Privacy Policy

Last revised March 6, 2026

salll (“we,” “us,” or “our”) operates the website latexballerina.com (the “Site”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site, in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the German Federal Data Protection Act (“BDSG”), the Telecommunications Digital Services Data Protection Act (“TDDDG,” formerly TTDSG), the Digital Services Act (Regulation (EU) 2022/2065, “DSA”), and other applicable laws.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, email, IP address).
  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
  • Data Controller: The entity that determines the purposes and means of Processing.
  • Data Subject: An individual whose Personal Data is processed.
  • Processor: A third party processing Personal Data on behalf of the Controller.
  • Terminal Equipment: Any device used to access the Site, including computers, smartphones, tablets, and other connected devices, as referenced in Section 25 TDDDG.

2. Data Controller

salll Bonner Strasse 327 50825 Cologne, Germany Phone: +49 170 6927511 Email: [email protected]

3. Categories of Data We Collect

Information You Provide

  • Registration data: name, email address, password.
  • Profile details: username, avatar, preferences.
  • Tax-related data: city/postal code (Postleitzahl) and country of residence (required from all users for VAT determination purposes).
  • Communications: inquiries, support requests, feedback, and reviews.

Additional Data for Physical Goods and Print Subscriptions

  • Full billing and shipping address: required only when you purchase physical goods through the Shop or subscribe to a plan that includes a physical print delivery. This data is not collected for digital-only subscriptions (Basic, Premium, Journal, Journal Plus).

Usage Data

  • Server logs: IP address, browser type/version, operating system, referrer URL, pages visited, date/time, and other diagnostic data.

Transactional Data (if you purchase goods or subscriptions)

  • Payment information processed by third-party gateways (PayPal or Stripe), or via direct bank transfer to salll as a one-time, non-recurring transaction. Order history and invoices.

Cookies & Tracking Technologies

  • Internal cookies and Cloudflare cookies used to maintain your session, remember preferences, and secure the Site. We do not use Google Analytics, Matomo, or any other external analytics or tracking service.

4. Legal Bases for Processing

  • Consent (Art. 6(1)(a) GDPR): When you opt in to newsletters or marketing communications.
  • Performance of a Contract (Art. 6(1)(b) GDPR): To register your account, process orders, or provide subscriptions.
  • Legal Obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, or other statutory requirements, including the collection of your postal code and country for VAT calculation.
  • Legitimate Interests (Art. 6(1)(f) GDPR): To improve our Site, prevent fraud, and ensure security, provided we balance your rights and interests.

5. How We Use Your Data

  • To Provide & Maintain Services: Account management, content delivery (including Journal, Journal Plus, Basic, and Premium subscription content), and customer support.
  • To Process Transactions: Handle Shop purchases, subscriptions, and payment processing via PayPal, Stripe, or direct bank transfer.
  • To Calculate Applicable Taxes: Determine the correct VAT rate based on your postal code and country. For EU customers, you are responsible for providing accurate location data; incorrect information that leads to incorrect tax calculations is your liability.
  • To Communicate: Respond to inquiries, send service-related notices.
  • To Send Marketing: Only with your consent; you may receive newsletters or promotional offers — opt out at any time.
  • To Secure the Site: Security monitoring and fraud detection.

6. Cookies and Similar Technologies

6.1 Legal Framework

The use of cookies on the Site is governed by Section 25 of the Telecommunications Digital Services Data Protection Act (TDDDG), which implements Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC) into German law.

6.2 Cookies We Use

The Site uses only strictly necessary cookies. We do not use Google Analytics, Matomo, or any other external analytics or tracking service. We do not set marketing, advertising, or profiling cookies.

The cookies active on the Site fall into two categories:

  • Internal (first-party) cookies: Used for session management, user authentication, shopping cart functionality, and remembering your preferences. These are essential for the Site to function and do not require your consent under Section 25(2) TDDDG.
  • Cloudflare cookies: Set by our content delivery and security provider, Cloudflare, Inc. These cookies are strictly necessary for DDoS protection, bot mitigation, and secure delivery of Site content. They do not track your behavior across other websites and do not require your consent under Section 25(2) TDDDG.

Because the Site uses only strictly necessary cookies, no cookie consent banner is required. No data from cookies is shared with third parties for advertising or analytics purposes.

6.3 Managing Cookies

You can control or delete cookies through your browser settings at any time. Disabling strictly necessary cookies may prevent parts of the Site from functioning correctly.

6.4 Consent Management Ordinance (EinwV)

The German Consent Management Ordinance (Einwilligungsverwaltungsverordnung, EinwV), which entered into force on April 1, 2025, establishes a framework for recognized consent management services. Because the Site does not set any cookies that require user consent, this ordinance does not currently impose additional obligations on our operations. Should we introduce consent-dependent cookies in the future, we will update this policy and implement a compliant consent mechanism accordingly.

