petite-moment

Privacy policy

Last updated: April 21, 2026

This English version is provided for convenience only. The German version is legally binding.

1. Controller

The controller within the meaning of the GDPR and other national data protection laws is:

UMOI GmbH
Seefelder Straße 4
81377 Munich
Germany
Email: love@petite-moment.com

Represented by managing director Daniel Woyteczek.

2. Hosting and provision of the website

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. When you visit our website, the following data is automatically recorded in server logs: IP address, date and time of access, amount of data transferred, referrer URL, user agent. This data is technically necessary and is automatically deleted after a short time.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in stable and secure operation).

We have a data processing agreement (DPA) with Vercel pursuant to Art. 28 GDPR, as well as the EU Standard Contractual Clauses for data transfers to the USA.

3. Registration and user account

When you create an account, we process your email address and your encrypted (hashed) password. The data is stored at Supabase Inc. (servers in the EU).

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract).

Storage period: until you delete your account. You can request deletion of your account at any time by emailing love@petite-moment.com.

4. Orders and payment processing

For each order, we process:

  • your email address (for order confirmation and contact)
  • for physical products: name and shipping address (for delivery)
  • contents of your order including poster configuration (for production and delivery)

Payment processing is handled exclusively through Stripe Payments Europe Ltd. (Dublin, Ireland). Card details and bank information are collected directly by Stripe and are never known to us. Stripe is PCI-DSS certified. Stripe's privacy policy: stripe.com/privacy.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract) and Art. 6 (1) lit. c GDPR (statutory tax and commercial retention obligations).

Storage period: order data is retained according to statutory retention periods (6 or 10 years under the German Tax Code (AO) and Commercial Code (HGB)).

5. Email communication

For sending transactional emails (order confirmation, shipping notification) we use Resend (Inbound Technology Inc.), USA. Your email address and the email content are transmitted to Resend.

We have a data processing agreement with Resend, as well as the EU Standard Contractual Clauses for data transfers to the USA. Privacy policy: resend.com/legal/privacy-policy.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract).

6. Map and location data

For displaying map sections and location search we use the service MapTiler AG, Baarerstrasse 10, 6300 Zug, Switzerland. When a map is loaded, your IP address and any search queries are transmitted to MapTiler.

Switzerland has an EU adequacy decision (Art. 45 GDPR).

MapTiler privacy policy: maptiler.com/privacy-policy.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract) and Art. 6 (1) lit. f GDPR (legitimate interest in functional map display).

7. Content management

Our editorial content (blog, FAQ, About) is managed with Sanity.io (Sanity AS, Rosenkrantzgaten 11, 0159 Oslo, Norway). When visiting our content pages, technical request data is transmitted to Sanity. Norway has an EU adequacy decision.

Sanity privacy policy: sanity.io/legal/privacy.

8. Cookies and local storage

Strictly necessary cookies and local storage (sign-in, cart, poster drafts) are always used. Analytics and marketing cookies are only loaded after your explicit consent via our cookie banner. You can revoke your consent at any time via the "Cookie settings" link in the footer. Details are provided in our Cookie policy.

Legal basis for necessary cookies: § 25 (2) No. 2 TTDSG and Art. 6 (1) lit. f GDPR. Legal basis for analytics and marketing cookies: § 25 (1) TTDSG and Art. 6 (1) lit. a GDPR (consent).

9. Google Tag Manager

We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Tag Manager itself does not collect personal data; it serves only to manage the analytics and marketing tags we use. It only loads them if you have consented accordingly.

10. Google Analytics 4

With your consent we use Google Analytics 4 (Google Ireland Limited) to statistically analyse the use of our website. Pseudonymised usage data (e.g. pages visited, clicks, device information) is processed. IP addresses are truncated by Google before storage.

Google may also transfer the data to the USA. EU Standard Contractual Clauses pursuant to Art. 46 GDPR are in place.

Legal basis: Art. 6 (1) lit. a GDPR (consent), § 25 (1) TTDSG.

Storage period: maximum 14 months. Privacy policy: policies.google.com/privacy. You can revoke consent at any time via the cookie banner.

11. Your rights

You have the right at any time to:

  • access the data stored about you (Art. 15 GDPR)
  • correct inaccurate data (Art. 16 GDPR)
  • delete your data (Art. 17 GDPR), unless statutory retention obligations prevent this
  • restrict processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)

For all enquiries please email us at love@petite-moment.com.

12. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

13. No automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

14. Updates to this policy

We reserve the right to amend this privacy policy to reflect changes in the legal situation or in our services. The current version is always available on this page.