes, for example, shopping cart functions, login functions, security functions, and language settings. The processing of technically necessary cookies is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the functional and secure provision of our website.

Insofar as cookies or similar technologies are used for analysis, marketing or external media, this is only done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

If a cookie banner or consent tool is used, you can change or revoke your selection there.

11. Analytics and Marketing Services

If analytics or marketing services are used on this website, for example for reach measurement, conversion measurement or to display personalized advertising, this is generally only done on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Depending on the service, information about your usage behavior, visited pages, technical device information and interactions with our website may be processed.

Please check this section and specifically add the services used here, for example Google Analytics, Google Ads, Meta Pixel, TikTok Pixel, Pinterest Tag or similar services, if these are actively used.

12. Newsletter

If you subscribe to a newsletter, we process your email address and any other voluntary information to send you the newsletter.

The subscription only takes place with your consent. The legal basis is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time, for example via the unsubscribe link in the newsletter or by email to info@pilgrim.im.

If no newsletter is currently offered, this section can be removed.

13. Embedded Content and External Services

Our website may integrate content or services from third-party providers, such as videos, maps, fonts, payment services, review functions, or social media content.

When such content is accessed, personal data, in particular IP address and technical device information, may be transmitted to the respective providers. Insofar as consent is required for this, the integration is only carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Please check this section and specifically add the services used, for example YouTube, Google Maps, Instagram, Facebook, TikTok, Trustpilot, Judge.me, Klaviyo or other apps, if these are used.

14. Storage Duration

We only store personal data for as long as it is necessary for the respective purposes or as legal retention obligations exist.

Order and invoice data are regularly stored for the legally prescribed periods due to commercial and tax law requirements. Data from inquiries will be deleted as soon as the inquiry has been finally processed, provided there are no legal obligations or legitimate interests preventing deletion.

15. Recipients of Personal Data

Personal data may, if necessary, be passed on to service providers and contractual partners. These include, in particular:

  • Shop and hosting service providers
  • Payment service providers
  • Shipping service providers
  • IT and maintenance service providers
  • Tax advisors or accounting service providers
  • Authorities, if there is a legal obligation

A transfer only takes place if there is a legal basis for it or you have consented.

16. Transfer to Third Countries

When using certain service providers, particularly in connection with Shopify, payment services, analysis or marketing services, personal data may be transferred to countries outside the European Union or the European Economic Area.

Insofar as such a transfer takes place, it is only carried out on the basis of appropriate safeguards, for example an adequacy decision by the European Commission or EU standard contractual clauses.

17. Your Rights

You have the following rights under applicable data protection laws:

  • Right to information about the personal data stored by us
  • Right to rectification of inaccurate data
  • Right to erasure of your data
  • Right to restriction of processing
  • Right to data portability
  • Right to object to certain processing
  • Right to revoke given consents with effect for the future
  • Right to lodge a complaint with a data protection supervisory authority

To exercise your rights, you can contact us at any time by email at info@pilgrim.im.

18. Right to Object

If we process personal data on the basis of Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing or the processing serves the establishment, exercise or defense of legal claims.

19. Security

We take technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration or disclosure. Data transmission on our website is generally encrypted.

20. Timeliness of this Privacy Policy

This privacy policy may be adjusted if legal requirements change or new functions, services or apps are used on the website.

As of: May 2026