Privacy Policy

1. Controller
The controller responsible for data processing within the meaning of the GDPR is:

Worst Shirts
Böckmannstraße 9
20099 Hamburg
Germany
Email: info@worst-shirts.com

2. General Information
We take the protection of your personal data very seriously. We only collect and process personal data where necessary to operate this online store, fulfill orders, and comply with legal obligations.

Your data will not be sold or shared with third parties except as described in this Privacy Policy.

3. Data Collected in Our Online Store
When you place an order via our shop, WooCommerce collects the following information:

  • Name

  • Billing and shipping address

  • Email address

  • Payment information (depending on the payment method)

  • Products ordered

  • Order date and time

This data is necessary to process your order and fulfill our contractual obligations.

4. Hosting / Server Location
This website is hosted on a server located in Germany. All data stored through the website (order data, customer accounts, contact requests) remain on servers within the European Union.

5. Order Fulfillment via Spreadshirt / Spreadconnect
Production and shipping of products are carried out by Spreadshirt/Spreadconnect. For this purpose, the data necessary to fulfill your order (name, shipping address, ordered products) will be transmitted to Spreadshirt/Spreadconnect.

Spreadshirt/Spreadconnect acts as an independent controller with regard to this data processing. For more information, please refer to the Spreadshirt Privacy Policy: https://www.spreadshirt.net/privacy-policy-C3928

6. Payments via PayPal
Payments in this shop are processed via PayPal. When you choose PayPal, payment data will be transmitted to PayPal for payment processing.

PayPal is an independent controller for this data. For details on PayPal’s privacy practices, see: https://www.paypal.com/webapps/mpp/ua/privacy-full

7. Legal Basis
Data processing is carried out on the following legal bases:

  • Art. 6 (1) b GDPR – to fulfill our contractual obligations (order processing, shipping, payment).

  • Art. 6 (1) c GDPR – to comply with legal obligations (e.g., tax law).

  • Art. 6 (1) f GDPR – where we have a legitimate interest (secure operation of the website, defense of legal claims).

8. Data Retention
We store personal data only for as long as necessary to fulfill contractual and legal obligations. After statutory retention periods (usually 6–10 years under German commercial and tax law) expire, data will be deleted.

9. Your Rights (GDPR)
As a data subject, you have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, contact us at info@worst-shirts.com.

10. Contact
If you have questions regarding this Privacy Policy or your personal data, please contact:

Email: info@worst-shirts.com