Privacy policy

Updated: September 1, 2025

Cockpit Chuckles operates this shop and this website, including all related information, content, features, tools, products, and services, to provide you as a customer with a personalized shopping experience (the “Services”). Cockpit Chuckles is based on Shopify, which enables us to provide you with the Services.

This Privacy Policy describes how we collect, use, or share personal data when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us.

If there is a conflict between our general terms and conditions and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing, and sharing of your personal data.

Please read this Privacy Policy carefully. We process personal data only to the extent necessary to provide a functional website as well as our Services. Processing is carried out solely on the basis of your consent or legal permission.

Name and Address of the Controller

Cockpit Chuckles, a shop of apron:pilot Aviation Software eU
Rosenberggürtel 39, 8010 Graz, Austria
Email: contact@cockpitchuckles.com

For privacy inquiries, please contact:
Email: privacy@cockpitchuckles.com

What personal data do we collect or process?

When we use the term “personal data,” we mean information that identifies you or another person or can be directly associated with you. Personal data does not include information that is collected anonymously or anonymized in such a way that identification or association with you is no longer possible. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from such personal data:

  • Contact details including name, postal address, billing address, shipping address, phone number, and email address.
  • Financial data including credit, debit card and financial account numbers, payment card information, financial account details, transaction information, payment method, payment confirmation, and other payment details.
  • Account information including username, password, security questions, configurations, and settings.
  • Transaction information including the items you view, place in the shopping cart, add to the wishlist, purchase, return, exchange, or cancel, as well as your past transactions.
  • Communication with us including the information you provide when communicating with us, for example, when you submit a customer support request.
  • Device information including details about your device, browser, or network connection, IP address, and other unique identifiers.
  • Usage information including details about your interaction with the Services, such as how and when you interact with or browse the Services.

Sources of Personal Data

We may collect personal data from the following sources: 

  • Directly from you: We collect data, among other things, when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
  • Automatically through the Services: We collect data, among other things, from your device or when you use our products or Services or visit our website, as well as through the use of cookies and similar technologies.
  • From our service providers: We collect data, among other things, when we engage service providers to enable certain technologies, and when they collect or process your personal data on our behalf.
  • From our partners and other third parties

How do we use your personal data?

Depending on how you interact with us or which of the Services you use, we may use personal data for the following purposes:

  • Provision, customization, and improvement of the Services. We use your personal data to provide you with the Services. This includes, among other things, fulfilling our contract with you, processing your payments, fulfilling your orders, storing your configurations and items you are interested in, sending notifications related to your account, creating, maintaining, and otherwise managing your account, organizing shipping, facilitating returns and exchanges, enabling you to submit reviews, and creating a personalized shopping experience for you by, for example, recommending products based on your purchases. This may also include using your personal data to better tailor and improve the Services.
  • Marketing and advertising. We use your personal data for marketing and advertising purposes, for example, to send marketing and promotional communications via email, SMS, or mail, and to display online advertising for products or services on the Services or other websites, including based on items you previously purchased or placed in your shopping cart, as well as other activities related to the Services.
  • Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action against potential fraudulent, illegal, unsafe, or malicious activities, protect public safety, and ensure the security of our Services. If you choose to use the Services and register an account, you are responsible for protecting your account credentials. We strongly recommend that you do not share your username, password, or other login credentials with anyone else.
  • Communication with you. We use your personal data to provide you with customer support and effective Services, respond promptly to your inquiries, and maintain our business relationship with you.
  • Legal reasons. We use your personal data to comply with applicable law or respond to legal processes, including requests from law enforcement or regulatory authorities, to investigate or participate in civil inquiries, potential or actual legal disputes, or other adversarial proceedings, and to investigate potential violations of our terms or policies or to enforce the terms and policies.

Data processing for order fulfillment

The personal data we collect will be shared with the shipping company commissioned with delivery to the extent necessary for delivery of the goods, as part of contract performance. Your payment data will be shared with the bank commissioned with payment processing, to the extent necessary for payment processing. If payment service providers are used, we explicitly inform you about this below. The legal basis for sharing the data is Article 6 (1) (b) GDPR.

Contract conclusion in online shop, merchant, and goods shipment

We only transfer personal data to third parties if this is necessary within the scope of contract processing, for example to the companies entrusted with the delivery of goods or the bank entrusted with payment processing. No further transfer of the data takes place, or only if you have expressly consented to such transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Contact / Contact Form

When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.

