Privacy Policy

Last updated: 8 June 2026

This Privacy Policy explains how personal data is collected, used, disclosed and protected when you visit this website, use our online shop, contact us, subscribe to our marketing emails or purchase products from us.

This Privacy Policy applies to the online shop operated under the brand YONÉ.

1. Controller

The controller responsible for the processing of personal data on this website is: Jennifer Connerth, Ganghoferstr. 64B, 80339 Munich German. Email: hello@yoneritual.com. If you have any questions about this Privacy Policy or the way we process your personal data, you can contact us at any time using the contact details above.

2. Applicable law

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the German Federal Data Protection Act (“BDSG”), where applicable, and the German Telecommunications Digital Services Data Protection Act (“TDDDG”), where applicable.

3. What personal data means

Personal data means any information relating to an identified or identifiable natural person. This may include, for example, your name, email address, postal address, phone number, IP address, order details, payment-related information, communication content and information about your use of this website.

4. Hosting and website operation via Squarespace

This website is hosted by Squarespace.

Squarespace collects personal data when you visit this website, including:

  • information about your browser, network and device;

  • web pages you visited before coming to this website;

  • web pages you view while on this website;

  • your IP address;

  • timestamps and technical usage information.

Squarespace needs this data to operate this website, provide it securely, protect its platform and services, and improve its services.

For data that we control and process through this website, Squarespace generally acts as our service provider and processor. Squarespace may also process certain website usage information for its own purposes, as described in Squarespace’s own privacy documentation.

Legal bases:

  • Art. 6(1)(f) GDPR, our legitimate interest in securely operating, maintaining and displaying this website;

  • Art. 6(1)(b) GDPR, where the processing is necessary to provide website functions requested by you, such as checkout functionality;

  • Art. 6(1)(c) GDPR, where processing is required by law.

5. Website analytics

This website collects personal data to power our website analytics.

This may include:

  • information about your browser, network and device;

  • web pages you visited before coming to this website;

  • your IP address;

  • clicks;

  • internal links;

  • pages visited;

  • scrolling;

  • searches;

  • timestamps;

  • order and conversion-related information.

We use this information to understand website traffic, shop activity, product interest, performance and how visitors interact with this website.

We provide this information to Squarespace, our website analytics provider, so that Squarespace can provide analytics services to us.

Where analytics cookies or similar technologies are used, we only use them if you have given your consent through our cookie banner, unless the processing is technically necessary.

Legal bases:

  • Art. 6(1)(a) GDPR, your consent, for analytics and performance cookies or similar technologies;

  • Section 25(1) TDDDG, your consent, where information is stored on or accessed from your device;

  • Art. 6(1)(f) GDPR, our legitimate interest in basic website performance and security analysis, where legally permitted.

You can withdraw or change your consent at any time through our cookie settings, where available, or by adjusting your browser settings.

6. Cookies and similar technologies

This website uses cookies and similar technologies. Cookies are small files or pieces of text that are stored on your device when you visit a website or app.

We use the following categories of cookies:

6.1 Necessary cookies

Necessary cookies are always used because they allow Squarespace, our hosting platform, to securely serve this website to you and provide essential website functions.

These may include cookies required for:

  • secure website delivery;

  • shopping cart functionality;

  • checkout;

  • payment processing support;

  • fraud prevention;

  • order status pages;

  • security and error detection.

Legal bases:

  • Section 25(2) TDDDG, because these cookies are strictly necessary to provide the digital service requested by you;

  • Art. 6(1)(f) GDPR, our legitimate interest in operating a secure and functional website;

  • Art. 6(1)(b) GDPR, where the cookies are required for checkout, orders or payment-related functions.

6.2 Analytics and performance cookies

Analytics and performance cookies help us understand how visitors interact with this website. They may help us measure traffic, activity, product interest, cart activity and performance.

We only use analytics and performance cookies after you have given your consent through our cookie banner.

Legal bases:

  • Section 25(1) TDDDG;

  • Art. 6(1)(a) GDPR.

6.3 Marketing cookies

If marketing cookies, tracking pixels or similar technologies are used, we use them only after you have given your consent through our cookie banner.

Legal bases:

  • Section 25(1) TDDDG;

  • Art. 6(1)(a) GDPR.

7. Cookie consent management

When you first visit this website, you may be shown a cookie banner that allows you to accept or reject non-essential cookies.

You can change or withdraw your consent at any time through the cookie settings, where available.

