Last updated: February 21, 2026
This Privacy Notice explains how personal data is collected, used, and protected when you visit or interact with theshit.co (the “Website”). The Website is owned and operated by Butler Digital ApS, CVR/VAT no. 46083709, registered in Denmark (“we,” “us,” or “our”). Butler Digital ApS is the data controller responsible for processing your personal data in accordance with the EU General Data Protection Regulation (GDPR).

Personal Data We Collect
We collect and process personal data only where necessary to operate the Website and provide our services. This may include name, email address, company name (where applicable), payment information (processed securely via third-party payment providers; we do not store full card details), IP address, browser type and device information, usage data and interaction data, and communications you send to us. We do not intentionally collect sensitive personal data.

How We Collect Data
We collect personal data when you contact us via email or website forms, create an account, participate in auctions or purchase placements, subscribe to communications, interact with the Website, or accept cookies. Certain technical data, such as IP address and usage data, is collected automatically through cookies and analytics technologies.

Legal Basis for Processing
We process personal data only where there is a lawful basis under GDPR, including contractual necessity where processing is required to manage auctions, complete purchases, or provide services; consent where you subscribe to communications or accept non-essential cookies; legitimate interest where processing is necessary to operate, secure, analyze, and improve the Website; and legal obligation where processing is required for accounting, tax, fraud prevention, or regulatory compliance.

How We Use Personal Data
We use personal data to operate and maintain the Website, process payments and administer placements, manage auctions and account functionality, respond to inquiries, send communications where permitted, improve performance and user experience, and detect and prevent fraud or misuse. We do not sell personal data.

Where you have provided consent to receive marketing communications, you may unsubscribe at any time using the link provided in each email.

Sharing of Personal Data
We may share personal data with service providers strictly as necessary to operate the Website, including payment processors, hosting providers, email and communication providers, analytics providers, advertising and tracking platforms, and IT and security providers. These providers process data on our behalf under appropriate contractual safeguards. Some service providers may be located outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Data Retention
We retain personal data only for as long as necessary to fulfill contractual obligations, comply with legal and tax requirements, resolve disputes and enforce agreements, and maintain necessary business records. Data no longer required will be securely deleted or anonymized.

Your Rights Under GDPR
Under GDPR, you have the right to access your personal data, request correction of inaccurate data, request deletion of your data, restrict processing, object to processing based on legitimate interest, withdraw consent at any time, and request data portability. To exercise your rights, contact media@theshit.co. We may request identity verification before fulfilling certain requests.

Cookies and Tracking
The Website uses cookies and similar technologies to enable core functionality, analyze traffic and usage patterns, improve performance, and support advertising and affiliate tracking. Non-essential cookies are used only with your consent. You may withdraw or modify consent at any time via the cookie banner or your browser settings. For more information, please see our Cookie Policy.

Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. However, no internet-based system can be guaranteed to be completely secure.

Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Complaints
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at www.datatilsynet.dk.

Changes to This Privacy Notice
We may update this Privacy Notice from time to time. Updates will be posted with a revised “Last updated” date. Continued use of the Website constitutes acceptance of the updated notice.