Privacy Policy
Data protection information pursuant to Articles 13 and 14 GDPR (Regulation (EU) 2016/679) and the German Federal Data Protection Act (BDSG). — Last updated: July 2026
1. Controller
The controller responsible for the processing of personal data on this website within the meaning of Art. 4 (7) GDPR is:
GM Mobile Shop
Gartenfelderstraße 29-37, 13599 Berlin, Germany
Email: info@gmmobileshop.com
Phone: +49 176 31457871
Further provider details are available in our Impressum.
2. What data we process
- Order and contact data: when you place an order or contact us we process your name, email address, phone number, shipping address and the details of the products you order, as well as the content of any correspondence with our support team.
- Payment-related data: payment card details are entered on the secure payment page of our payment service provider and are processed by that provider, not by us. We receive only a confirmation of payment and a transaction reference — we never see or store your full card number.
- Server log data: when you visit the website, our server automatically records technical information such as your IP address, browser type and version (user-agent), the pages requested, and date/time stamps. We use this data solely to operate the website securely, to diagnose technical problems and to prevent abuse.
3. Purposes and legal bases
- Performance of the purchase contract (Art. 6 (1)(b) GDPR): processing your order, taking payment, arranging delivery, sending order and tracking confirmations, and handling returns, withdrawals and warranty claims.
- Legal obligations (Art. 6 (1)(c) GDPR): retaining invoices and transaction records as required by German commercial and tax law.
- Legitimate interests (Art. 6 (1)(f) GDPR): keeping the website and our systems secure, preventing fraud and abuse, and responding to general enquiries.
We do not sell your personal data and we do not send marketing emails unless you have explicitly opted in.
4. Recipients and processors
We share personal data only with service providers that are necessary to run the shop, each of which receives only the data it needs and is bound by data-processing obligations under Art. 28 GDPR where applicable:
- Hosting/server provider: operates the servers on which the website and order data are stored.
- Viva Wallet / Viva.com (payment service provider): processes your card payment. Card data is entered directly on Viva's secure payment page and is processed by Viva under its own responsibility and its own privacy policy; we do not store card data.
- Shipping and logistics partners: receive your name, delivery address and, where needed for delivery notifications, your email address or phone number.
- Exchange-rate API: the website retrieves current exchange rates from a third-party API solely to display indicative price conversions on screen. No personal data is sent to this service.
5. Cookies and local storage
This website uses only strictly necessary browser storage: your shopping cart is kept in your browser's localStorage under the key gm_cart, and your currency preference under the key gm_currency. In addition, an httpOnly session cookie is set solely for the staff admin area. We do not use any advertising, analytics or third-party tracking cookies. Full details are set out in our Cookie Policy.
6. Retention
We keep personal data only for as long as it is needed for the performance of the contract and thereafter as required by statutory retention obligations. Commercial and tax records (including invoices and order documents) are generally retained for 6 to 10 years pursuant to § 257 of the German Commercial Code (HGB) and § 147 of the German Fiscal Code (AO). Server logs are kept for a short rolling period for security purposes and then deleted or anonymised.
7. International transfers
Payment processing may involve providers established within the EU/EEA. Should any transfer of personal data to a country outside the EEA occur, it will only take place where appropriate safeguards within the meaning of Chapter V GDPR are in place, such as an adequacy decision of the European Commission or the EU standard contractual clauses.
8. Your rights
With regard to the personal data concerning you, you have the following rights under the GDPR:
- the right of access (Art. 15 GDPR);
- the right to rectification (Art. 16 GDPR);
- the right to erasure (Art. 17 GDPR);
- the right to restriction of processing (Art. 18 GDPR);
- the right to data portability (Art. 20 GDPR);
- the right to object to processing based on legitimate interests (Art. 21 GDPR);
- where processing is based on consent, the right to withdraw that consent at any time with effect for the future.
To exercise any of these rights, contact us at info@gmmobileshop.com. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for us is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, Germany.
9. No automated decision-making
We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
10. Changes to this policy
We may update this policy from time to time, for example when we change service providers or when the law changes. The current version is always published on this page together with the date of the last update. See also our Terms & Conditions and our Right of Withdrawal notice.