Privacy policy

MAGATA'S PRIVACY POLICY.

Last updated 2 March 2026

This Privacy Policy describes how MAGATA (“MAGATA”, “we”, “us”, “our”) collects, uses and shares personal data when you visit or make a purchase from www.magata.world (the “Site”), and when you interact with our communications and advertising (for example our newsletter and Meta / Instagram ads).

1. Controller and Contact

The controller responsible for your personal data is:

Marina Raffaelli – MAGATA
Petersburger Str. 28
10249 Berlin – Germany
Email: hello@magata.world

If you have any questions about this Privacy Policy or about how we process your personal data, please contact us at the email address above.

2. What Personal Data We Collect

“Personal data” means any information relating to an identified or identifiable natural person.

We collect the following categories of data:

2.1 Device and Usage Data

When you visit the Site, we automatically collect certain technical information:

  • IP address
  • Browser type and version
  • Operating system, device type and screen resolution
  • Time zone setting, language settings
  • URLs visited, products viewed, search terms, referring pages
  • Date and time of access, interaction with pages and elements

Purpose:
To load the Site correctly, maintain security, prevent fraud, and analyse how visitors use the Site so we can improve it.

Source:
Automatically collected through cookies, log files, web beacons, tags and pixels.

Example recipients:
Our ecommerce provider Shopify, analytics providers (e.g. Google Analytics), advertising partners (e.g. Meta).

2.2 Order and Account Data

When you place an order or create an account, we collect:

  • First and last name
  • Billing and shipping address
  • Email address
  • Phone number (if provided)
  • Products ordered, order history, returns
  • Payment-related information (processed by payment providers; we do not store full card details on our servers)

Purpose:
To process and fulfil your order, manage payments and refunds, deliver products, provide invoices and order confirmations, prevent fraud, and manage your customer account.

Source:
Provided by you when you order or create an account.

Example recipients:
Shopify, payment service providers, shipping and logistics partners, accounting tools.

2.3 Communication and Support Data

When you contact us (e.g. via email, contact form, social media, or for returns/changes), we process:

  • Identity and contact data (as above)
  • Content of your message and our correspondence
  • Any additional information you voluntarily provide

Purpose:
To respond to your enquiries, provide customer support, handle returns and complaints, improve our service and document communication where legally required.

Source:
Provided by you.

2.4 Newsletter and Marketing Data

When you subscribe to our newsletter Field Notes or marketing updates:

  • Email address
  • Name or alias (if provided)
  • Language or region (if provided or inferred)
  • Newsletter engagement data (opens, clicks, unsubscribes)
  • Preferences you choose to share

Purpose:
To send you editorial notes, updates about our studio, launches, special offers and information about products and services you may find interesting; to analyse engagement and improve our communication.

Source:
Provided by you when you subscribe, and generated by your interaction with our emails.

Example recipients:
Our email service provider (newsletter platform) and advertising partners (Meta, if you consent to custom audiences – see Section 5).

3. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we rely on the following legal bases:

  • Performance of a contract – to process and deliver your orders, manage your customer account (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations – for tax, accounting and regulatory requirements (Art. 6(1)(c) GDPR).
  • Legitimate interests – to maintain and improve our Site, prevent fraud and abuse, understand how customers use our products, and defend legal claims (Art. 6(1)(f) GDPR). We always balance these interests with your rights and freedoms.
  • Consent – for sending newsletters to non-customers, placing non-essential cookies (including advertising and tracking pixels) and using your data for certain forms of personalised advertising and Meta Custom Audiences (Art. 6(1)(a) GDPR). You can withdraw consent at any time.

4. Cookies and Similar Technologies

We use cookies and similar technologies (such as pixels and tags) on the Site. Cookies are small text files stored on your device.

We use:

  • Strictly necessary cookies – required for the operation of the Site (shopping cart, checkout, login).
  • Analytics and performance cookies – to understand how the Site is used and improve it (e.g. Google Analytics, Shopify analytics).
  • Advertising and social media cookies – including Meta Pixel and similar tools, to show you relevant ads on Meta services (Facebook, Instagram) and to measure campaign performance.

You can find detailed information about the cookies we use and manage your preferences via our cookie banner and in our Cookie Policy at:
www.magata.world/pages/cookie-policy

You can also adjust your browser settings to block cookies, but this may affect the functionality of the Site (for example, the shopping cart may not work properly).

5. Use of Meta Pixel and Meta Custom Audiences

We use tools provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and, where applicable, its parent company Meta Platforms, Inc. (USA) to deliver and measure advertising on Instagram, Facebook and other Meta services.

5.1 Meta Pixel (Website Behaviour Tracking)

On our Site we use the Meta Pixel (also called Facebook Pixel). When you consent to marketing cookies, this technology:

  • tracks your activity on our Site (e.g. pages visited, products viewed, items added to cart, purchases),
  • sends this information to Meta (along with technical data such as your IP address, device and browser),
  • allows us to measure the performance of our ads (e.g. conversions),
  • allows Meta to show you more relevant ads (“behavioural advertising”) if you have an account with Meta services and are logged in or can be recognised.

