Privacy Policy

Last updated: March 17, 2026

of matter (hereinafter “we”, “us”) operates this website and offers products via Instagram and online shop.

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Julie Siegemund Boratto
of matter
Plinganserstraße 57
81369 Munich
Germany
Email: hello@ofmatter.co

Please read this Privacy Policy carefully. By using our Services, you acknowledge the collection and use of your information as described below.

1. Personal Data We Process

We process personal data depending on how you interact with us:

Contact details (name, address, email, phone number)
Order and transaction dataPayment data (processed via payment providers)
Communication data (e.g. inquiries via email or Instagram)
Usage data (website visits, interactions)
Technical data (IP address, browser, device)

2. Legal Basis for Processing (Art. 6 GDPR)

In accordance with German and EU law, we process personal information only where permitted. The legal grounds are:

Performance of a contract (Art. 6(1)(b) GDPR): For processing orders, payments, deliveries, and returns.
Compliance with legal obligations (Art. 6(1)(c) GDPR): To meet German tax and commercial record-keeping requirements.
Legitimate interests (Art. 6(1)(f) GDPR): For ensuring the security and stability of our services, preventing fraud, and improving our website and processes.
Consent (Art. 6(1)(a) GDPR): For newsletter subscriptions, marketing communications, and non-essential cookies or tracking technologies.

3. How We Use Your Personal Information

We process your personal data for the following purposes:

Service Delivery: To fulfill our contractual obligations, process orders, manage your account, communicate with you, and arrange shipping and returns (Art. 6(1)(b) GDPR).
Marketing and Advertising: We use your data for promotional purposes only based on your explicit consent (Art. 6(1)(a) GDPR). For email marketing, we apply a double opt-in procedure. Registration and confirmation are logged to meet our legal obligation to provide proof of consent.
Security and Fraud Prevention: To ensure the security and stability of our services, authenticate accounts, and detect or prevent fraudulent or malicious activity (Art. 6(1)(f) GDPR).
Legal Reasons: To comply with applicable legal obligations, in particular German tax and commercial requirements, or to respond to lawful requests by authorities (Art. 6(1)(c) GDPR).

4. Newsletter

If you subscribe to our newsletter, we process your email address based on your consent (Art. 6(1)(a) GDPR).

We use a double opt-in procedure. Registration and confirmation are logged to meet our legal obligation to provide proof of consent.

For sending newsletters, we use Brevo (formerly Sendinblue), operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo processes personal data on our behalf. We have concluded a data processing agreement in accordance with Art. 28 GDPR.

Your data may be used to analyze newsletter performance (e.g. open rates, clicks) in order to improve our communication.

You can withdraw your consent at any time via the unsubscribe link in the newsletter or by contacting us directly.

5. Contact Requests

If you contact us (e.g. via email or Instagram), we process your data to handle your request (Art. 6(1)(b) or (f) GDPR).

6. Hosting and Website Operation

Our website is hosted by Shopify Inc., 151 O’Connor Street, Ottawa, ON K2P 2L8, Canada.

Shopify processes personal data on our behalf. We have concluded a data processing agreement in accordance with Art. 28 GDPR.

Further information: https://www.shopify.com/legal/privacy

7. Server Log Files

When you visit our website, the hosting provider automatically collects and stores information in server log files (e.g. IP address, browser type, operating system, referrer URL, and time of access).

This data is used to ensure the security and stability of the website and is not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR

8. Cookies and Tracking Technologies

We use cookies and similar technologies on our website.

Technically necessary cookies are used to ensure the proper functioning and security of the website (Art. 6(1)(f) GDPR in conjunction with §25(2) TDDDG)
Analytics and marketing cookies are only used with your prior consent (Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG)

We use a consent management tool to obtain and manage your cookie preferences. This may include tools for newsletter signup forms and marketing integrations.

You can withdraw or adjust your consent at any time via the cookie settings.

9. Disclosure of Personal Information

We disclose personal data to third parties only where necessary for the purposes described above:

Shopify: Our website is hosted by Shopify Inc., 151 O’Connor Street, Ottawa, ON K2P 2L8, Canada. Shopify processes personal data on our behalf. We have concluded a data processing agreement in accordance with Art. 28 GDPR. Further information: https://www.shopify.com/legal/privacy
Payment providers: We share data with payment providers such as PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg) to process payments (Art. 6(1)(b) GDPR). These providers may process data under their own privacy policies
Shipping partners: To deliver your orders