Search

Menu

Cart

Your cart is empty

Continue shopping

Privacy Policy

PRIVACY POLICY In accordance with the EU General Data Protection Regulation (GDPR) Last updated: 22 April 2026

1. Introduction and Controller Identity

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit or make a purchase from our website.

Data Controller: Levin Co e.U. Wollzeile 29 1010 Vienna, Austria Email:hello@dearboe.com 

Data Protection Officer (DPO): If you have any questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer at: hello@dearboe.com

2. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal grounds:

2.1 Contract Performance (Art. 6(1)(b)) Processing your data is necessary to fulfil orders you have placed, manage your account, process payments, arrange delivery, and handle returns or complaints.

2.2 Legal Obligation (Art. 6(1)(c)) We are required by law to retain certain transaction records for tax, accounting, and fraud prevention purposes (e.g., under EU VAT Directive 2006/112/EC).

2.3 Legitimate Interests (Art. 6(1)(f)) We may process your data to improve our services, prevent fraud, maintain site security, and conduct analytics, provided these interests are not overridden by your rights.

2.4 Consent (Art. 6(1)(a)) For marketing communications, personalisation cookies, and profiling activities, we will only process your data with your explicit, freely given, and informed consent. You may withdraw consent at any time.

2.5 Special Category Data We do not intentionally collect special category data (e.g., health, religion, biometric data) as defined under GDPR Article 9. Please do not submit such data through our website.

3. What Personal Data We Collect

3.1 Data You Provide Directly

  • Identity data: full name, username, date of birth
  • Contact data: billing/shipping address, email address, telephone number
  • Payment data: credit/debit card details (processed securely via PCI-DSS compliant processors; we do not store full card numbers)
  • Account data: password (hashed), order history, wishlist, preferences
  • Communications: messages sent via our contact form, customer support tickets

3.2 Data We Collect Automatically

  • Technical data: IP address, browser type and version, time zone, operating system
  • Usage data: pages visited, click-through paths, session duration, referral URL
  • Cookie data: session identifiers, analytics identifiers, preference settings (see Section 9)

3.3 Data from Third Parties

  • Payment processors (e.g., Stripe, PayPal): transaction confirmation and fraud signals
  • Shipping partners: delivery confirmation and tracking data
  • Social login providers (if applicable): public profile information you permit

4. How We Use Your Personal Data

We use your data for the following purposes:

  • Processing and fulfilling orders, including payment, invoicing, and dispatch
  • Managing your customer account and providing customer support
  • Sending order confirmations, shipping notifications, and service-related communications
  • Sending marketing emails and promotional offers (only with your consent)
  • Personalising your shopping experience based on browsing and purchase history
  • Detecting, preventing, and investigating fraud and other illegal activities
  • Complying with legal and regulatory obligations
  • Analysing website performance and improving our services
  • Running customer satisfaction surveys (optional participation)

5. Data Sharing and Third-Party Recipients

We do not sell your personal data. We share your data only where necessary, under appropriate data processing agreements, with the following categories of recipients:

5.1 Service Providers (Data Processors)

  • Payment processors: Stripe Inc., PayPal (Europe) S.à r.l. et Cie, S.C.A. — for secure payment processing
  • Logistics and shipping partners: DHL, DPD, PostNL — for order fulfilment and delivery
  • Cloud and IT infrastructure: AWS / Google Cloud / Azure (EU data centres) — for hosting and storage
  • Email service providers: Mailchimp / SendGrid — for transactional and marketing emails
  • Analytics providers: Google Analytics (with IP anonymisation enabled)

5.2 Legal Disclosures We may disclose your data to public authorities (e.g., tax authorities, law enforcement) where required by EU or Member State law, court order, or to protect the rights and safety of individuals.

5.3 Business Transfers In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to equivalent privacy protections.

6. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through one of the following safeguards:

  • Adequacy decisions issued by the European Commission (e.g., transfers to the UK, Switzerland, Japan)
  • Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914)
  • Binding Corporate Rules (BCRs) where applicable

You may request a copy of applicable transfer safeguards by contacting privacy@levinco.at.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Customer account data: retained for the duration of the account plus 3 years after closure
  • Order and transaction records: 7 years (EU accounting and tax law obligations)
  • Marketing consent records: until consent is withdrawn, plus 3 years for audit purposes
  • Support communications: 2 years from last contact
  • Server and access logs: 90 days

Upon expiry of the retention period, data is securely deleted or anonymised in accordance with our data disposal procedures.

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights under the GDPR (Articles 15–22). You may exercise any of these rights by contacting privacy@levinco.at:

8.1 Right of Access (Art. 15) You have the right to obtain confirmation of whether we process your personal data and to receive a copy, along with information about how we use it.

8.2 Right to Rectification (Art. 16) You have the right to request correction of inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17) You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent and there is no other legal basis for processing.

8.4 Right to Restriction of Processing (Art. 18) You may request that we restrict processing of your data in certain circumstances, for example while a dispute about its accuracy is resolved.

8.5 Right to Data Portability (Art. 20) You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

8.6 Right to Object (Art. 21) You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making (Art. 22) You have the right not to be subject to decisions based solely on automated processing that produce significant legal or similarly significant effects.

8.8 Right to Lodge a Complaint If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your national supervisory authority. In Austria, this is the Datenschutzbehörde: https://www.dsb.gv.at

We will respond to all verifiable requests within 30 days. In complex cases, we may extend this by a further 60 days, with prior notification.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. You may manage your cookie preferences via our Cookie Consent banner or your browser settings.

9.1 Essential Cookies These are strictly necessary for the website to function (e.g., shopping cart, session management). They cannot be disabled without affecting core functionality. Legal basis: legitimate interest / contract performance.

9.2 Analytics Cookies We use Google Analytics (with IP anonymisation) to understand how visitors use our site. These are only set with your consent. You may opt out at any time.

9.3 Marketing and Personalisation Cookies We may use cookies for retargeting advertising and personalised product recommendations, only with your explicit consent.

Our full Cookie Policy, including a list of all cookies and their purposes, is available at: [https://yourwebsite.com/cookie-policy]

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These include:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • PCI-DSS compliant payment processing
  • Multi-factor authentication for system access
  • Regular penetration testing and vulnerability assessments
  • Staff training on data protection and information security
  • Data minimisation and access controls on a need-to-know basis

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and affected individuals without undue delay where the breach poses a high risk to their rights and freedoms.

11. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with their data, please contact us immediately at hello@dearboe.com and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory guidance. Where changes are material, we will notify you by email (if we hold your email address) or by a prominent notice on our website at least 30 days before the changes take effect.

The current version of this Policy is dated 22 April 2026. Previous versions are archived and available on request.

13. Contact Us

For any privacy-related queries, requests to exercise your rights, or concerns about our data practices, please contact us:

  • Email: hello@dearboe.com
  • Post: Data Protection Officer, Levin Co e.U., Wollzeile 29, 1010 Vienna, Austria
  • Open: (Monday–Friday, 09:00–17:00 CET)

We take all privacy concerns seriously and will respond promptly and professionally.

This Privacy Policy has been prepared in compliance with the EU General Data Protection Regulation (GDPR) 2016/679, the ePrivacy Directive 2002/58/EC, and applicable Austrian data protection law.
© 2026 BOË. All rights reserved.

Country/region