1. Controller (Responsible Entity)

The controller within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is:

Beatrice Marx
32–66 High Street
E15 2NZ London
United Kingdom

Email: contact-sugarshop@proton.me

2. Scope of Application

This Privacy Policy applies to all users of the platform and explains how personal data is processed when using the website, in accordance with the GDPR and applicable EU data protection laws.

3. Data Collected

We process personal data only to the extent technically necessary for operating the platform. This may include:
✦ Registration data (email address, username, date of birth)
✦ Account, payment, and transaction data
✦ Communication data (support requests, dispute-related communication)
✦ Technical data that may be processed automatically, such as IP addresses, browser type, device information, and access times, only where required for security, abuse prevention, or system functionality
✦ The platform operator does not actively analyze IP addresses unless required for security or legal reasons.

4. Purpose of Data Processing

Personal data is processed for the following purposes:
✦ Operation and maintenance of the marketplace
✦ Verification of age eligibility (18+)
✦ Processing transactions and payments
✦ Fraud prevention, abuse prevention, and dispute handling
✦ Compliance with legal obligations

5. Legal Basis for Processing

Data processing is based on Art. 6 GDPR:
✦ Art. 6(1)(b) GDPR – performance of a contract
✦ Art. 6(1)(c) GDPR – compliance with legal obligations
✦ Art. 6(1)(f) GDPR – legitimate interests (security, platform integrity, user protection)

6. Age Verification & Truthfulness

✦ Use of the platform is restricted to individuals 18 years or older.
✦ Users must provide their true date of birth during registration.
✦ Providing false age information is strictly prohibited and may result in immediate account termination.
✦ The protection of minors has absolute priority. Suspected violations may be reported to relevant authorities.

7. Hosting & Third-Party Services

✦ The platform is operated using WordPress and hosted by a third-party hosting provider.
✦ Personal data may be processed by:
✦ Hosting providers (e.g. server logs, security)
✦ Marketplace software providers
✦ Payment service providers
✦ Security or fraud-prevention services
✦ All service providers process data only under contractual obligations and in compliance with GDPR.

8. Data Sharing

Personal data is not sold.
Data may be disclosed only:
✦ Where legally required
✦ To payment providers for transaction processing
✦ To authorities in cases of suspected illegal activity
✦ To protect users and platform integrity

9. Data Retention

Personal data is stored only as long as necessary to fulfill its purpose or comply with legal retention requirements.

10. User Rights

Users have the right to:
✦ Access (Art. 15 GDPR)
✦ Rectification (Art. 16 GDPR)
✦ Deletion (Art. 17 GDPR)
✦ Restriction of processing (Art. 18 GDPR)
✦ Data portability (Art. 20 GDPR)
✦ Objection (Art. 21 GDPR)
Requests can be sent to the contact email above.

11. Data Security

✦ Appropriate technical and organizational measures are implemented to protect personal data.
✦ Absolute security cannot be guaranteed.

12. Changes to This Privacy Policy

✦ This Privacy Policy may be updated at any time.
✦ The version published on the website applies.