Privacy Policy

Information on the protection of your personal data

1. Data Controller

The party responsible for data processing on this website is:

BIDDIX UG (haftungsbeschraenkt)
Hermann-Brenner-Platz 1
92637 Weiden i. d. OPf.
Telefon: +49 (0) 961 200 969 30
E-Mail: info@biddix.de

2. Collection and Storage of Personal Data

a) When visiting the website

When you access our website, the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer

The legal basis for data processing is Art. 6(1)(f) GDPR.

b) Upon registration and use of the customer account

When you create a customer account, we collect the following data:

  • Name (first and last name)
  • Email address
  • Password (stored in encrypted form)
  • Shipping address (when placing an order)

The legal basis is Art. 6(1)(b) GDPR (contract performance).

c) When placing orders

To process your order, we additionally collect:

  • Shipping address (when placing an order)
  • Billing address
  • Payment information (forwarded to the payment service provider)
  • Order history

3. Cookies and Local Storage

We use cookies on our website. These are small files that your browser automatically creates and stores on your device.

We use the following types of cookies and local storage:

  • Technically necessary cookies: Required for the operation of the website (e.g., shopping cart, login session)
  • Analytics cookies: Only with your consent (Art. 6(1)(a) GDPR)

localStorage: We store your language preference and cookie consent decision in your browser's localStorage. This data is necessary for the functioning of the website (Art. 6(1)(f) GDPR). Authentication and guest session ID are managed via httpOnly cookies.

You can configure your browser settings according to your preferences and, for example, refuse the acceptance of cookies. Please note that clearing cookies will require you to log in again.

4. Newsletter

When you subscribe to our newsletter, we collect your email address. Registration uses a double opt-in procedure: After your registration, you will receive a confirmation email with an activation link. Your subscription will only be activated after clicking this link.

The legal basis is Art. 6(1)(a) GDPR (consent). Emails are sent via IONOS SMTP servers (1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany).

You may withdraw your consent at any time by clicking the unsubscribe link at the bottom of each newsletter or by contacting us via email.

5. Forum

When you use our forum, your posts, comments, and reactions are stored and publicly visible. Your username and profile picture are visible to other users.

The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in a community platform).

6. Gamification

As part of our gamification system, we collect and process experience points (XP), levels, achievements, and your rank on the leaderboard. This data is publicly visible in your profile and on the leaderboard.

The legal basis is Art. 6(1)(b) GDPR (contract performance as part of our service offering).

7. Showroom

When you use the showroom, you can create public posts with images. Other users can like these posts. Your username and profile picture are visible.

The legal basis is Art. 6(1)(a) GDPR (consent through active publication).

8. Payment Processing (Stripe)

We use Stripe (Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA) for payment processing. When placing an order, the following data is transmitted to Stripe:

  • Name
  • Email address
  • Payment data (credit card number, expiration date, CVV)
  • IP address

The legal basis is Art. 6(1)(b) GDPR (contract performance). Stripe is certified under the EU-US Data Privacy Framework.

For more information about Stripe's privacy practices, visit: https://stripe.com/privacy

9. Hosting (IONOS)

Our website and email delivery are hosted by IONOS (1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany). IONOS processes access data (log files) on our behalf.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the reliable provision of our website).

10. Shipping Service Providers

To deliver your order, we transmit the data required for delivery (name, address, telephone number if applicable, email address for shipping notifications) to the respective shipping service provider:

  • DHL (Deutsche Post DHL Group, Charles-de-Gaulle-Str. 20, 53113 Bonn, Germany)
  • DPD (DPD Deutschland GmbH, Wailandtstr. 1, 63741 Aschaffenburg, Germany)

The legal basis is Art. 6(1)(b) GDPR (contract performance).

11. Fonts

We use the fonts Orbitron, Rajdhani, and Noto Sans JP. These fonts are hosted locally on our server (self-hosting). No connection to Google servers or other third-party providers takes place.

12. Data Sharing

Your personal data will not be transmitted to third parties for purposes other than those listed below:

  • Shipping service providers (for delivery of goods, see Section 10)
  • Payment service provider Stripe (for processing payments, see Section 8)
  • Hosting provider IONOS (for providing the website, see Section 9)

13. Data Processing Agreements

We have entered into data processing agreements pursuant to Art. 28 GDPR with our service providers. This applies in particular to:

  • IONOS (hosting and email delivery)
  • Stripe (payment processing)
  • DHL (shipping)
  • DPD (shipping)

14. Data Transfer to Third Countries

Data is transferred to third countries when using Stripe (USA). Stripe, Inc. is certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection pursuant to Art. 45 GDPR.

15. Data Retention Period

We store your personal data only for as long as necessary for the respective processing purposes or as required by statutory retention periods:

  • Customer account data: Until deletion of the account
  • Order data and invoices: 10 years (commercial and tax law retention obligation pursuant to Section 147 AO, Section 257 HGB)
  • Newsletter data: Until withdrawal of consent
  • Server log files: 30 days

16. Data Subject Rights

You have the right:

  • pursuant to Art. 15 GDPR, to request information about your processed personal data
  • pursuant to Art. 16 GDPR, to request the correction of inaccurate data
  • pursuant to Art. 17 GDPR, to request the deletion of your data
  • pursuant to Art. 18 GDPR, to request the restriction of processing
  • pursuant to Art. 20 GDPR, to receive your data in a transferable format (data portability)
  • pursuant to Art. 21 GDPR, to object to the processing of your data where the processing is based on Art. 6(1)(f) GDPR
  • pursuant to Art. 7(3) GDPR, to withdraw your consent at any time
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

To delete your customer account and all associated data, please send an email to info@biddix.de.

17. Data Security

During your visit to our website, we use the widely adopted SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can identify whether an individual page of our website is transmitted in encrypted form by the closed lock icon in the status bar of your browser.

18. Currency and Amendments to this Privacy Policy

This privacy policy is currently valid and was last updated in February 2026. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.

We use cookies to improve your shopping experience. By using our site, you agree to the use of cookies.