Privacy Policy

Last updated: 14 July 2025

1. Controller

Theme Hub Co., Bergheimer Straße 104, 69115 Heidelberg, Germany.

Contact: info@theme-hub.com

2. Data We Collect & Why

Server logs

  • What we collect: IP address, user-agent, timestamp

  • Purpose: site security & troubleshooting

  • Legal basis: legitimate interest (GDPR Art. 6 (1)(f))

Newsletter

  • What we collect: e-mail address

  • Purpose: send weekly theme picks

  • Legal basis: consent (GDPR Art. 6 (1)(a))

• Affiliate clicks

  • What we collect: referrer, click-ID

  • Purpose: track commissions (no personal profiling)

  • Legal basis: legitimate interest (GDPR Art. 6 (1)(f))

• Cookies (Squarespace)

  • What we collect: ss_cvt, ss_cid, ss_cookieAllowed

  • Purpose: analytics & CDN performance

  • Legal basis: consent via cookie banner

We do not sell personal data.

3. Analytics

We use Squarespace’s first-party analytics only. No Google Analytics, no fingerprinting.

4. Email Marketing

We send newsletters via Squarespace Email Campaigns, whose servers are located in the United States. Transfers rely on EU Standard Contractual Clauses.

5. Data Sharing

  • Affiliate networks (Shopify, Squarespace, Wix, Automattic) receive click-ID data to validate commissions.

  • Service providers (hosting, email) only as necessary to operate the site.

  • Legal authorities if required by law.

6. International Transfers

Squarespace and our email provider are US-based; transfers are protected by Standard Contractual Clauses.

7. Your Rights (GDPR)

You may request access, correction, deletion, or restriction of your personal data.

E-mail: info@theme-hub.com

We will respond within 30 days.

8. California Notice (CCPA/CPRA)

We do not sell or share personal information for cross-context behavioural advertising. California visitors can submit access or deletion requests via privacy@theme-hub.com.

9. Children

Theme Hub is not intended for users under 16 years of age. We do not knowingly collect data from anyone under 16.

10. Data Retention

Server logs = 30 days; newsletter data = until you unsubscribe; affiliate click data = up to 18 months for audit purposes.

11. Updates

We may revise this Policy. Check the “Last updated” date for changes.