GDPR Compliant Privacy Policy

Last updated: 15th November 2025

At Threaded Together, we are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR).

1. Data We Collect

We collect the following types of data:

a) Data you provide directly

  • Name

  • Address

  • Email

  • Phone number (if provided)

  • Payment information (processed securely by third-party providers)

b) Data automatically collected

  • IP address

  • Browser information

  • Cookies

  • Analytics data (via Squarespace or third-party tools)

c) Data collected for marketing

  • Email address (when you sign up for newsletters)

  • Purchase history (to personalise future communication)

2. How We Use Your Data

We use personal data to:

  • Process and deliver orders

  • Communicate about your order

  • Respond to messages or customer service requests

  • Send marketing emails (only with your consent)

  • Improve website functionality and user experience

  • Comply with legal or tax obligations

3. Legal Basis for Processing

Under GDPR, we only process data when we have a lawful basis, including:

  • Contract – to fulfil your order

  • Consent – for email marketing

  • Legitimate interest – for analytics and site improvement

  • Legal obligation – for bookkeeping, tax compliance, etc.

4. Data Sharing

We share data only with trusted third parties necessary for running our business:

  • Squarespace (website host)

  • Payment processors (e.g., Stripe, PayPal)

  • DHL or shipping partners (to deliver your order)

  • Email marketing tools (only if you subscribe)

These providers follow GDPR and do not sell your data.

5. Cookies

Our website uses cookies for:

  • site functionality

  • analytics

  • remembering your preferences

You can control cookies through your browser settings.

6. Data Retention

Order and invoice information is kept for the legally required period (usually 6–10 years in Germany).
Marketing consent can be withdrawn at any time.

7. Your Rights (GDPR)

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion (“right to be forgotten”)

  • Withdraw consent at any time

  • Request a copy of your data

  • Object to processing

To exercise these rights, contact us at:
threadedtogether@hotmail.com

8. Data Security

We take reasonable measures to protect your data from loss, misuse, or unauthorised access. Payment information is processed securely by external providers and is never stored on our servers.

9. Contact

If you have questions about your data or this policy, contact:
Threaded Together
threadedtogether@hotmail.com

Warthestraße 11, 12051, Berlin, Germany