1. Data Controller
Roberto Simoes
Wisbyer Str. 4, 10439, Berlin, Germany
Contact: https://datria.me/contact/
This policy explains how datria.me (โthe Siteโ) collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (โGDPRโ).
2. What We Collect, Why, and On What Basis
| Data type | Purpose | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Name, email, shipping address, billing info | Process and fulfill orders | Contractual necessity (Art. 6(1)(b)) | 7 years (tax/accounting obligations) |
| Email address | Newsletter and marketing emails | Consent (Art. 6(1)(a)) | Until unsubscribe + 30 days |
| IP address, browser info, pages visited | Website analytics | Consent (Art. 6(1)(a), via cookie banner) | 26 months (Google Analytics default) |
| IP address, server logs | Site hosting and security | Legitimate interest (Art. 6(1)(f)) | 30 days |
| Name, email, message content | Respond to contact form inquiries | Legitimate interest (Art. 6(1)(f)) | 12 months after last communication |
| Cookies from embedded videos | Display YouTube content | Consent (Art. 6(1)(a), via cookie banner) | Per YouTube/Google policy |
3. Third-Party Services
We use the following third-party services that may process your personal data:
3.1 Snipcart (payments and cart)
Snipcart is our e-commerce platform. When you make a purchase, Snipcart processes your name, email, shipping address, and payment details. Payment is handled securely through Snipcartโs payment gateway (powered by Stripe). We do not store your credit card information.
- Provider: Snipcart Inc. (Canada)
- Data collected: name, email, address, payment info, order details
- Privacy policy: snipcart.com/legal/privacy
3.2 Google Analytics
We use Google Analytics to understand how visitors use the Site. It collects anonymized usage data through cookies.
- Provider: Google LLC (USA)
- Data collected: cookies, usage data (pages visited, time on site, device info)
- Privacy policy: policies.google.com/privacy
- Opt out: tools.google.com/dlpage/gaoptout
3.3 YouTube (embedded videos)
Alchemy Activation videos are embedded from YouTube. When you play a video, YouTube may set cookies and collect usage data.
- Provider: Google LLC (USA)
- Data collected: cookies, usage data
- Privacy policy: policies.google.com/privacy
3.4 Brevo (email marketing)
When you subscribe to our newsletter or download the Moon Calendar, your email address is stored and managed by Brevo (formerly Sendinblue). You can unsubscribe at any time via the link in each email.
- Provider: Brevo SAS (France)
- Data collected: email address, interaction data (opens, clicks)
- Privacy policy: brevo.com/legal/privacypolicy
3.5 Netlify (hosting)
The Site is hosted on Netlify. Server logs (including IP addresses) are collected for security and operational purposes.
- Provider: Netlify Inc. (USA)
- Data collected: IP address, server logs
- Privacy policy: netlify.com/privacy
4. Cookies
The Site uses cookies for the following purposes:
| Cookie type | Source | Purpose | Required? |
|---|---|---|---|
| Essential | Snipcart | Shopping cart functionality | Yes |
| Analytics | Google Analytics | Usage statistics | Yes |
| Third-party | YouTube | Video playback | Yes |
You can manage your cookie preferences through your browser settings. Non-essential cookies are only set after you give consent via the cookie banner.
5. International Data Transfers
Some of our service providers are based outside the European Economic Area (EEA), specifically in the USA and Canada. We ensure adequate protection for these transfers through:
- The EU-US Data Privacy Framework (for US providers certified under the framework, including Google)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable (Canada has a partial adequacy decision from the EU)
6. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data, โright to be forgottenโ (Art. 17)
- Restrict processing (Art. 18)
- Data portability: receive your data in a machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time for consent-based processing (Art. 7(3))
To exercise any of these rights, contact: https://datria.me/contact/
You also have the right to lodge a complaint with the Berliner Beauftragte fรผr Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information): datenschutz-berlin.de
7. Data Security
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All payment processing is handled by PCI-compliant providers (Snipcart/Stripe).
8. We Do Not Sell Your Data
We do not sell, rent, or trade your personal data to any third party for any purpose. Data is shared only with the service providers listed in Section 3, strictly for the purposes described.
9. Changes to This Policy
We may update this policy to reflect changes in our services or legal requirements. Significant changes will be communicated via the Site. We recommend checking this page periodically.
10. Contact
For any questions about this privacy policy or your personal data:
https://datria.me/contact/
Last updated: March 23, 2026