LAKROMA
deenfrites

Privacy Policy

This is an informational English translation. The legally binding version is the German one (Impressum / Datenschutzerklärung / AGB / Widerrufsbelehrung).

Last updated: June 2026

1. Controller

The controller within the meaning of the GDPR is:

HLI GmbH & Co. KG
Hollefeldstraße 46
48282 Emsdetten
Deutschland
Phone: +49 (2572) 9673814
Email: info@anorok.com

2. General information

We process personal data only to the extent necessary to provide a functional website and our content and services, or where a legal basis permits. Legal bases are in particular Art. 6(1)(b) GDPR (performance of a contract), (c) (legal obligation) and (f) (legitimate interest).

3. Hosting (Cloudflare)

Our website is hosted and delivered via the content delivery network of Cloudflare, Inc. (USA). When the site is accessed, technically necessary data (IP address, date/time, page requested, data volume, browser type) is processed to provide the site securely and reliably. Legal basis: Art. 6(1)(f) GDPR. A data processing agreement under Art. 28 GDPR is in place; transfers to the USA are safeguarded by EU Standard Contractual Clauses / the EU-US Data Privacy Framework.

4. Analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics, which is cookieless and does not recognise individual visitors across devices or sites; no personal profiles are created. Only aggregated metrics are collected. Legal basis: Art. 6(1)(f) GDPR. As no cookies or similar technologies are used to access your device, no consent under § 25 TDDDG is required — and therefore no cookie banner.

5. Orders and payments (Stripe)

Payments are processed by Stripe Payments Europe, Ltd. (Dublin, Ireland), where applicable involving Stripe, Inc. (USA). To process your payment, the necessary data (name, email, billing/shipping address, payment data) is transmitted to Stripe. Payment details are entered on a Stripe-hosted page; we do not collect or store full payment data (e.g. card numbers). Legal basis: Art. 6(1)(b) GDPR. More: stripe.com/privacy.

6. Production and shipping (Gelato)

Our products are produced on demand and shipped by Gelato ASA (Oslo, Norway) and its global production partners. To fulfil your order we transmit the necessary data (name, shipping address, email, order contents) to Gelato and, where applicable, the production partner responsible for your region. This may involve a transfer to a third country, safeguarded by EU Standard Contractual Clauses. Legal basis: Art. 6(1)(b) GDPR.

7. Cookies

We do not set any analytics or marketing cookies on our website. Strictly necessary cookies may be set by Stripe on its own payment page during checkout. No cookie banner is therefore required.

8. Retention

We retain personal data only as long as necessary. Order-related data is retained for the statutory periods (in particular commercial and tax law, § 257 HGB, § 147 AO).

9. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may withdraw consent at any time with future effect and lodge a complaint with a supervisory authority (Art. 77 GDPR).

10. Security

We take appropriate technical and organisational measures to protect your data. This policy is updated when changes in processing or the legal framework require it.