Privacy Policy

1. Collection of Personal Data & Contact Information

We appreciate your visit to our website and your interest in LittleSpaceman. Below, we explain how we handle your personal data when you use our site. “Personal data” refers to any information that can identify you as an individual.

The data controller responsible for processing personal data on this website is:
Benjamin Riley
450 Illinois #4-207, Del Rio, Texas, 78840
We use SSL/TLS encryption to protect your personal data and other confidential information (e.g., orders or inquiries). You can recognize a secure connection by the “https://” prefix and the lock icon in your browser’s address bar.

2. Data Collection When Visiting Our Website

If you visit our website for informational purposes only (i.e., without registering or submitting information), we collect only the data your browser sends to our server (known as “server log files”). This includes:

• Pages visited
• Date and time of access
• Amount of data transferred
• Referring URL
• Browser type
• Operating system
• IP address (possibly anonymized)

This data is processed under Article 6(1)(f) of the GDPR based on our legitimate interest in maintaining website stability and functionality. We do not share or use this data for other purposes. However, we reserve the right to review server logs if there are indications of unlawful use.

3. Hosting

Our online store is hosted by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”). All data collected through our website is processed on Shopify’s servers.

Shopify may also transfer data to affiliated entities for processing, including:

• Shopify Inc., Ottawa, Canada
• Shopify Data Processing (USA) Inc.
• Shopify Payments (USA) Inc.
• Shopify (USA) Inc.

Transfers to Canada are covered by an adequacy decision from the European Commission. Transfers to the U.S. are protected under the EU-U.S. Privacy Shield framework.

For more information, please visit Shopify’s Privacy Policy:
https://www.shopify.com/legal/privacy

No other data processing occurs outside of Shopify’s infrastructure unless explicitly stated.

4. Cookies

To enhance your experience and enable certain features, we use cookies—small text files stored on your device. Some cookies are deleted after your session ends (session cookies), while others remain and help recognize your browser on future visits (persistent cookies).

Cookies may collect data such as browser type, location, and IP address. Persistent cookies are automatically deleted after a set period, which varies by cookie. You can view cookie durations in your browser’s settings.

Cookies may also simplify your shopping experience—for example, by saving your cart for later. If cookies process personal data, this is done under:

• Article 6(1)(b) GDPR (contract fulfillment)
• Article 6(1)(a) GDPR (consent)
• Article 6(1)(f) GDPR (legitimate interest in functionality and user experience)

You can configure your browser to notify you about cookies, accept them selectively, or block them entirely. Instructions for managing cookies in popular browsers:

• Internet Explorer
• Firefox
• Chrome
• Safari
• Opera

Please note: Disabling cookies may limit the functionality of our website.

5. Contacting Us

When you contact us (e.g., via contact form or email), we collect personal data. The specific data collected depends on the form you use. This information is used solely to respond to your inquiry and for any related technical administration.

The legal basis for processing this data is our legitimate interest in responding to your request (GDPR Article 6(1)(f)). If your inquiry relates to a potential contract, the legal basis is also GDPR Article 6(1)(b).

Your data will be deleted once your request has been fully resolved, unless legal retention requirements apply.

6. Account Registration & Contract Fulfillment

When you create a customer account or place an order, we collect and process personal data necessary to fulfill the contract (GDPR Article 6(1)(b)). The specific data collected is shown in the relevant input forms.

You may delete your account at any time by contacting us at the address listed above. We store and use your data only for contract fulfillment. Once the contract is completed or your account is deleted, your data will be restricted from further use and deleted after any applicable tax or commercial retention periods—unless you’ve consented to continued use or we are legally permitted to retain it.

7. Order Processing

7.1 Shipping & Payment Partners

To fulfill your order, we work with selected service providers who assist in executing contracts. Personal data is shared with these providers only as necessary.

• Shipping: Your name, delivery address, and—if required—phone number are shared with the shipping carrier to deliver your order.
• Payment: Your payment data is shared with the payment processor or bank as needed to complete the transaction.

Legal basis: GDPR Article 6(1)(b).

