English·Deutsch

Privacy Policy

EU Widerruf Pro — Last updated: February 20, 2026

1. Controller

Martini & Radl OG
Rubensgasse 9/7
1040 Vienna
Austria
Email: office@euwiderruf.com

2. App description

EU Widerruf Pro is a Shopify app that helps online merchants manage withdrawals in accordance with EU consumer law. The app provides a withdrawal form for end customers, processes incoming withdrawals, and notifies the merchant.

3. Data we collect

3.1 End customer (buyer) data

When an end customer submits a withdrawal via the form, we process:

  • Email address
  • Last name
  • Order number
  • Order date and ordered items
  • Reason for withdrawal (optional)
  • IP address (solely for abuse prevention / rate limiting)

3.2 Merchant (shop operator) data

When the app is installed and used, we process:

  • Shopify shop domain
  • Shop settings (email configuration, form texts, integrations)
  • OAuth session data (for Shopify authentication)
  • Subscription / plan information

4. Purpose of processing

  • Withdrawal management: matching withdrawals to orders, confirmation emails, status tracking
  • Notifications: emails to end customers (confirmation), optional email / Slack / Teams to merchants
  • Abuse prevention: rate limiting
  • App operation: authentication, settings, billing

5. Legal basis (GDPR)

  • Art. 6(1)(b) GDPR: Contract performance — processing necessary to carry out the withdrawal
  • Art. 6(1)(f) GDPR: Legitimate interest — abuse prevention, app operation
  • Art. 6(1)(c) GDPR: Legal obligation — retention in accordance with EU withdrawal law

6. Sharing of data

We share personal data only in the following cases:

  • With the merchant: Withdrawal data is shown to the shop operator that installed the app
  • Shopify Inc.: Authentication, billing, order data (as a processor)
  • Resend (email delivery): End customer email address for sending the confirmation email
  • Optional integrations: Klaviyo, Slack, Teams — only when activated by the merchant

Any transfer to third countries is made only to providers that ensure an adequate level of data protection (e.g. EU-US Data Privacy Framework).

7. Retention period

Withdrawal data is retained based on the merchant's selected plan:

  • Free: 3 months
  • Basic: 12 months
  • Premium: 24 months

After the app is uninstalled, all shop data is deleted within 48 hours (in accordance with Shopify GDPR requirements).

8. Your rights

As a data subject you have the following rights:

  • Access (Art. 15 GDPR) — what data we store about you
  • Rectification (Art. 16 GDPR) — correction of incorrect data
  • Erasure (Art. 17 GDPR) — deletion of your data
  • Restriction (Art. 18 GDPR) — restriction of processing
  • Data portability (Art. 20 GDPR) — export of your data
  • Objection (Art. 21 GDPR) — objection to processing

For requests, please contact office@euwiderruf.com. You also have the right to lodge a complaint with a data protection supervisory authority.

9. Security

We apply technical and organizational measures to protect your data, including encrypted data transmission (TLS / HTTPS), input validation, rate limiting, and regular security reviews.

10. Changes

We reserve the right to update this privacy policy. For material changes, we will notify merchants through the app. The current version is always available at this URL.