The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Article 6 (1) (f) GDPR. If your contact aims at concluding a contract, then the additional legal basis for processing is Article 6 (1) (b) GDPR.

Your data will be deleted once your request has been fully processed, which is the case when it can be inferred from the circumstances that the matter has been conclusively clarified, provided there are no statutory retention obligations to the contrary.

How do we share personal data?

Under certain circumstances, we may share your personal data with third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include the following:

 

  • With Shopify: these are providers and other third parties that perform services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, fulfillment, and shipping).
  • We share personal data with business and marketing partners who provide marketing services for you and display advertising to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activities across various merchants and websites. Our business and marketing partners use your data in accordance with their own privacy policies. Depending on your place of residence, you may have the right to instruct us not to share information about you for the purpose of showing you targeted advertising and marketing based on your online activities across various merchants and websites.
  • When you request us to or otherwise consent to sharing certain information with third parties, for example, to deliver products to you, or when you use social media widgets or login integrations.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable service terms or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Webshop via Shopify

We use the Shopify Inc. (“Shopify”) platform of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, for hosting and presenting our online shop.

All data collected on our website is processed on Shopify’s servers. As part of Shopify’s services described above, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on behalf of Shopify. In the case of data transfers to Shopify Inc. in Canada, an adequacy decision by the European Commission ensures an adequate level of data protection.

In addition, Shopify uses so-called Network Intelligence technologies as part of its infrastructure to optimize the stability, security, and performance of the platform. Network data is analyzed to detect attacks at an early stage, prevent fraudulent activities, and efficiently manage traffic. These measures are carried out in compliance with applicable data protection laws and serve to protect both the platform and user data.

Further information on Shopify’s data protection can be found at the following website: https://www.shopify.de/legal/datenschutz and in the whitepaper https://help.shopify.com/pdf/gdpr-whitepaper.pdf.

Deletion of personal customer data is only possible 180 days after the most recent order by a customer. Shopify retains customer data in case of a chargeback procedure. The deletion is scheduled in the system and carried out automatically on the due date. In the meantime, customer data is blocked and cannot be used further. During the deletion period, the account can be reactivated by the customer by resetting the password. The deletion request remains in place and will be executed on the due date.

Relationship with Shopify

The Services are hosted by Shopify, whereby Shopify collects and processes personal data about your access to and use of the Services in order to provide and improve the Services for you. Data you submit to the Services is shared with Shopify as well as with third parties that may be located in countries other than your country of residence, in order to provide and improve the Services for you. To protect, expand, and improve our business, we also use certain advanced Shopify features that incorporate data and information from your interactions with our shop, with other merchants, and with Shopify. To provide these advanced features, Shopify may use personal data collected from your interactions with our shop, other merchants, and Shopify. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information on how Shopify uses your personal data and what rights you have, please see the Shopify Consumer Privacy Policy. Depending on your place of residence, you may exercise certain rights regarding your personal data listed there via the Shopify Privacy Portal.

Third-party websites and links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliate websites or not controlled by us, you should review their privacy and security policies as well as other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of information on those websites. Information you provide in public or semi-public spaces, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without restrictions on their use by us or a third party. The inclusion of such links by us does not mean that we endorse the content of those platforms or their owners or operators, unless this is expressly stated in the Services.

Children’s Data

The Services are not intended for use by children, and we do not knowingly collect personal data from children who have not reached the age of majority in your country.

Security and retention of your data

Please note that no security measures are perfect or impenetrable, and therefore we cannot guarantee “perfect security.” In addition, information you send to us may be exposed to risks during transmission. We recommend that you do not use insecure channels when transmitting sensitive or confidential information to us.

How long we retain your personal data depends on several factors. These include, for example, whether we need the data to manage your account, provide you with Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your rights and choices

Depending on where you live, you may have some or all of the rights listed below with respect to your personal data. However, these rights are not absolute, may apply only under certain circumstances, and in some cases we may lawfully deny your request.

