Legal Disclosure & Privacy Policy

Legal Disclosure

RESPONSIBLE PERSON IN THE ACCORDANCE WITH § 5 TMG & § 18 ABS. 2 MSTV

Philip Hoheisel
Karl-Marx-Str. 7
68199 Mannheim
Germany

Phone: +49 (0)176 52526407
Email: mail@phoheisel.de
Web: phoheisel.de

VAT ID No.: DE315499274

EU Dispute Resolution
The European Commission provides a platform for online dispute resolution (ODR): https://ec.europa.eu/consumers/odr/.
Our email address can be found in the legal disclosure above.

Consumer Dispute Resolution / Universal Dispute Resolution Body
We are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Disclaimer
We are not responsible for third-party content and services.

Our Terms & Conditions apply.

Privacy Policy

1. Privacy at a Glance

General Notes
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data Controller
Data processing on this website is carried out by the website operator:
Philip Hoheisel, Karl-Marx-Str. 7, 68199 Mannheim, Germany, Email: mail@phoheisel.de

2. Data Collection on our Website

SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as site operator. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and the lock icon in your browser bar.

Local Storage (IndexedDB & Local Storage)
We store drafts of your postcards and the contents of your shopping cart locally on your device. This is done using "IndexedDB" (database name: purecards_drafts) and your browser's local storage. This data remains on your device and is not automatically transmitted to our servers until you initiate an order. When an order is placed, only the data necessary for contract execution (e.g., selected designs, text, recipient address) is transmitted.

Order Form & Contract Data
When you place an order, we collect the necessary data (name, address, email address, and recipient data of the postcard). The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided your request is related to the performance of a contract or is necessary for pre-contractual measures.

If you reach our site via a referral link (affiliate link), we temporarily capture the partner's identifier in order to correctly assign the commission in the event of a successful purchase. No cookies are stored on your device for this purpose.

Cookies & Technical Necessity
Our website primarily uses technically necessary storage mechanisms to ensure functionality (shopping cart, language settings, drafts). We do not use advertising or marketing cookies.
Note: External payment providers (see below) may set cookies for fraud prevention and security. These are considered technically necessary for contract execution.

Server Log Files
The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us.

3. Hosting & Infrastructure

Hosting
We host this website with an external service provider (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA). The personal data collected on this website is processed on the host's servers. We have chosen our configuration so that the server infrastructure is primarily oriented towards locations within the European Union (e.g., Frankfurt) ("Region Selection"). Since Vercel is a US company, a transfer of data to the USA (e.g., for maintenance, support, or administrative purposes) cannot be completely ruled out. Vercel is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Additionally, there is a data processing agreement (DPA).

4. External Services & Data Processing for Contract Fulfillment

Sharing of Data
Your personal data is not shared with third parties unless this is absolutely necessary for processing your order (e.g., printing, shipping, payment).

Cloud Computing & Databases
We use cloud database services (via Google Ireland Limited) to securely process and store your orders. This is necessary for the technical provision of the service. A data processing agreement is in place.

Payment Processing
Payments are processed via an external payment service provider (Stripe Payments Europe Ltd). For fraud prevention and payment processing, the payment service provider uses cookies or similar technologies. The processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in secure payment processing) and lit. b (performance of a contract).

Print Service Provider
For the physical creation and dispatch of your postcards, we transmit the necessary print data (images, texts) and the recipient address to our printing partner.

SlickInsider & SlickPoints (Customer Account)
When you create a SlickInsider account, we store your email address, your current points balance (SlickPoints), and a history of points earned and redeemed.
This processing serves to provide the account functions, process the loyalty program, and assign your orders (Art. 6 para. 1 lit. b GDPR).
Your points history is stored on our servers and is viewable in your customer area.

Newsletter
We use the service provider Beehiiv (Beehiiv Inc., PO Box 2099, New York, NY 10163, USA) to send our newsletter.
The registration for our newsletter takes place on a landing page hosted by Beehiiv (https://slickpostcard.beehiiv.com/).
When you sign up for our newsletter, the data you enter (email address) is transmitted to Beehiiv and stored there. Beehiiv uses this data to send and evaluate the newsletters.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time by unsubscribing from the newsletter.
Further information can be found in Beehiiv's privacy policy: https://www.beehiiv.com/privacy.

AI-Powered Text Generation (Google Gemini)
We optionally offer you the possibility to generate text suggestions using Artificial Intelligence (Google Gemini API via Google Vertex AI). For this purpose, your inputs (e.g., recipient, topic, vibe) are transmitted to the servers of Google (Google Ireland Limited / Google LLC).

Important:
  • Transmission only takes place if you actively trigger the function by clicking (e.g., "Accept" in the dialog) (Art. 6 para. 1 lit. a GDPR).
  • We use the paid corporate interface. Google contractually guarantees that your data will not be used to train the AI models. Your inputs remain confidential.
  • A storage of the generated suggestions with us takes place only locally on your device (see section "Local Storage") or temporarily for order processing if you adopt the text.

More information on data protection at Google can be found in the Google Privacy Policy and the Generative AI Terms of Service.

5. Analytics Tool

We use the open-source software tool Matomo on our website to analyze the surfing behavior of our users. Unlike other analysis tools, Matomo is configured to work entirely without cookies. No data is stored on your terminal device (privacy-first).

The software is operated exclusively on our own servers at our host ALL-INKL.COM (Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany). No data is shared with third parties.

Scope of processing
We collect information about the use of our postcard editor (e.g., design tools used, image uploads) and the completion of orders. The following data is processed:

  • Two bytes of the IP address of the user's calling system (anonymized IP)
  • The accessed web page and duration of stay
  • Information about the terminal device (operating system, browser, screen resolution)
  • Interactions in the editor (events like image upload, text input, AI use)

Legal basis and purpose
Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the statistical analysis of website usage to optimize our services and technical error analysis of our editor. Since we do not use cookies and anonymize IP addresses immediately, the privacy interests of users are respected.

Objection
You can object to data collection by Matomo at any time by enabling the "Do Not Track" setting in your browser or by using the opt-out here:

6. Rights of the Data Subject

You have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of the data processing, as well as a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the legal disclosure.