7.2 External Shipping Partners

We may work with third-party logistics providers. Your name, delivery address, and phone number (if required) are shared solely for the purpose of delivering your order.

7.3 Payment Service Providers

PayPal
If you choose PayPal, your payment data is shared with:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

This data sharing is necessary for payment processing (GDPR Article 6(1)(b)).
PayPal may also conduct a credit check for certain payment methods (e.g., credit card, direct debit, installment payments). In this case, your data may be shared with credit agencies based on PayPal’s legitimate interest in assessing your payment ability (GDPR Article 6(1)(f)).

Credit checks may include probability values (“score values”) calculated using recognized statistical methods. These may include address data. For more information, see PayPal’s Privacy Policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You may object to this processing by contacting PayPal directly. However, PayPal may still process your data if required to complete the transaction.

Shopify Payments
We use Shopify Payments, operated by:
Shopify International Ltd., 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2, Ireland.

Payment processing is handled by:
Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

We share your order and payment details (e.g., name, address, account number, credit card number, transaction amount, currency, and transaction ID) with Stripe solely for payment processing (GDPR Article 6(1)(b)).

For more information:

• Shopify Payments Privacy Policy: https://www.shopify.com/legal/privacy
• Stripe Privacy Policy: https://stripe.com/de/privacy

Facebook Pixel & Custom Audiences

We use the Facebook Pixel, a tool provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”), to help us measure and improve the effectiveness of our Facebook advertising.

When a user clicks on one of our Facebook ads, the Facebook Pixel may add a tracking parameter to the URL of our site. If our site allows data sharing via Pixel, this parameter is stored in a cookie placed by our site and read by Facebook. This allows Facebook to track user behavior and optimize ad delivery.

We use the Facebook Pixel to:

• Show ads to users who have visited our site or shown interest in specific products or topics (“Custom Audiences”)
• Ensure our ads are relevant and not intrusive
• Measure conversions (e.g., whether users who clicked an ad completed a purchase)

The data collected is anonymous to us, but Facebook may link it to your profile and use it for its own advertising purposes, in accordance with its Data Policy:
https://www.facebook.com/about/privacy

Facebook and its partners may use this data to show ads on and off Facebook. Data processing is based on our legitimate interest in optimizing our marketing efforts (GDPR Article 6(1)(f)).

Data may be transferred to Facebook servers in the U.S. Facebook Inc. is certified under the EU-U.S. Privacy Shield, ensuring compliance with EU data protection standards.

You can opt out of Facebook Pixel tracking by clicking the link below:
Disable Facebook Pixel
Note: This opt-out cookie only works in this browser and for this domain. If you clear your cookies, you’ll need to opt out again.

Where legally required, we obtain your consent for this processing (GDPR Article 6(1)(a)). You may withdraw your consent at any time with future effect by using the opt-out method above.

9. Your Rights

Under applicable data protection laws, you have the following rights regarding your personal data:

• Right to Access (GDPR Article 15): You may request information about the personal data we process, including the purpose, categories, recipients, retention period, and any automated decision-making.
• Right to Rectification (Article 16): You may request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): You may request deletion of your data under certain conditions, unless processing is required for legal compliance or defense of legal claims.
• Right to Restriction (Article 18): You may request limited processing of your data under specific circumstances.
• Right to Notification (Article 19): If you exercise your rights to rectification, erasure, or restriction, we will inform any recipients of your data unless this is impossible or involves disproportionate effort.
• Right to Data Portability (Article 20): You may request your data in a structured, machine-readable format or transfer to another controller, where technically feasible.
• Right to Withdraw Consent (Article 7(3)): You may withdraw previously given consent at any time. This does not affect the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint (Article 77): You may file a complaint with a supervisory authority if you believe your data is being processed unlawfully.

Right to Object

If we process your data based on our legitimate interests (Article 6(1)(f)), you have the right to object at any time for reasons related to your particular situation. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds or need the data to establish, exercise, or defend legal claims.

If your data is used for direct marketing, you may object at any time. Once you object, we will no longer use your data for marketing purposes.