My Clarinet Stuff

Data Protection

Last Updated: June 2026
Privacy Policy

Data Protection

This policy explains what personal data we collect when you visit myclarinetstuff.com, how we use it, and your rights. We are committed to handling your data responsibly and transparently.

Data Controller
Gleichweit USA LLC214 Market St, APT 404 · Brighton, MA 02135 · United States
Contact: myclarinetstuff@gmail.com
1
What Data We Collect

We collect personal data in two ways:

Data You Provide

Name, email address, shipping address, and payment details when you place an order. Email address when you subscribe to our newsletter. Message content when you use our contact form.

Data Collected Automatically

Technical data when you visit the website: browser type and version, operating system, referring URL, IP address, and time of access. This is logged by our server and the third-party services described in Section 6.

2
How We Use Your Data
  • Order fulfillment: Processing and shipping your orders; passing necessary data to shipping carriers.
  • Payment processing: Transmitting payment data to our payment service providers.
  • Customer communication: Responding to inquiries submitted via the contact form or email.
  • Newsletter: Sending marketing emails to subscribers (with your consent).
  • Website improvement: Analyzing server logs and usage analytics to maintain and improve the site.
  • Spam prevention: Using Cloudflare Turnstile to verify that form submissions are from humans.

Order data is retained as long as required by applicable tax and commercial law. Contact form data is deleted once your inquiry is resolved. If you request deletion or revoke consent, your data will be erased unless a legal retention obligation applies.

3
Legal Bases for Data Processing

Where applicable, we process your personal data under the following legal bases:

  • Art. 6(1)(a) GDPR — Consent: Newsletter subscriptions, marketing cookies, Facebook/Meta Pixel.
  • Art. 6(1)(b) GDPR — Contract performance: Order processing, payment, and shipping.
  • Art. 6(1)(c) GDPR — Legal obligation: Tax and commercial record-keeping requirements.
  • Art. 6(1)(f) GDPR — Legitimate interest: Server logs, contact form processing, spam prevention, and website security.

Consent can be revoked at any time with future effect. Revocation does not affect the lawfulness of processing prior to revocation.

4
Your Rights

Depending on your location, you may have the following rights regarding your personal data:

AccessRequest a copy of the data we hold about you, free of charge.
CorrectionRequest correction of inaccurate or incomplete data.
DeletionRequest erasure where no legal obligation to retain your data exists.
RestrictionRequest that we limit processing of your data in certain circumstances.
PortabilityReceive your data in a machine-readable format or have it transferred to another controller.
ObjectionObject to processing based on legitimate interest, or to direct marketing at any time.

EU/EEA residents have the right to lodge a complaint with their national supervisory authority. To exercise any of these rights, contact us at myclarinetstuff@gmail.com.

Right to Object to Direct Marketing: If we process your data for direct marketing, you may object at any time. Your data will then no longer be used for that purpose (Art. 21(2) GDPR).
5
Cookies, Security & Server Logs
Cookies

Our website uses cookies — small text files stored on your device. Session cookies are deleted after your visit; persistent cookies remain until deleted or expired. Cookies enable the shopping cart, account login, and analytics. You can manage cookies in your browser settings; disabling certain cookies may limit functionality. We use a cookie consent manager to request your consent before setting non-essential cookies.

SSL / TLS Encryption

All data transmitted to this website is protected by SSL/TLS encryption. Look for “https://” and the lock icon in your browser. Payment transactions are always encrypted.

Server Log Files

Our server automatically records: browser type/version, operating system, referring URL, hostname, request timestamp, and IP address. This data is not linked to individuals and is used solely for technical operation and optimization of the website (Art. 6(1)(f) GDPR).