You can also delete or block cookies through your browser settings. If you block necessary cookies, some website functions, including cart or checkout functions, may not work properly.

8. Orders and purchases

When you buy something on this website, we collect personal data from you to process and fulfil your order.

We may collect:

  • name;

  • email address;

  • phone number;

  • billing address;

  • shipping address;

  • order details;

  • purchased product information;

  • payment status;

  • delivery status;

  • communication relating to your order.

We process this data to:

  • accept and process your order;

  • receive payment;

  • ship your order;

  • send order confirmations and shipping notifications;

  • handle returns, complaints and customer service requests;

  • comply with tax, accounting and legal obligations;

  • prevent fraud and misuse of our shop.

Legal bases:

  • Art. 6(1)(b) GDPR, performance of a contract or pre-contractual steps;

  • Art. 6(1)(c) GDPR, compliance with legal obligations, especially tax and accounting obligations;

  • Art. 6(1)(f) GDPR, our legitimate interest in preventing fraud, handling customer service and protecting legal claims.

We share order-related information with Squarespace, our online shop hosting provider, so that Squarespace can provide online store services to us.

9. Payment processing via Squarespace Payments

When you make a purchase from us on this website, we use Squarespace Payments as our payment solution.

Squarespace Payments is an integrated payment solution provided to us by Squarespace, our online store service provider.

Squarespace Payments uses third-party service providers that may receive and process your personal data, including:

  • Stripe, for payment processing services;

  • Sift, for fraud monitoring and fraud detection services.

Depending on the payment method and checkout process, these providers may process:

  • name;

  • email address;

  • billing address;

  • shipping address;

  • payment method information;

  • payment amount;

  • transaction ID;

  • fraud prevention information;

  • device and technical information;

  • bank or card-related information, where applicable.

We do not receive or store your full credit card details.

Legal bases:

  • Art. 6(1)(b) GDPR, processing payment for your order;

  • Art. 6(1)(c) GDPR, compliance with legal and tax obligations;

  • Art. 6(1)(f) GDPR, our legitimate interest in secure payment processing, fraud prevention and the protection of legal claims.

Stripe and Sift may also process personal data in accordance with their own privacy policies.

10. Automated tax calculation

When you make a purchase from us on this website, we use Squarespace as our commerce platform. Squarespace may use Stripe, a third-party service provider, to power automated tax calculations.

We may collect and process:

  • billing address;

  • shipping address;

  • name;

  • purchased product details;

  • product tax codes;

  • order value.

This information is used to calculate applicable taxes and to process your order correctly.

Legal bases:

  • Art. 6(1)(b) GDPR, processing your order correctly;

  • Art. 6(1)(c) GDPR, compliance with tax obligations;

  • Art. 6(1)(f) GDPR, our legitimate interest in accurate shop operation and accounting.

Stripe may also receive personal data and process it in accordance with its own privacy policy.

11. Shipping and delivery via Hermes

When you purchase a physical product on this website, we process your personal data to ship the order to you.

We may share the following data with Hermes, our shipping service provider:

  • name;

  • shipping address;

  • email address;

  • phone number, where required for delivery;

  • order number;

  • package information;

  • delivery status.

Hermes uses this information to deliver your order, provide shipment tracking, handle delivery issues and, where applicable, notify you about delivery status.

Legal bases:

  • Art. 6(1)(b) GDPR, fulfilment of your order;

  • Art. 6(1)(f) GDPR, our legitimate interest in reliable shipping, tracking and customer service;

  • Art. 6(1)(c) GDPR, where legal obligations apply.

12. Address autocomplete via Google Places API

As you go through checkout, this website may auto-complete your shipping and billing address by sharing what you type with the Google Places API and returning address suggestions to improve your checkout experience.

The Google Places API may process:

  • the characters you type into the address field;

  • IP address;

  • browser and device information;

  • technical usage information.

Legal bases:

  • Art. 6(1)(f) GDPR, our legitimate interest in providing a smoother checkout experience and reducing delivery errors;

  • Art. 6(1)(a) GDPR, where consent is required.

13. Contact form

If you submit information through the contact form on this website, we collect the data requested in the form in order to receive, track and respond to your message.

This may include:

  • name;

  • email address;

  • message content;

  • order number, where applicable;

  • any information you choose to include in your message.

We use this data to:

  • respond to your request;

  • manage our communication with you;

  • provide customer service;

  • process order-related questions;

  • handle complaints, returns or legal claims.

