Privacy Notice

Privacy Policy (GDPR)

Last updated: 25 August 2025

Quick note: We process personal data only as necessary to operate our website, fulfill contracts (orders, shipping, payment), communicate with customers and comply with legal obligations. You can exercise your rights at any time via our contact page.

1) Controller

D G D E G m b H
Lieberoser Str. 37, D-13439 Berlin, Germany
Phone: +4930 6500 1800 · WhatsApp: +4930 6500 1800
For privacy requests, please use our contact page.

Data Protection Officer: Not appointed (no legal requirement).

2) Data categories & purposes

  • Website usage/server logs: IP address, timestamp, URL, referrer, user agent, status code (operation, security, troubleshooting).
  • Customer account/order: identity, addresses, order line items, communication (contract fulfilment, support, warranty).
  • Payment: payment data depending on method (e.g., PayPal); we do not store full card details.
  • Shipping: delivery address and, if needed, contact details for notifications.
  • Communication: messages via contact form/phone/WhatsApp/chat.
  • Legal compliance: storage of business/tax records.

4) Hosting & server logs

Our website is hosted by external IT providers. Server logs are processed for security and usually deleted after 7–30 days unless retention is required for evidence.

5) Orders, payment & shipping

Orders & account

We process the data you provide to fulfil your order and provide customer service. Mandatory fields are indicated accordingly.

Payments (PayPal)

When choosing PayPal, payment data is transmitted to PayPal (e.g., amount, payment instrument, device/transaction data). Legal basis: Art. 6(1)(b) GDPR (contract); fraud checks may rely on Art. 6(1)(f) GDPR. PayPal may transfer data to third countries; appropriate safeguards (e.g., EU Standard Contractual Clauses) apply. See PayPal’s privacy notices for details.

Shipping

For delivery we share address and, if necessary, contact details with carriers. Legal basis: Art. 6(1)(b) GDPR.

6) Cookies & similar technologies

We use necessary cookies (e.g., cart, login, language). Optional cookies/tools (e.g., Google Analytics, chat, convenience features) are used only with consent. You can withdraw consent at any time via the cookie settings (e.g., link in the footer).

7) Web analytics: Google Analytics (GA4)

We use Google Analytics 4. Processing takes place only with your consent (Art. 6(1)(a) GDPR). Data includes page views, events, device/browser data and approximate location. IP anonymization is enabled. Retention for user/event data is typically 2–14 months depending on settings.

Google may transfer data to the USA or other third countries; EU Standard Contractual Clauses apply. You can withdraw consent anytime via the cookie settings.

8) Newsletter via CleverReach

If you subscribe to our newsletter, we use the double opt-in process. Provider: CleverReach (processor). Legal basis: your consent (Art. 6(1)(a) GDPR). We process your email address and optional profile data. For optimisation we measure opens/clicks (reach measurement). You can withdraw consent at any time via the unsubscribe link within each email or via our contact page. After unsubscribing, we delete your newsletter data unless statutory retention applies.

9) Chatbot & support: Zendesk Chat (Zopim)

We use Zendesk Chat (Zopim) for live chat/chatbot. Depending on usage, chat content, timestamps, pseudonymous IDs, device/browser data and cookies may be processed to provide the service and allocate requests. Processing is based on your consent (Art. 6(1)(a) GDPR) and, where necessary to answer your request, Art. 6(1)(b)/(f) GDPR. Data may be transferred to third countries; appropriate safeguards (e.g., EU Standard Contractual Clauses) are used. You can withdraw consent via the cookie settings.

10) Recipients & processors

Depending on the process: IT/hosting/support providers, payment providers (e.g., PayPal), carriers, CleverReach (newsletter), Zendesk (chat), authorities for legal obligations, and collections/legal counsel if needed. Processor contracts pursuant to Art. 28 GDPR are in place.

11) International transfers

Transfers outside the EU/EEA occur only under an adequacy decision, appropriate safeguards (e.g., EU SCCs) or with your explicit consent.

12) Retention

We retain personal data only as long as necessary for the purposes described or where statutory retention applies (typically 6–10 years for business/tax records).

13) Your rights

  • Access, rectification, erasure, restriction, portability (Arts. 15–20 GDPR).
  • Objection to processing based on legitimate interests and to direct marketing (Art. 21 GDPR).
  • Withdrawal of consent with future effect (Art. 7(3) GDPR).
  • Complaint to a supervisory authority (Art. 77 GDPR).

To exercise your rights, use our contact page or the postal address above.

14) Security

We apply appropriate technical and organisational measures (e.g., TLS encryption) to protect data against loss, misuse and unauthorised access.

15) Changes to this policy

We may update this policy if services, legal requirements or technical standards change. The version published on this page applies.

  • Deutsch
  • English
  • Russian
xt:Commerce 4.1 © 2025 xt:Commerce