Privacy Policy

Effective: 23 October 2025 • Version: 1.0

1. Controller

Heimdall Capital UG (limited liability)
Graisch 12, 91278 Pottenstein, Germany
Email: info@astrakids.net

(“we,” “us”). This website is operated under the brand Astra Kids.

2. Purposes, Legal Bases, and Types of Data

2.1 Website Operation / Server Logs

Purpose: Operation, security, and stability of the website.
Data: IP address, date/time, requested URL, referrer, user agent, possible error codes.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Storage duration: Typically 7–30 days; longer only for incident analysis.

2.2 Contact (Email / Contact Form)

Purpose: Processing inquiries and communication.
Data: Email address, name (if provided), message, metadata.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual) or Art. 6(1)(f) GDPR (general communication).
Storage duration: Until the inquiry is completed; statutory retention periods remain unaffected.

2.3 Newsletter (Double Opt-In)

Purpose: Sending news, offers, and updates about Astra Kids.
Data: Email address; optional name; logs of subscription/unsubscription (timestamp, IP, form).
Legal basis: Art. 6(1)(a) GDPR (consent); logging: Art. 6(1)(c/f) GDPR (compliance/evidence).
Withdrawal: You may withdraw consent at any time via the unsubscribe link or by emailing info@astrakids.net. The legality of processing prior to withdrawal remains unaffected.

2.4 Cookies & Similar Technologies

Purpose:

• Technically necessary cookies (e.g., language selection, session): permitted without consent under Art. 6(1)(f) GDPR.

• Non-essential cookies (e.g., analytics, marketing): only with consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG.
  Withdrawal/Adjustment: Can be made at any time via the consent banner on the website.

2.5 Embedded Content

Purpose: Media playback.
Data: When activated or played, IP address, device, and usage data may be transmitted to the provider.
Legal basis: Art. 6(1)(a) GDPR (consent via two-click/consent mechanism).

2.6 Web Analytics

Purpose: Measuring reach, error analysis, optimization.
Data: Usage data (page views, events), shortened IP, browser/device, referrer.
Legal basis: Art. 6(1)(a) GDPR (consent).
Storage duration: According to the tool used (e.g., 14–26 months).

3. Hosting & Data Processing Agreements

We use an external service provider (e.g., Hostinger) for website hosting and website builder services.
Processing is carried out under a data processing agreement pursuant to Art. 28 GDPR.
If subprocessors outside the EEA are used, data transfers are based on appropriate safeguards (in particular EU Standard Contractual Clauses).

4. Data Recipients

Processors: Hosting/website builder, email/newsletter service, IT service providers.
Third-party providers for embedded content: e.g., YouTube or Vimeo (only with consent).
No other data transfers take place unless legally permitted or you have given your consent.

5. Third-Country Transfers

If services located outside the EEA are used, we ensure appropriate safeguards under Art. 46 GDPR (EU Standard Contractual Clauses) or rely on exceptions under Art. 49 GDPR (e.g., explicit consent).

6. Retention Periods (Overview)

• Server logs: 7–30 days

• Contact inquiries: Until completion, then deletion or archiving as legally required

• Newsletter data: Until withdrawal; log data (opt-in records) retained per legal requirements

7. Obligation to Provide Data

For merely visiting the website, there is no obligation to provide personal data.
To respond to contact requests, we require your email address; newsletter registration requires consent.

8. Protection of Minors

Our services are directed at parents and guardians.
We process children’s personal data only where legally permitted and – if required – with parental consent (Art. 8 GDPR).

9. Your Rights

Under Articles 15–21 GDPR, you have the following rights:
access, rectification, erasure, restriction, data portability, and objection to processing based on Art. 6(1)(f) GDPR.
You may withdraw any consent given at any time with future effect (Art. 7(3) GDPR).
To exercise your rights, simply email us at info@astrakids.net.
For verification, we may request additional information to confirm your identity.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or the place of the alleged infringement.

For our registered office in Bavaria:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

11. Security

We implement technical and organizational measures (including TLS encryption and access restrictions) to protect personal data from loss, misuse, and unauthorized access.

12. Updates

We may update this Privacy Policy when technologies, processes, or legal requirements change.
The version published on this page at the time of use applies.