Legal basis: your consent (Art. 6(1)(a) GDPR) via the cookie banner.

How to revoke: you can withdraw consent at any time via our cookie settings on the Site, and you can manage your ad preferences directly in your Meta account:
https://www.facebook.com/settings/?tab=ads

Meta processes this data under its own responsibility. You can find more information in Meta’s Data Policy:
https://www.facebook.com/privacy/policy

5.2 Newsletter-Based Meta Custom Audiences

If you explicitly agree, we may use Meta Custom Audiences based on our newsletter list.

This means:

  • We provide Meta with hashed identifiers such as your email address (encrypted before transmission).
  • Meta compares this with existing users of its services to create an audience of people who may see our ads on Facebook or Instagram.
  • We may also use this to exclude current customers or subscribers from certain campaigns (for example, so we do not show “sign up” ads to people already on the list).

Legal basis:

  • Your explicit consent to use your email for this purpose (Art. 6(1)(a) GDPR).
  • If you are an existing customer, in limited cases our legitimate interest in targeted communication (Art. 6(1)(f) GDPR), where allowed by law and only where your interests do not override ours.

You can:

We do not gain access to individual Meta profiles or your private activity on Meta services. We only see aggregated campaign reports (e.g. how many people viewed or clicked).

6. Other Analytics and Advertising Partners

We may use other analytics and advertising services, such as:

You can also opt out of some interest-based advertising via:

7. How We Use Your Personal Data

We use your personal data to:

  • operate and secure the Site;
  • process and deliver your orders (including payment and shipping);
  • manage your customer account;
  • communicate with you about orders, returns, and support requests;
  • send you newsletters and marketing communications (where permitted);
  • show you relevant advertising and measure the effectiveness of our campaigns;
  • comply with legal and tax obligations;
  • prevent fraud and misuse of our services;
  • improve our products, services and user experience.

We do not sell your personal data.

8. Sharing Your Personal Data

We share your personal data only where necessary and on the basis of data processing agreements where required. Typical recipients include:

  • Shopify (Shopify International Ltd., Ireland / Shopify Inc., Canada) – store platform, hosting, checkout, analytics. Shopify’s privacy notice: https://www.shopify.com/legal/privacy
  • Payment providers – to process payments (e.g. credit card providers, PayPal or similar).
  • Shipping and logistics partners – to deliver your order and handle returns.
  • Email and newsletter providers – to send transactional emails and our newsletter.
  • IT and hosting providers – who operate systems and infrastructure for us.
  • Analytics and advertising providers – such as Google, Meta and others as described above.
  • Professional advisors – such as tax advisors or lawyers where necessary.
  • Authorities and regulators – where we are legally obliged to disclose data (e.g. tax offices, courts).

We require all service providers who process personal data on our behalf to handle it securely and in accordance with applicable data protection law.

In the event of a sale, merger or reorganisation of our business, your personal data may be transferred to the new owner and processed under this Privacy Policy.

9. International Data Transfers

Some of our service providers (including Shopify, Meta, Google and others) are located outside the European Economic Area (EEA), particularly in the United States and Canada.

Where personal data is transferred outside the EEA/UK, we ensure an appropriate level of protection by:

  • relying on adequacy decisions by the European Commission where available (e.g. EU–US Data Privacy Framework), and/or
  • using Standard Contractual Clauses (SCCs) approved by the European Commission and UK authorities, and/or
  • implementing additional safeguards where necessary.

You can contact us if you would like more information about international data transfers and the safeguards we use.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

In particular:

  • Order and accounting data: generally kept for at least six (6) years to comply with tax and commercial laws.
  • Newsletter data: kept until you unsubscribe or withdraw your consent, unless longer retention is required by law.
  • Support and communication data: kept as long as needed to handle your request and for documentation of our communication where legally required.
  • Technical and analytics data: retention periods vary according to cookie and tool settings (usually between a few months and a few years). See our Cookie Policy for details.

When data is no longer needed, we delete it or anonymise it so that you can no longer be identified.

11. Your Rights (GDPR / UK GDPR)

If you are in the EEA or UK, you have the following rights regarding your personal data:

  • Right of access – to obtain confirmation whether we process your data and receive a copy.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure – to ask us to delete your data, where we have no overriding legal grounds to continue processing.
  • Right to restriction of processing – to request limitation of processing in certain cases.
  • Right to data portability – to receive data you provided to us in a structured, commonly used and machine-readable format, or ask us to transmit it to another controller.
  • Right to object – to object at any time to processing based on our legitimate interests, and to direct marketing (including profiling for such marketing).
  • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time with effect for the future.

To exercise your rights, contact us at hello@magata.world. We may need to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with your local data protection authority. In Germany, this is typically the data protection authority of your federal state. An overview is available via the European Consumer Centre:
https://www.evz.de/en/questions-and-complaints.html

12. Minors

Our Site and products are not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, services or legal requirements.

The latest version is always available at:
www.magata.world/pages/privacy-policy

We indicate the date of the last update at the top of this page.