7. Third-Party Services & Data Sharing

We may share your Personal Data with:

  • Payment Processors: PayPal and Stripe process payments on our behalf. When you choose to pay by direct bank transfer to salll, no third-party payment processor is involved; the transaction is handled directly between you and us as a one-time, non-recurring transfer. We do not store your credit card details or PayPal credentials on our servers.
  • Cloudflare, Inc.: Provides content delivery, DDoS protection, and security services. Cloudflare may process your IP address and certain technical data to secure the Site.
  • Hosting Provider: Our web hosting provider stores and serves Site content and may process server log data on our behalf.
  • Legal & Regulatory Authorities: When required by law or to protect our legal rights.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets; you will be notified of any change in ownership.

All Processors are contractually bound under Art. 28 GDPR to implement appropriate technical and organizational measures and to use your Personal Data only for the purposes we specify.

8. International Data Transfers

Personal Data may be processed or stored outside the EU/EEA (e.g., by cloud-hosting providers in the U.S.). We ensure such transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions, including the EU-U.S. Data Privacy Framework where applicable.
  • Binding corporate rules, where applicable.

9. Data Retention

We retain your Personal Data only as long as necessary:

  • Account Data: You may delete your account at any time through the Site’s account settings. Account deletion is only available once all active recurring subscriptions have been canceled and their current billing period has ended. It is your responsibility to cancel recurring subscriptions with the respective payment provider (e.g., PayPal or Stripe) before requesting account deletion; the Site cannot access or modify your external payment accounts on your behalf.
  • Transactional Data: As required by tax and accounting laws (typically up to 10 years in Germany under Sections 147 AO and 257 HGB).
  • Marketing Consents: Until you withdraw consent.
  • Log Data: Generally for up to 24 months, then anonymized or deleted.

10. Your Rights

Under the GDPR, you have the right to:

  • Access your Personal Data (Art. 15 GDPR).
  • Rectify inaccurate or incomplete data (Art. 16 GDPR).
  • Erase data (the “right to be forgotten”) where legally permitted (Art. 17 GDPR).
  • Restrict processing (Art. 18 GDPR).
  • Object to processing based on legitimate interests or direct marketing (Art. 21 GDPR).
  • Data Portability: Receive your data in a structured, machine-readable format (Art. 20 GDPR).
  • Withdraw Consent: For marketing communications, at any time (Art. 7(3) GDPR).
  • Complain: To a supervisory authority. The competent authority for our operations is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

To exercise your rights, contact us at [email protected]. We will respond within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

11. Security Measures

We implement industry-standard technical and organizational safeguards, including:

  • Encryption (SSL/TLS) in transit.
  • Access controls, firewalls, and regular security assessments.
  • Confidentiality agreements with all personnel who access Personal Data.

However, no method of Internet transmission or electronic storage is 100% secure; we cannot guarantee absolute security. In the event of a Personal Data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority without undue delay, in accordance with Art. 33 and Art. 34 GDPR.

12. Artificial Intelligence & Automated Processing

The Site does not use any artificial intelligence systems, machine-learning models, or automated decision-making processes. We do not employ AI for content recommendations, user profiling, moderation, or any other purpose. We do not use your Personal Data for AI training, machine-learning model development, or synthetic media generation.

Should we introduce any AI-related processing in the future, we will update this policy and inform you accordingly, in compliance with applicable law including Art. 22 GDPR. For details on how we protect our content against unauthorized AI use by third parties, please refer to Section 13 of our Terms of Use.

13. Children’s Privacy

Our Site is not intended for children under 14. We do not knowingly collect Personal Data from minors. If you believe we have collected such data, please contact us and we will promptly delete it.

14. Links to Other Websites

Our Site may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before providing any Personal Data.

15. DSA Transparency

In accordance with the Digital Services Act (Regulation (EU) 2022/2065), we provide the following:

  • Single Point of Contact: For DSA-related communications from authorities and users: [email protected].
  • Content Reporting: If you believe any content on the Site is illegal, you may report it via the contact details above.
  • Algorithmic Transparency: We do not employ algorithmic recommendation systems or profiling-based advertising on the Site.
  • No Dark Patterns: Our consent interfaces and user flows are designed to be clear and non-deceptive, in compliance with the DSA’s prohibition on deceptive design practices.

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the new “Last revised” date and, where appropriate, notify you by email or a notice on the Site. Continued use after changes constitutes acceptance.

17. Contact Us

If you have any questions, requests, or concerns about your privacy or this policy, please contact:

Data Protection Contact

salll Email: [email protected] Address: Bonner Strasse 327, 50825 Cologne, Germany

Thank you for trusting salll with your data. We are committed to keeping it safe and respecting your rights.