Privacy policy

At SUNJOY EU, your privacy is our priority. We process your personal data in accordance with the General Data Protection Regulation (GDPR) and relevant national data protection laws. This notice explains how we collect, use, and safeguard your information when you visit our website or shop with us.

1. Data Controller

The website www.sunjoyonline.eu is operated by:
SunWay Europe GmbH
Wrangelstraße 100, 10997 Berlin, Germany
(“SunWay”, “we”, “us”).

For any privacy-related questions, please contact our Data Protection Officer:
Shana Surdo
📍 Wrangelstraße 100, 10997 Berlin, Germany
📧 shana@sunwayeurope.com

2. Data Sharing and Responsibility

We remain the sole controller of your personal data.
Your data is only shared when necessary to perform our services or if required by law.
Transfers occur only:

  • with your consent (Art. 6(1)(a) GDPR),

  • for contract fulfilment (Art. 6(1)(b)),

  • to comply with legal obligations (Art. 6(1)(c)), or

  • for legitimate business interests (Art. 6(1)(f)), such as fraud prevention or credit checks.

3. Types of Data We Collect

We may collect and process the following personal information:

  • Identity details: name, address, email, phone number, gender, date of birth (optional).

  • Account data: login credentials, password (encrypted), preferences.

  • Purchase data: orders, payments, invoices, products purchased.

  • Usage data: device info, browser, IP address, and activity on our website (e.g., clicks, viewed products).

  • Newsletter interaction data: link clicks, opens.

We never collect sensitive data (e.g., health or biometric data).

4. Purpose of Processing

We process your data to:

  • Provide and operate our website and online store.

  • Process orders, payments, and deliveries.

  • Offer customer support and respond to inquiries.

  • Send optional newsletters or marketing materials (only with consent).

  • Analyse usage to improve performance and user experience.

5. Storage and Retention

We store your data only as long as necessary for the stated purposes or legal retention requirements:

  • Account data: retained while your account is active or until you request deletion.

  • Order data & invoices: retained for 10 years under tax and commercial law.

  • Website usage & analytics data: stored up to 25 months, then anonymized.

6. Website Visits

When you visit our site, our server automatically records:

  • IP address, browser type, operating system

  • Referring page and visited URLs

  • Date and time of access

These logs are required for security and website stability and are deleted after 365 days.
Processing is based on legitimate interest under Art. 6(1)(f) GDPR.

7. Creating a User Account

To create an account, we require your email and a password.
Your account allows you to manage your personal details, view orders, and track shipments.
If you enable “stay logged in”, a cookie is saved on your device for convenience.
Legal basis: contract performance (Art. 6(1)(b) GDPR).

8. Order and Payment Processing

Your data is used to fulfil your order, manage delivery, and process payment.

  • Payment methods: When paying via PayPal, credit card, SEPA, or other providers, relevant data is transmitted securely to the respective payment service. We do not store your full payment details.

  • Third-party processors: Payments and credit checks are handled by authorized partners such as PayPal (Europe) S.à r.l. et Cie, S.C.A. and Billpay GmbH under their respective privacy policies.

  • Fraud prevention: We may process transaction and device data to prevent misuse.

Legal basis: Art. 6(1)(b) & (f) GDPR.

9. Contact and Customer Support

When you contact us (via form, email, phone, or post), we collect your name, contact details, and message content to respond to your inquiry.
Legal basis: Art. 6(1)(b) (contract performance) or Art. 6(1)(f) (legitimate interest in responding).

10. Newsletter and Marketing

You receive newsletters only after explicit double opt-in consent (Art. 6(1)(a) GDPR).
You may unsubscribe anytime via the link in each email.

To measure engagement, we use anonymous tracking pixels to record email opens and link clicks.
Processing is based on legitimate interest (Art. 6(1)(f)) to improve our communication.

11. Cookies

We use cookies to make your browsing experience easier and more personalized.

Types of cookies:

  • Essential cookies: required for website functionality (Art. 6(1)(f)).

  • Functional cookies: save preferences and enhance features.

  • Performance cookies: collect aggregated usage statistics.

  • Marketing cookies: support personalized advertising.

You can manage or disable cookies anytime via “Cookie Settings” or your browser preferences.

12. Google Services and Tracking

We use several Google tools, each governed by Google’s privacy policy:

  • Google Analytics (with IP anonymization) – measures website performance.

  • Google Ads Conversion & Remarketing – tracks ad conversions and audience interest.

  • Google Fonts, reCAPTCHA, and DoubleClick – ensure security, design, and advertising relevance.

Legal basis: Consent (Art. 6(1)(a) GDPR).
You may withdraw consent anytime under “Cookie Settings” or via https://tools.google.com/dlpage/gaoptout.

13. Data Security

We implement technical and organizational security measures to protect your data from loss, manipulation, or unauthorized access.
All personal data is transmitted in encrypted form (SSL/TLS).
Our systems and policies are regularly reviewed and updated to meet current security standards.

14. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access – obtain a copy of your stored data.

  • Correction – request rectification of inaccurate information.

  • Deletion – request erasure unless retention is legally required.

  • Restriction – limit processing under certain conditions.

  • Portability – receive your data in machine-readable format.

  • Objection – object to data processing based on legitimate interest or direct marketing.

  • Complaint – file a complaint with your national data protection authority.

To exercise any rights, please contact: shop@sunjoygroup.com
We may request proof of identity before processing your request.

15. Updates to This Privacy Policy

We may update this policy if laws, technologies, or our business operations change.
Any substantial changes will be announced on this page.

Last revision: February 2025