  • Right of access. You may have the right to request access to the personal data we hold about you.
  • Right to deletion. You may have the right to request that we delete the personal data we hold about you.
  • Right to rectification. You may have the right to request that we correct inaccurate personal data we hold about you.
  • Right to data portability. You may have the right to obtain a copy of the personal data we hold about you and request that we share it with a third party under certain circumstances and subject to certain exceptions.
  • Managing communication preferences. We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you opt out, we may still send you non-promotional emails, e.g., about your account or orders you have placed.

If your residence is in the United Kingdom or the European Economic Area, you may, subject to exceptions and limitations under local law, also exercise the following rights in addition to the rights listed above:

  • Right to object and right to restrict processing. You may have the right to request that we stop or restrict the processing of personal data for certain purposes.
  • Withdrawal of consent. Where we rely on consent to process your personal data, you have the right to withdraw that consent. Withdrawing your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

You may exercise these rights where indicated within the Services or by contacting us via the contact details provided below. More information about how Shopify uses your personal data and what rights you have, including rights regarding data processed by Shopify, can be found at https://privacy.shopify.com/en.

Exercising these rights will not result in any disadvantage for you. Where permitted or required by applicable law, we may need to verify your identity before we can process your requests. In accordance with applicable laws, you may designate an authorized agent to make requests to exercise your rights on your behalf. Before we accept such a request from an agent, we will require proof that you have authorized them to act on your behalf. This may also require you to verify your identity directly with us. We will respond to your request promptly within the framework of applicable law.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us at the contact details provided below or by lodging a complaint with the competent data protection authority. For the European Economic Area, there is a list of competent data protection supervisory authorities available.

Rights of the data subject

You have the right to access, rectification, deletion, restriction of processing, data portability, and objection, as well as the right to lodge a complaint with a supervisory authority.

Provision of the website & server log files

When you access our website, technical data such as IP address, time of access, browser type, and visited pages are automatically collected. Processing serves the technical provision and security of the website.

Use of cookies

We use cookies to optimize the website and for statistical purposes. Processing is carried out based on your consent (Art. 6 (1) (a) GDPR) or, in the case of technically necessary cookies, on the basis of legitimate interests (Art. 6 (1) (f) GDPR).

Consent management with the cookie banner

To obtain and manage consents, we use a consent tool provided by Shopify. Your selection is stored and can be adjusted at any time.

Registration & customer account

When registering or placing an order, we process your personal data to set up and manage your account. Processing takes place on the basis of your consent or for the performance of a contract.

Payment processing

We offer various payment methods through third-party providers (e.g., Klarna, PayPal, Shopify Payments, Google Pay, Apple Pay, American Express, Visa, and others). Payment processing is carried out in accordance with Art. 6 (1) (b) GDPR.

Shipping service providers

For the delivery of your order, we transfer relevant data to our Print On Demand partner and to the respective shipping provider (e.g., DHL). This is done on the basis of your consent or for the performance of a contract.

Newsletter & Email Marketing (Klaviyo)

When subscribing to our newsletter, your email address and, if applicable, further data are processed. On our website, you are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted to us when ordering the newsletter results from the input mask used for this purpose.

We regularly inform our customers and business partners about our offers by means of a newsletter. Our company’s newsletter can only be received by you if you have a valid email address and you register for the newsletter delivery.

For legal reasons, a confirmation email in the double opt-in procedure will be sent to the email address first entered by you for newsletter delivery. This confirmation email serves to verify whether you, as the owner of the email address, have authorized receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your Internet Service Provider (ISP) to the IT system you used at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to trace any (possible) misuse of your email address at a later date and therefore serves our legal protection.

The personal data collected when registering for the newsletter will be used exclusively for sending our newsletter. In addition, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or registration, such as in the case of changes to the newsletter offering or technical circumstances. There will be no transfer of personal data collected as part of the newsletter service to third parties. The subscription to our newsletter can be canceled by you at any time. The consent to the storage of personal data that you have given us for newsletter delivery may be revoked at any time. For the purpose of withdrawing consent, a corresponding link is included in each newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on our website or to notify us in another way.

Our email newsletters and personalized email marketing are delivered via the technical service provider Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, United States (https://www.klaviyo.com/), to whom we pass on the data you provided during newsletter or email marketing registration. This transfer takes place within the framework of order processing by Klaviyo. Please note that your data is generally transferred to a Klaviyo server in the USA and stored there. We use the double opt-in procedure.