The contact form is provided through Squarespace. We provide this information to Squarespace, our website hosting provider, so that Squarespace can provide website services to us and help us manage our relationship with you.

Legal bases:

  • Art. 6(1)(b) GDPR, where your request relates to an order or potential order;

  • Art. 6(1)(f) GDPR, our legitimate interest in responding to inquiries and managing customer relationships;

  • Art. 6(1)(c) GDPR, where we are legally required to retain communication;

  • Art. 6(1)(a) GDPR, where you have given consent.

14. Invoices and accounting

We process invoice and accounting information to document transactions, collect payments and comply with legal obligations.

We may process:

  • name;

  • email address;

  • billing address;

  • invoice details;

  • order details;

  • payment history;

  • tax-relevant information.

We may share this information with Squarespace, payment providers, tax advisors, legal advisors and public authorities where required by law.

Legal bases:

  • Art. 6(1)(b) GDPR, processing payment and order documentation;

  • Art. 6(1)(c) GDPR, compliance with tax and accounting obligations;

  • Art. 6(1)(f) GDPR, our legitimate interest in proper business administration and protection of legal claims.

15. Order emails

We may email you with messages about your order or related shop activity.

For example, we may email you to tell you that:

  • you made a purchase;

  • your payment was processed;

  • your order was confirmed;

  • your order has shipped;

  • there is an issue with your order;

  • your return or complaint request was processed.

These messages are transactional and necessary for the performance of your order. It is not possible to unsubscribe from necessary transactional emails.

Legal bases:

  • Art. 6(1)(b) GDPR;

  • Art. 6(1)(f) GDPR;

  • Art. 6(1)(c) GDPR, where legally required.

We provide your contact information to Squarespace, our website and online store provider, so that Squarespace can send these emails on our behalf and help us manage our relationship with you.

16. Abandoned cart emails

If abandoned cart emails are enabled, you may receive an automated email within 24 hours after leaving your shopping cart, if all of the following occur:

  • you enter your email address at checkout;

  • you add an in-stock product to your cart;

  • you close your browser or leave this website without completing your purchase.

We only send abandoned cart emails where legally permitted, for example if you have given consent or if another applicable legal basis allows us to do so.

You can unsubscribe from these emails at the bottom of the email.

The email will link back to this website, where you can continue your checkout and complete your purchase.

Legal bases:

  • Art. 6(1)(a) GDPR, your consent, where required;

  • Art. 6(1)(f) GDPR, our legitimate interest in reminding customers of incomplete purchases, where legally permitted.

17. Marketing emails and newsletters

If you subscribe to our marketing emails, we process your contact information to send you updates about YONÉ, products, launches, rituals, brand stories and other marketing content.

We may process:

  • name, where provided;

  • email address;

  • subscription status;

  • consent timestamp;

  • IP address at sign-up, where collected;

  • email opening and click behaviour, where applicable;

  • unsubscribe status.

We only send marketing emails if you have given your consent or where we are otherwise legally permitted to do so.

You can unsubscribe at any time by clicking the unsubscribe link at the bottom of our emails or by contacting us directly.

We use Squarespace Email Campaigns for sending marketing emails. We provide your contact information to Squarespace, our email marketing provider, so that Squarespace can send these emails on our behalf and help us manage our relationship with you.

Legal bases:

  • Art. 6(1)(a) GDPR, your consent;

  • Art. 6(1)(f) GDPR, our legitimate interest in managing existing customer relationships, where legally permitted.

18. Fonts

This website may serve font files from and render fonts using Google Fonts and/or Adobe Fonts through Squarespace’s built-in font integrations.

To properly display this website, these third parties may receive personal data about you, including:

  • information about your browser, network or device;

  • information about this website and the page you are viewing;

  • your IP address.

Where required, we only load external fonts after your consent.

Legal bases:

  • Art. 6(1)(a) GDPR, your consent, where required;

  • Section 25(1) TDDDG, where information is accessed from or stored on your device;

  • Art. 6(1)(f) GDPR, our legitimate interest in displaying this website consistently, where legally permitted.

If fonts are hosted locally and no connection to external font providers is established, no personal data is transferred to Google Fonts or Adobe Fonts for the display of fonts.

19. Fraud prevention and security

We process certain technical and transaction-related data to protect our website, shop, customers and business against fraud, misuse, unauthorised access, payment abuse and other security risks.

