Privacy policy

Privacy Policy

Status: March, 2026

Thank you for your interest in our online store. The protection of your privacy is very important to us. Below we inform you in detail about the handling of your data.

1. Responsible Party

Responsible party / EU Representative:
maROCKn UG (haftungsbeschränkt)
Bellermannstr. 68, 13357 Berlin, GERMANY

on behalf of: AMUSE INC. 5-4-31 Minami-Aoyama, Minato-ku, Tokyo, Japan

E-mail: info@flow-merch.eu

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services and within our online offer and the websites, functions and content associated with it.

2. Access Data

How do we collect your data?
In order to fulfill the contract (Art. 6 para. 1 lit. b GDPR), we collect personal data that you provide to us as part of an order or by e-mail, such as name, address, e-mail, telephone number, and payment data. Other data is automatically collected by our IT systems when you visit the website (e.g., internet browser, time of page view, IP address).

What do we use your data for?
To provide our website, to fulfill contracts for orders, for payment and shipping processing, for analysis purposes, and for the security and optimization of our offer.

3. Data Processing for Contract Handling and Contact

We collect personal data if you voluntarily provide it to us as part of your order or when you contact us (e.g., via contact form or e-mail). Mandatory fields are marked as such, as we need this data to process the contract or your inquiry.

After completion of the contract, your data will be restricted for further processing and deleted after expiry of any retention periods under tax and commercial law (Art. 6 para. 1 sentence 1 lit. c GDPR), unless you have expressly consented to further use (Art. 6 para. 1 sentence 1 lit. a GDPR).

4. Data Processing for Shipping

Shipping is carried out by DHL Paket GmbH. In order to fulfill the contract, we pass on the data required for delivery (name, address) to DHL in accordance with Art. 6 Para. 1 lit. b GDPR.

5. Data Processing for Payments

Payment processing is carried out via Shopify Payments (Stripe). Integrated services include:

  • Shop Pay

  • Credit Card (Visa, Mastercard, AmEx, Maestro)

  • Apple Pay

Depending on the payment method, we pass on the necessary data to payment service providers (Art. 6 para. 1 lit. b GDPR). In some cases, data is collected directly by the providers; please refer to their respective privacy policies.

6. Advertising by E-mail

6.1 E-mail Newsletter with Registration
If you subscribe to our newsletter, it will be sent based on your express consent (Art. 6 para. 1 lit. a GDPR) via Shopify Email. You can unsubscribe at any time via the link in the newsletter or by contacting us.

6.2 Newsletter Dispatch
The provider processes your data only for the purpose of sending newsletters on our behalf in accordance with Art. 28 GDPR.

7. Cookies and Other Technologies

Our website uses cookies for functionality (e.g., shopping cart) and analysis.

  • Technically necessary cookies: Based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).

  • Analytical/Tracking cookies: Only with your express consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG).

  • More Info: https://www.shopify.com/legal/cookies

7.1 Analysis and Tracking
We use Shopify Analytics for statistical analysis. This is done anonymously based on Art. 6 para. 1 lit. f GDPR.

7.2 Use of Fonts
This website uses Google Fonts (Questrial) and standard Shopify fonts. When visiting, your browser may load fonts directly from Google’s servers (Google Ireland Limited, Dublin 4, Ireland), transmitting your IP address. This is based on our legitimate interest in a consistent design (Art. 6 para. 1 lit. f GDPR).

7.3 Social Media Links
We provide links to our profiles on Instagram (Meta) and X (formerly Twitter). These are simple buttons; no personal data is transmitted solely by visiting our site. Data processing only begins if you click and are redirected to the external platform.

7.4 Embedded Spotify Content
We may embed Spotify content (Spotify AB, Stockholm, Sweden). Your browser connects to Spotify's servers, which may process your IP and usage data.

8. Storage Duration

We store personal data only as long as necessary for the respective processing purposes or as required by statutory retention periods.

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure / "Right to be forgotten" (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent (Art. 7 para. 3)

  • Right to lodge a complaint with a supervisory authority (Art. 77)