Klaviyo uses this information to send and statistically evaluate newsletters and email marketing mailings with an integrated Customer Data Platform (CDP). For evaluation, the emails sent contain so-called web beacons or tracking pixels, i.e., one-pixel image files stored on our website. This allows us to determine whether a newsletter or email marketing message has been opened and which links may have been clicked. Technical information is also collected (e.g., time of retrieval, IP address, browser type, and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data, so direct identification is excluded. These data are used solely for statistical analysis of newsletter and email marketing campaigns. The results of these analyses can be used to better adapt future newsletters and email marketing mailings to the interests of recipients.

If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from newsletter and/or email marketing delivery.

The consent you have given may be revoked at any time. You can also prevent processing at any time by unsubscribing from the newsletter or personalized email marketing. You can also prevent the storage of cookies by adjusting your web browser settings accordingly. By disabling JavaScript in your web browser or installing a JavaScript blocker (e.g., https://noscript.net or https://www.ghostery.com), you can also prevent the storage and transmission of personal data. Please note that these measures may mean not all functions of our website are available.

Furthermore, Klaviyo may use this data pursuant to Art. 6 (1) (f) GDPR on the basis of its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example, to determine from which countries recipients come. However, Klaviyo does not use the data of our newsletter and email marketing recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement with Klaviyo on the basis of the European Commission’s standard contractual clauses (“Data Processing Agreement”) in order to enable the transfer of your personal data to Klaviyo. This data processing agreement can be viewed at the following internet address: https://www.klaviyo.com/legal/dpa.

You can view Klaviyo’s privacy policy here: https://www.klaviyo.com/legal/privacy-notice.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR.

Contact form & email communication

When contacting us via forms or email, the information you provide is processed in order to handle your inquiry. The legal basis is your consent or pre-contractual measures.

When contacting us via contact form or email, personal data is collected. The specific data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.

The legal basis for processing the data is our legitimate interest in responding to your inquiry pursuant to Art. 6 (1) (f) GDPR.

Web analytics & tracking

We use tools such as Google Analytics, Facebook Pixel, and Google Tag Manager to analyze user behavior and to optimize our website and advertising. Processing takes place only with your consent pursuant to Art. 6 (1) (a) GDPR.

Google Tag Manager

Google Tag Manager is used to manage website tags. It does not itself process personal data.

Use of social media & business platforms

We maintain company profiles on platforms such as Instagram, Facebook, and Pinterest. When you interact with us there, personal data may be processed. For details, please refer to the privacy information of the respective providers.

Plugins & tools used

Our website uses additional Shopify apps and plugins, including: Bundles, Flow Shopify, Google & YouTube, Hurry-Up Timer, Inbox Shopify, Judge.me, Klaviyo, META (Facebook & Instagram), Optionize, Order Printer Pro, Pinterest, Printful, R Terms & Conditions, Search & Discovery, Shopify POS, Translate & Adapt.

Data processing depends on the function and is carried out on the basis of your consent or for the performance of a contract.

Disclosure of data to third parties or third countries

Data is only shared if this is legally required (Art. 6 (1) (c) GDPR), contractually necessary (Art. 6 (1) (b) GDPR), or covered by your express consent (Art. 6 (1) (a) GDPR). Possible recipients include shipping providers, payment service providers, tax advisors, collection agencies, and auditors.

If we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent contracts issued by the competent UK authority, unless the data transfer is made to a country that demonstrably provides an adequate level of protection.

When using Shopify, Klaviyo, Google, Meta, and other tools, data may be transferred to third countries. Such transfers are carried out on the basis of appropriate safeguards such as EU Standard Contractual Clauses pursuant to Art. 46 GDPR.

Storage period

We store personal data only for as long as is necessary for the respective processing purposes or as legally required. As soon as the purpose ceases to apply or statutory retention periods expire, the data will be routinely deleted.

Criteria for the duration of storage include, among others: statutory retention periods (e.g., tax and commercial law for up to 10 years), duration of the contractual relationship, consents, technical necessities, or legitimate interests.

Changes to this Privacy Policy

This Privacy Policy is currently valid. We reserve the right to update it from time to time, for example, to reflect changes in our practices, or for other operational, legal, or regulatory reasons.

We will publish the revised Privacy Policy on this website, adjust the “Last Updated” date accordingly, and provide any notice required under applicable law.