Shopping Basket
black Background

Privacy Policy

1. Data Controller

 

The responsible controller for the processing of personal data on this website is:

CAPU GmbH
Forsthausstr. 3C, 82031, Gruenwald, Germany
HRB 224925
Represented by: Manuela Gruber
Email: contact@capu.de
Phone: +49 89 50008290

 

2. Collection and Storage of Personal Data

 

We process personal data that you provide to us when:

  • visiting our website
  • placing an order
  • creating an account
  • signing up for newsletters
  • contacting us via contact form or email
  • interacting with cookies or analytics tools

 

Categories of data processed include:

  • Identification data: name, address, email, phone
  • Order data: purchased items, transaction information, payment status
  • Payment data (processed externally): payment method, partial card identifiers
  • Technical data: IP address, browser type, device type, usage data
  • Marketing data: newsletter opens/clicks, marketing preferences

 

3. Purpose and Legal Basis of Processing

 

We process your data based on the following legal grounds under Art. 6 DSGVO:

 

Performance of a contract (Art. 6(1)(b))

  • to process orders, payments, deliveries, returns
  • to communicate about your purchases

Consent (Art. 6(1)(a))

  • newsletter subscription
  • non-essential cookies
  • marketing analytics

Legitimate interests (Art. 6(1)(f))

  • prevention of fraud
  • improvement of website performance
  • internal business analytics

Legal obligation (Art. 6(1)(c))

  • tax documentation
  • accounting compliance

 

4. Sharing of Personal Data

 

We share your personal data only where necessary and proportionate.

 

4.1 With our service providers (processors)

  • Shopify Inc. – website hosting, checkout, order management
  • Payment providers – Stripe, PayPal, Klarna (depending on your configuration)
  • Shipping carriers – DHL, UPS, DPD, Deutsche Post
  • Email marketing providers – Klaviyo or equivalent
  • Cloud storage & IT systems

All processors operate under Art. 28 contracts ensuring DSGVO compliance.

 

4.2 International Transfers

Shopify and some providers may transfer data to Canada or the USA.

Transfers rely on:

  • Adequacy decision for Canada
  • EU Standard Contractual Clauses (SCCs) for the USA

We ensure appropriate safeguards are in place.

 

5. Cookies & Tracking Technologies

 

This website uses:

  • Essential cookies (Shopify) — required for checkout
  • Analytics cookies (optional, consent required)
  • Marketing cookies (optional, consent required)

On your first visit, a cookie banner will appear. You may accept or reject non-essential cookies at any time.

For detailed cookie information, see our Cookie Policy.

 

6. Newsletter Subscription

 

When you sign up for our newsletter:

  • you consent to receiving marketing emails
  • data is stored by our email provider (e.g., Klaviyo)
  • consent can be withdrawn at any time via the unsubscribe link
  • open and click rates may be tracked (legitimate interest + consent)

 

7. Storage Duration

 

We store data only as long as necessary:

  • Order data: 10 years (tax law)
  • Customer accounts: until deletion
  • Newsletter data: until withdrawal of consent
  • Cookies: according to individual expiry durations

 

8. Your Rights (Art. 12–23 DSGVO)

 

You have the following rights at any time:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure / “right to be forgotten” (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to withdraw consent (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority

Your competent authority in Germany (if applicable):
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

 

9. Automated Decision-Making & Profiling

 

We do not use automated decision-making that produces legal effects.
Marketing segmentation (e.g., Klaviyo) may occur but only with your consent.

 

10. Data Security

 

We use technical and organisational measures (TOMs) including:

  • encrypted Shopify checkout (TLS)
  • access control
  • secure server infrastructure
  • regular security audits

 

11. Contact for Privacy Matters

 

For any privacy request or to exercise your rights:

Email: contact@capu.de

 

12. Updates to This Privacy Policy

 

We may update this policy when legal or operational changes occur. The latest version is always available on our website.

 

CAPU

Get 10% OFF

You're missing out! Consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.