This may include:

  • IP address;

  • device and browser information;

  • transaction details;

  • payment status;

  • order behaviour;

  • fraud risk indicators.

Payment and fraud prevention providers such as Stripe and Sift may process data for fraud monitoring and detection.

Legal bases:

  • Art. 6(1)(f) GDPR, our legitimate interest in fraud prevention, website security and the protection of legal claims;

  • Art. 6(1)(b) GDPR, secure processing of orders and payments;

  • Art. 6(1)(c) GDPR, where legal obligations apply.

20. Legal obligations and protection of claims

We may process and retain personal data where necessary to comply with legal obligations or to establish, exercise or defend legal claims.

This may include:

  • tax and accounting obligations;

  • commercial record keeping;

  • consumer protection obligations;

  • product-related obligations;

  • fraud prevention;

  • legal disputes;

  • communication with authorities.

Legal bases:

  • Art. 6(1)(c) GDPR;

  • Art. 6(1)(f) GDPR.

21. Service providers and recipients of personal data

We may share personal data with the following categories of recipients where necessary:

  • website and shop hosting providers, especially Squarespace;

  • payment processors, especially Squarespace Payments and Stripe;

  • fraud prevention providers, especially Sift;

  • shipping and delivery providers, especially Hermes;

  • email and marketing providers, especially Squarespace Email Campaigns;

  • analytics providers, especially Squarespace Analytics;

  • tax, accounting and legal advisors, where applicable;

  • IT and security service providers;

  • public authorities, where required by law.

We only share personal data where there is a legal basis and where the sharing is necessary for the purposes described in this Privacy Policy.

22. International data transfers

Some of our service providers may process personal data outside the European Union or the European Economic Area, including in the United States.

Where personal data is transferred to countries outside the EU/EEA, we ensure that appropriate safeguards are in place as required by the GDPR.

These safeguards may include:

  • an adequacy decision by the European Commission;

  • Standard Contractual Clauses approved by the European Commission;

  • additional technical and organisational safeguards;

  • participation in an applicable data transfer framework, where available and legally valid.

23. Data retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods may include:

  • website server and security logs: usually for a limited period necessary for security and troubleshooting;

  • contact inquiries: for as long as needed to respond and manage the communication, and longer where required for legal claims;

  • order and customer service data: for as long as needed to process the order, handle returns, complaints and customer service, and comply with legal obligations;

  • invoices and accounting records: generally for the statutory retention periods under applicable German commercial and tax law, which may be 6, 8 or 10 years depending on the type of document;

  • consent records: for as long as necessary to document consent and comply with legal obligations;

  • marketing email data: until you unsubscribe or withdraw your consent, unless retention is required to document consent or suppression status.

When personal data is no longer required, we delete it or anonymise it, unless legal retention obligations prevent deletion.

24. Obligation to provide personal data

You are not legally required to provide personal data when simply visiting this website.

However, certain data is necessary if you want to place an order, receive delivery, contact us or subscribe to marketing emails.

If you do not provide the necessary order, payment or shipping information, we may not be able to process your order or deliver products to you.

25. Your rights

Under the GDPR, you have the following rights, subject to the legal requirements:

  • right of access;

  • right to rectification;

  • right to erasure;

  • right to restriction of processing;

  • right to data portability;

  • right to object to processing based on legitimate interests;

  • right to withdraw consent at any time;

  • right to lodge a complaint with a supervisory authority.

If you withdraw your consent, this does not affect the lawfulness of processing carried out before your withdrawal.

To exercise your rights, please contact us at:

hello@yoneritual.com

We may ask you to provide information necessary to verify your identity before responding to your request.

26. Right to object

Where we process personal data based on Art. 6(1)(f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time. If you object to direct marketing, we will no longer process your personal data for that purpose.

27. Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw your consent at any time.

You can withdraw cookie consent through our cookie settings, where available.

You can unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us directly.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

28. Complaint to a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

You may contact the supervisory authority in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement.

For Bavaria, Germany, the competent supervisory authority for private businesses is generally:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Germany

29. Data security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include secure website transmission, access restrictions, account protection, service provider due diligence and internal data minimisation practices.

Please note that no method of transmission over the internet or electronic storage is completely secure.

30. Children

Our website and products are not directed at children.

We do not knowingly collect personal data from children under the age of 16.

If you believe that a child has provided us with personal data, please contact us so we can review and delete the information where required.

31. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our website, shop, service providers, legal obligations or data processing practices.

The version published on this website is the current version.