6
Third-Party Services
YouTube (Enhanced Privacy Mode)

We embed YouTube videos on this site. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Enhanced privacy mode limits data collection until you play a video. When you do, YouTube receives your IP address and browser data. If logged into a Google account, viewing behavior may link to your profile. Legal basis: Art. 6(1)(f) GDPR. Privacy policy: policies.google.com/privacy

Google Web Fonts

We use Google Fonts for consistent typography. When a page loads, your browser connects to Google’s servers to fetch the fonts, sharing your IP address. Legal basis: Art. 6(1)(f) GDPR. More info: developers.google.com/fonts/faq. Privacy policy: policies.google.com/privacy

Adobe Fonts

Some pages use Adobe Fonts for typography. Provider: Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110, USA. Your browser connects to Adobe’s servers when loading a page, sharing your IP address. Adobe states no cookies are set during font delivery. Legal basis: Art. 6(1)(f) GDPR. Privacy policy: adobe.com/privacy/policy.html

Facebook / Meta Pixel

We use the Meta Pixel for conversion tracking. Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The pixel tracks visitor actions (e.g., page views, purchases) and may link them to a Facebook/Instagram profile for ad targeting purposes. We and Meta are joint data controllers for this collection (Art. 26 GDPR). Joint controller agreement: facebook.com/legal/controller_addendum. Data may be transferred to the USA under standard contractual clauses: facebook.com/legal/EU_data_transfer_addendum. Legal basis: Art. 6(1)(a) GDPR (consent). Opt out at: facebook.com/ads/preferences. Meta privacy policy: facebook.com/about/privacy

Cloudflare Turnstile (Spam Protection)

We use Cloudflare Turnstile to protect contact forms from automated spam. Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Turnstile analyzes browser signals to verify human visitors without invasive tracking or ad-based cookies. Legal basis: Art. 6(1)(f) GDPR. Privacy policy: cloudflare.com/privacypolicy

Mailchimp (Newsletter)

We use Mailchimp to send newsletters. Provider: The Rocket Science Group LLC (Mailchimp), 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA. When you subscribe, your email address is transmitted to Mailchimp’s servers in the USA. Legal basis: Art. 6(1)(a) GDPR (consent). You may unsubscribe at any time via the link in any email. Privacy policy: mailchimp.com/legal/privacy

Google Site Kit / Analytics

We use Google Site Kit to connect Google Analytics and Search Console for performance monitoring. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Anonymized usage data may be stored on Google’s servers including servers in the USA. Legal basis: Art. 6(1)(f) GDPR. Privacy policy: policies.google.com/privacy

7
Payment Processors

When you place an order, your payment data is processed by one of the following providers. We share only the data necessary for the transaction. Legal basis: Art. 6(1)(b) GDPR.

PayPal

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy policy: paypal.com/us/legalhub/privacy-full

Stripe

Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data transfers to the USA are covered by standard contractual clauses. Privacy policy: stripe.com/privacy

Apple Pay & Google Pay

Available via WooPayments. Apple Pay: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA — apple.com/legal/privacy. Google Pay: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — policies.google.com/privacy

Visa & Mastercard

Visa: Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, UK. Privacy: visa.com/legal/global-privacy-notice.html. Mastercard: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. Privacy: mastercard.us. Data transfers to the USA use Mastercard’s Binding Corporate Rules.

8
International Data Transfers

Gleichweit USA LLC is based in the United States. Several third-party services we use (Meta, Google, Mailchimp, Cloudflare, Stripe, PayPal) also process data in the USA and other countries. When personal data is transferred outside the European Economic Area (EEA), we rely on the EU Commission’s Standard Contractual Clauses or equivalent safeguards to ensure adequate protection.

Note for EU/EEA Visitors: Data transferred to US-based services may be subject to access by US authorities under US law. We use providers that have adopted Standard Contractual Clauses to mitigate this risk, but complete equivalence with EU data protection standards cannot be guaranteed.

Questions or Requests?

For data protection questions, access requests, or to exercise your rights, contact us at:

myclarinetstuff@gmail.com

Gleichweit USA LLC · 214 Market St, APT 404 · Brighton, MA 02135