Clement’s Store | clements-store.at | Last updated: March 2026

1. Introduction

This Privacy Policy explains how Irena Klementová (trading as Clement’s Store, Seitenstettengasse 5/37, 1010 Vienna, Austria — hereinafter „we“) collects, uses, and protects personal data on this website, in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and the Austrian Data Protection Act (DSG).

2. Data Controller

Irena Klementová Clement’s Store Seitenstettengasse 5/37, 1010 Vienna, Austria E-mail: info@clements-store.at Tel.: +420 728 748 370 Imprint: https://www.clements-store.at/impressum

3. What Data We Collect and Why

We only process personal data where a lawful basis exists under Art. 6 GDPR.

1. a) Order processing (Art. 6(1)(b) GDPR — contract) Name, delivery address, e-mail address, payment data. Required to process and fulfil your order. We ship to Austria and Germany.
2. b) Communication (Art. 6(1)(b) and (f) GDPR) Name, e-mail address, phone number — when you contact us by e-mail, phone, or contact form. Retained until the matter is resolved and legal retention periods expire.
3. c) Legal obligations (Art. 6(1)(c) GDPR) Invoices and accounting records are retained for 7 years as required by Austrian tax law (§ 132 BAO).
4. d) Website operation / server logs (Art. 6(1)(f) GDPR — legitimate interest) IP address, browser type, OS, referring URL, date/time of visit. Automatically recorded by our web server. Retained for approximately 14 days, then deleted. Used solely for security and technical operation.
5. e) Cookies and analytics (Art. 6(1)(a) GDPR — consent) See Section 6 below.

4. Special Note on Our Products

Our products (Kratom / Mitragyna speciosa) are sold exclusively as collectibles and for research purposes. We do not process any health data (Art. 9 GDPR) in connection with orders. By ordering, customers confirm the products are not for human consumption. We do not record or process any information relating to medical use.

5. Data Sharing and Third-Party Processors

We share data only where necessary and always under a Data Processing Agreement (Art. 28 GDPR):

Hosting: Hostinger International Ltd. — servers within the EU where possible. Privacy policy: https://www.hostinger.com/privacy-policy

Website platform: Automattic Inc. (WordPress.com) — EU-US Data Privacy Framework participant; Standard Contractual Clauses apply. Privacy policy: https://automattic.com/privacy/

E-mail marketing: MailPoet (Automattic Inc.) — used only with your explicit consent. Unsubscribe at any time via the link in any newsletter.

Google Analytics 4: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — used only with your consent (cookie banner). IP anonymisation enabled. Data retained for 14 months by default. EU-US Data Privacy Framework participant. Opt-out: https://tools.google.com/dlpage/gaoptout

Google reCAPTCHA: Google Ireland Limited — used to protect forms from spam; legitimate interest (Art. 6(1)(f) GDPR) and consent.

Google Maps: Google Ireland Limited — embedded on our contact/location page; used only with consent.

Payment providers: Payment data is processed directly by the respective payment service provider (e.g. card processor). We do not store full card details.

Shipping: Österreichische Post AG / DPD — name and delivery address are shared solely for shipment fulfilment.

We do not sell personal data to third parties.

6. Cookies

We use cookies in the following categories:

Essential cookies — required for the shopping cart and checkout to function. No consent required (Art. 6(1)(f) GDPR).

Analytics cookies (Google Analytics 4) — only set with your consent. You can withdraw consent at any time via our cookie settings banner or by installing the Google Analytics opt-out browser add-on.

Marketing/map cookies — only set with your consent (Google Maps, reCAPTCHA).

You can manage, delete, or block cookies at any time in your browser settings. Note that disabling essential cookies may affect shop functionality.

7. Data Transfers to Third Countries

Some processors (Automattic/Google) may transfer data to the USA. All such transfers are covered by either the EU-US Data Privacy Framework or Standard Contractual Clauses (Art. 46(2) GDPR), ensuring an equivalent level of data protection.

8. Data Retention

9. Your Rights

Under GDPR (Arts. 15–22), you have the right to:

• Access — request a copy of your data (Art. 15)
• Rectification — correct inaccurate data (Art. 16)
• Erasure — request deletion („right to be forgotten“) (Art. 17)
• Restriction — limit how we use your data (Art. 18)
• Portability — receive your data in a portable format (Art. 20)
• Object — object to processing based on legitimate interest (Art. 21)
• Withdraw consent — at any time, without affecting prior lawful processing

To exercise any right, contact us at: info@clements-store.at

10. Right to Lodge a Complaint

If you believe we are handling your data unlawfully, you may lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde Barichgasse 40–42, 1030 Vienna Tel.: +43 1 52 152-0 E-mail: dsb@dsb.gv.at Website: https://www.dsb.gv.at

Customers in Germany may alternatively contact their respective state data protection authority (Landesdatenschutzbehörde).

11. Security

We use TLS/HTTPS encryption for all data transmitted via this website. Access to customer data is restricted to authorised persons only. We implement technical and organisational measures in accordance with Art. 25 GDPR (data protection by design and by default).

12. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in law or our services. The current version is always available at clements-store.at/datenschutzerklarung. We recommend checking it periodically.

This Privacy Policy was prepared for Clement’s Store (clements-store.at) in accordance with GDPR (EU) 2016/679, the Austrian DSG, and applicable national law. It covers operations in Austria and Germany.