Privacy Policy
Coral Penguin — Etsy Shop
https://www.etsy.com/shop/TheCoralPenguin
Effective date: 2026-03-12
1. Introduction
This privacy policy explains how Coral Penguin (“we,” “our,” or “us”) collects, uses, and protects the personal information of customers (“you” or “your”) who purchase items from our Etsy shop, TheCoralPenguin. We are committed to protecting your privacy and handling your data responsibly in accordance with the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and other applicable data protection laws.
Coral Penguin is based in Hamburg, Germany, and sells digital products worldwide, including to buyers in the European Union, the European Economic Area, and the United Kingdom. If you purchase from our shop or contact us regarding a potential purchase, this policy applies to you.
2. Data Controller
The data controller responsible for your personal information is:
Coral Penguin
Broer Kalow
Osterstrasse 86
20259 Hamburg, Germany
Email: hello@coralpenguin.com
If you have any questions or concerns about your personal data or this privacy policy, please contact us at the email address above.
3. What Personal Information We Collect
When you place an order or contact us through Etsy, we may receive and process the following personal information:
Name — to identify you as a customer and address you in communications.
Email address — to communicate with you about your order and respond to your enquiries.
Postal/shipping address — provided by Etsy as part of the order record, though our products are digital downloads and do not require physical shipping.
Etsy username and profile information — visible through the Etsy platform when you interact with our shop.
Transaction details — including the items you purchased, the date and time of purchase, and the transaction amount.
Messages and communications — any information you voluntarily provide when contacting us through Etsy’s messaging system.
We do not collect or have access to your payment or financial information. All payment processing is handled exclusively by Etsy Payments.
4. Why and How We Use Your Information
We collect, use, and process your personal information only for the following purposes and on the following legal bases under Article 6 GDPR:
4.1 Performance of a Contract (Art. 6(1)(b) GDPR)
To fulfil your order and deliver digital products to you.
To communicate with you about your purchase, including order confirmations and download instructions.
To provide customer support and respond to your enquiries.
To process returns, refunds, or resolve disputes related to your purchases.
4.2 Legal Obligation (Art. 6(1)(c) GDPR)
To comply with applicable tax, accounting, and legal obligations, including German tax law (Abgabenordnung).
To respond to lawful requests by public authorities or court orders.
4.3 Legitimate Interest (Art. 6(1)(f) GDPR)
To improve and develop our products and shop experience.
To comply with the Etsy Seller Policy and Etsy Terms of Use.
To prevent fraud and protect the security of our shop.
4.4 Consent (Art. 6(1)(a) GDPR)
If we introduce optional services such as a mailing list or newsletter in the future, we will only contact you for marketing purposes with your prior express consent. You may withdraw your consent at any time by contacting us at hello@coralpenguin.com or using any unsubscribe mechanism provided.
5. Information Sharing and Disclosure
Protecting your personal information is important to us. We share your data only in the following limited circumstances:
Etsy. We share information with Etsy as necessary to provide our services and comply with our obligations under the Etsy Seller Policy and Etsy Terms of Use. Etsy acts as an independent data controller. For details on how Etsy processes your data, please see Etsy’s Privacy Policy at etsy.com/legal/privacy.
Service providers. We may engage trusted third-party service providers to assist with specific functions related to our shop (for example, print-on-demand fulfilment services). We will only share personal information with these providers to the extent strictly necessary for them to perform their services, and they are contractually obligated to protect your data.
Legal requirements. We may disclose your information if we have a good-faith belief that it is reasonably necessary to: (a) respond to legal process or government requests; (b) enforce our policies and agreements; (c) prevent, investigate, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of our customers or others.
Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law, and with appropriate safeguards in place.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. International Data Transfers
As our shop operates on the Etsy platform, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where Etsy is headquartered. Etsy has implemented appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission. For more information, please refer to Etsy’s Privacy Policy.
We will ensure that any transfer of personal data outside the EEA by us is carried out in compliance with applicable data protection legislation, using appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to comply with our legal, tax, and accounting obligations.
Order and transaction data: retained for a minimum of 10 years as required by German commercial and tax law (§ 147 Abgabenordnung, § 257 Handelsgesetzbuch).
Customer communications: retained for the duration necessary to resolve any issues related to your order, and then deleted or anonymised within 12 months after the last interaction, unless longer retention is required by law.
Marketing consent records: if applicable in the future, retained for as long as the consent is active plus a reasonable period thereafter to demonstrate compliance.
Once the applicable retention period expires, your personal data will be securely deleted or anonymised.
8. Your Rights Under the GDPR
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent legislation:
Right of access (Art. 15 GDPR) — You have the right to request a copy of the personal data we hold about you.
Right to rectification (Art. 16 GDPR) — You have the right to request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17 GDPR) — You have the right to request deletion of your personal data, subject to legal retention obligations.
Right to restriction of processing (Art. 18 GDPR) — You have the right to request that we restrict the processing of your data in certain circumstances.
Right to data portability (Art. 20 GDPR) — You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR) — You have the right to object to the processing of your personal data based on legitimate interests.
Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@coralpenguin.com. We will respond to your request within one month, as required by law. If your request is complex, we may extend this period by up to two additional months and will inform you accordingly.
You also have the right to lodge a complaint with your local data protection supervisory authority. For Germany, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection) in the Free Hanseatic City of Bremen.
For personal data held directly by Etsy, you may also exercise your rights through your Etsy account privacy settings or by contacting Etsy directly at etsy.com/help.
9. Data Security
We take the security of your personal data seriously. Our technical and organisational measures include:
Processing customer data only through Etsy’s secured platform, which provides encrypted communications and secure data storage.
Limiting access to personal data to only those individuals who need it to fulfil orders and provide customer support.
Not storing payment or financial data — all payments are handled by Etsy Payments.
Using security-hardened infrastructure for any data processing that occurs outside of the Etsy platform.
Regularly reviewing and updating our security practices.
10. Children’s Privacy
While some of our products are designed for children (under the brand “Little Coral Penguin”), our Etsy shop is directed at adult purchasers, not at children. We do not knowingly collect personal information from anyone under the age of 16. All purchases must be made by an adult. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete it promptly.
11. Cookies and Tracking Technologies
Our Etsy shop operates on the Etsy platform. Any cookies or similar tracking technologies used when you visit our shop are set and managed by Etsy. We do not independently set cookies or use tracking technologies. For information about how Etsy uses cookies, please refer to Etsy’s Cookies & Similar Technologies Policy.
12. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will update the “Effective date” at the top of this policy and, where practicable, notify you through our Etsy shop. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:
Coral Penguin
Email: hello@coralpenguin.com
For requests related to data held by Etsy directly, please contact Etsy through etsy.com/help or use your Etsy account privacy settings.
This privacy policy was last updated on 2026-03-12.
