Candles SupplierGet a quote

Legal

Privacy Policy

This page explains what personal data we collect when you contact us, why we collect it, how we store it, and the rights you have under EU data-protection law.

Last updated: 12 May 2026

1. Who is responsible

The data controller for this website is the operator of candlessupplier.com, with a postal address at Kolonnenstr. 8, 10827 Berlin, Germany. To exercise any of the rights described below, please reach us via the quote form.

2. What data we collect

When you submit the quote form on this site, we collect the following information you choose to provide:

  • Name
  • Email address
  • Company name (optional)
  • Phone number (optional)
  • Country (optional)
  • Product interest, quantity, and the free-text message you write us
  • Submission timestamp

We do not use third-party analytics, advertising trackers, or behavioural cookies on this site. We do not place advertising cookies. The site sets only the technical cookies that Next.js may use to serve pages.

3. Why we collect it (legal basis)

We process the information you submit through the quote form in order to respond to your enquiry, prepare a quote, and — if you choose to proceed — negotiate and perform a contract with you. The legal bases under the GDPR (Regulation (EU) 2016/679) are:

  • Article 6(1)(b) GDPR — steps taken at your request prior to entering into a contract.
  • Article 6(1)(f) GDPR — our legitimate interest in handling B2B enquiries and protecting the form from abuse.

4. How long we keep it

We retain enquiry data for as long as is reasonably necessary to evaluate, respond to, and act on your request, and for the period required to comply with commercial and tax-law record-keeping obligations under German and EU law. Where no business relationship results, we delete or anonymise the data when it is no longer needed.

5. Who processes the data on our behalf

We use the following service providers to operate the site and deliver quote enquiries:

  • Vercel Inc. — site hosting and request logs.
  • Amazon Web Services (AWS), Inc. — Simple Email Service (SES) used to deliver quote-request emails to our team.
  • GitHub, Inc. — source code and deployment.

Where these providers process personal data on our behalf, they do so under data- processing agreements. Some providers may transfer data outside the EU/EEA; in those cases we rely on standard contractual clauses or equivalent safeguards permitted under Articles 44–49 GDPR.

6. Your rights

You have the right to:

  • request access to the personal data we hold about you (Art. 15);
  • request correction of inaccurate data (Art. 16);
  • request deletion of your data (Art. 17);
  • restrict or object to our processing (Art. 18, 21);
  • request the data we hold in a portable format (Art. 20);
  • lodge a complaint with your local data protection authority (Art. 77).

To exercise any of these rights, contact us through the quote form.

7. Security

The site is served over HTTPS. Form submissions are transmitted to our servers and to AWS SES over encrypted connections. Access to enquiry data is restricted to authorised personnel.

8. Updates to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision.