Privacy policy

Privacy Policy

Last updated: June 21, 2026

  1. General Information

Dr & Dr Middle Eastern Culture and Foodlab GbR operates this online shop and website, including all related information, content, features, tools, products, and services (collectively, the “Services”).

The Services are provided via the e-commerce platform Shopify. This Privacy Policy explains how we collect, use, and disclose personal data when you visit our website, use our Services, make a purchase, exercise your right of cancellation, or otherwise communicate with us.

In the event of any conflict between this Privacy Policy and our Terms and Conditions, this Privacy Policy shall prevail with regard to the processing of personal data.

We process personal data as described in this Privacy Policy. Where consent is legally required, we will request it separately.

  1. Data Controller

Dr & Dr Middle Eastern Culture and Foodlab GbR
Reichenbergerstr. 116
10999 Berlin
Germany

Email: info@dranddr.de
Phone: +49 176 40271110

For the purposes of the General Data Protection Regulation (GDPR), we are the data controller responsible for the processing of your personal data.

Data Protection Officer:
We have not appointed a data protection officer, as there is no legal requirement to do so.

  1. Personal Data We Process

Personal data means any information relating to an identified or identifiable natural person. Anonymous data does not constitute personal data.

Depending on how you use our Services, we process the following categories of personal data:

a) Contact Data
Name, billing and shipping address, phone number, email address.

b) Payment and Financial Data
Payment method, transaction details, payment confirmations. Payment data is processed by certified payment service providers; we do not store full credit card details.

c) Account Information
Username, encrypted password, settings, and configurations.

d) Transaction Data
Purchased products, shopping cart contents, past purchases, returns, cancellations, withdrawal declarations, order numbers and contract identification data.

e) Communication Data
Information provided when contacting customer support, exercising cancellation rights, using the electronic withdrawal function, or otherwise communicating with us.

f) Device and Usage Data
IP address, browser type, device information, operating system, access times, and interactions with our Services.

g) Electronic Withdrawal Data
Where you use the electronic withdrawal function in our online shop, we process the information you provide or confirm through that function, in particular your name, information identifying the contract or order, your electronic contact details, the content of your withdrawal declaration, and the date and time of receipt.

  1. Sources of Personal Data

We collect personal data from the following sources:

directly from you, for example when placing orders, creating an account, contacting us, or using the electronic withdrawal function,

automatically, for example via cookies and similar technologies when you visit our website,

from service providers acting on our behalf, for example payment processing, hosting, shop functionality, or technical service providers,

from partners, if you use their services in connection with our shop.

  1. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures,

Art. 6(1)(a) GDPR – your consent, where required,

Art. 6(1)(c) GDPR – compliance with legal obligations,

Art. 6(1)(f) GDPR – legitimate interests, for example security, fraud prevention, documentation, and legal defense, provided your interests or fundamental rights do not override these interests.

  1. Purposes of Processing

We process personal data for the following purposes:

providing, operating, and improving our Services,

processing orders, payments, shipping, returns, cancellations and withdrawals,

managing customer accounts,

communicating with customers and handling support requests,

providing and operating the electronic withdrawal function,

sending confirmations of receipt for electronically submitted withdrawal declarations,

marketing and advertising, only where legally permitted or with consent,

security, abuse prevention, and fraud detection,

compliance with legal obligations and enforcement or defense of our rights.

You may object to the processing of your personal data for direct marketing purposes at any time.

6.1 Electronic Withdrawal Function

If you have a statutory right of cancellation and use the electronic withdrawal function provided in our online shop, we process the personal data required to receive, document and process your withdrawal declaration.

This includes in particular your name, contract or order identification data, electronic contact details, the content of your withdrawal declaration, and the date and time of receipt.

The purpose of this processing is to enable you to exercise your statutory right of cancellation electronically, to send you the legally required confirmation of receipt on a durable medium, usually by e-mail, and to process the withdrawal.

The legal basis for this processing is Art. 6(1)(c) GDPR, insofar as the processing is necessary to comply with legal obligations, and Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance or reversal of the contract. Where necessary, we also process this data on the basis of Art. 6(1)(f) GDPR for documentation and legal defense purposes.

  1. Disclosure of Personal Data

We disclose personal data only where necessary and legally permitted, in particular to:

Shopify as our hosting and e-commerce platform,

payment, shipping, and fulfillment service providers,

IT and technical service providers,

providers involved in the operation of shop functions, including the electronic withdrawal function,

analytics service providers, where legally permitted,

marketing and advertising partners, where you have given consent,

public authorities, where we are legally obliged to do so.

Service providers process personal data either on our behalf under data processing agreements or, where legally applicable, as independent controllers.

  1. Shopify Relationship & International Data Transfers

Our Services are provided by Shopify Inc.

Shopify Inc. is headquartered in Canada. Canada is subject to an adequacy decision by the European Commission pursuant to Art. 45 GDPR, ensuring an adequate level of data protection for covered processing activities.

Where personal data is transferred to other third countries, for example the United States, in the course of using Shopify or related service providers, such transfers are based on appropriate safeguards, in particular the European Commission’s Standard Contractual Clauses pursuant to Art. 46 GDPR, or equivalent safeguards where legally required.

Further information on Shopify’s data processing can be found at:
https://privacy.shopify.com

  1. Cookies and Similar Technologies

Our website uses cookies and similar technologies. These are used based on your choices made via our cookie consent tool. You may adjust or withdraw your consent at any time.

Details about the cookies used, their storage duration, and providers are available in the cookie consent tool.

  1. Data of Children

Our Services are not intended for children under the age of 16. We do not knowingly process personal data of minors. If such data is identified, it will be deleted immediately, unless a legal retention obligation applies.

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the respective purposes or to comply with statutory retention obligations.

Commercial and tax-related data is stored in accordance with applicable legal retention periods.

Data relating to orders, returns, cancellations and withdrawal declarations may be retained for documentation, accounting, tax, warranty and legal defense purposes for the legally required or permitted retention periods.

  1. Your Rights

Depending on your place of residence, you may have the following rights:

right of access,

right to rectification,

right to erasure,

right to restriction of processing,

right to data portability,

right to object to certain processing activities,

right to withdraw consent at any time.

To exercise your rights, please contact us using the details above.

  1. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection authority. The competent authority for us is in particular:

Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI)
Alt-Moabit 59–61
10555 Berlin
Germany
https://www.datenschutz-berlin.de

or the supervisory authority of your habitual residence.

  1. Security

We implement appropriate technical and organizational security measures. However, no data transmission over the internet can be guaranteed to be completely secure.

  1. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in our practices or legal requirements. The current version will always be published on our website.