This Privacy Policy explains how we collect, use and share your personal information when you visit or make a purchase from our website (the “Site”).

By using the Site, you agree to the processing of your personal data as described here.

1. Data Controller

The controller responsible for this Site is:

CAPU GmbH
Forsthausstr. 3c
82031 Grünwald
Germany

Commercial register: Amtsgericht München, HRB 224925
Managing director: Manuela Gruber

Email: contact@capu.de
Phone: +49 89 50008290

2. Our Use of Shopify

Our online store is hosted by Shopify. When you visit our Site, place an order or interact with the store, Shopify processes your personal data to provide the e-commerce platform, checkout, payments, fraud prevention, analytics and related services.

Shopify may also process your information as an independent controller, for example when it provides services based on customer interactions across multiple Shopify merchants (sometimes called “historical data” or network-based insights).

You can learn more in Shopify’s Consumer Privacy Policy:
https://www.shopify.com/legal/privacy/consumers

3. What Information We Collect

We only collect the information necessary for the purposes described below.

3.1 Information you provide

Contact and identity data – name, billing and shipping address, email address, phone number
Order data – products ordered, cart contents, order history, invoices, returns
Account data (if you create an account) – login email, password hash, saved addresses
Communication data – messages you send us by email, form or social media
Marketing preferences – newsletter subscription status, consents

We do not store full payment card numbers. These are processed directly by our payment providers.

3.2 Information collected automatically (“Device Information”)

When you visit the Site, we automatically collect:

IP address and approximate location (country/region)
browser type and version, operating system, device type
date and time of access
pages and products viewed, referral pages (e.g. search engine, ad, external site)
interactions with the Site (clicks, scrolls, add-to-cart, etc.)
cookie identifiers and similar tracking technologies

We collect this using technologies such as:

Cookies – small data files stored on your device. You can control cookies via your browser settings.
Log files – standard server logs recording access to the Site.
Pixels, tags and web beacons – code that helps us and our service providers understand how the Site is used and how campaigns perform.

Where required by law (e.g. in the EU/EEA and UK), we will only use non-essential cookies and similar technologies with your consent via our cookie banner.

3.3 Order and payment information

When you make or attempt to make a purchase, we collect:

name, billing and shipping address
email address and phone number
products ordered
selected shipping and payment method
partial payment information (e.g. last four digits of your card, payment provider and transaction ID)

Payment transactions are processed securely by our payment providers (for example card acquirers, Revolut Pay, PayPal or others shown at checkout). These providers receive your payment details directly and process them under their own privacy policies.

We refer to the information above collectively as “Personal Information”.

4. How We Use Your Personal Information

We process your Personal Information only where we have a legal basis to do so, and only for specified purposes.

4.1 To operate the Site

Provide and secure the Site and store
Fix errors, prevent abuse and fraud
Generate anonymous statistics to improve performance and usability

Legal basis (EEA/UK):
Legitimate interests (Art. 6(1)(f) GDPR) – operation of a secure, functional online store.

4.2 To process orders and provide customer service

Accept and process your orders
Arrange shipping and returns
Provide invoices and order confirmations
Communicate with you about your order or account
Handle complaints and warranty claims

Legal basis (EEA/UK):
Performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR); legal obligations (Art. 6(1)(c) GDPR, e.g. tax and accounting rules).

4.3 To send newsletters and marketing communications

Send you emails about new products, early access drops and special promotions
Personalise or measure our marketing where permitted

Legal basis (EEA/UK):
Your consent (Art. 6(1)(a) GDPR), or our legitimate interests in direct marketing where allowed by law (Art. 6(1)(f) GDPR).
You can withdraw consent or object to marketing at any time (see section 9).

4.4 Analytics, insights and “historical data” features

We and Shopify may use device and usage information:

to understand how the Site is used
to improve our product selection and user experience
to help detect and prevent fraud
to provide or support features that use aggregated or “historical” data across multiple Shopify merchants (for example smarter recommendations or network-level analytics, if enabled)

Legal basis (EEA/UK):
Legitimate interests (Art. 6(1)(f) GDPR) and, where required for non-essential cookies or tracking, your consent (Art. 6(1)(a) GDPR).

You may have the right in some regions to opt out of certain data sharing or targeted advertising. Where applicable, we or Shopify may honour browser signals such as Global Privacy Control (GPC) or provide additional opt-out tools.

4.5 Legal compliance and protection

We may process and share your Personal Information:

to comply with legal obligations (e.g. tax and accounting laws)
to respond to lawful requests (e.g. subpoenas, court orders, regulatory inquiries)
to establish, exercise or defend legal claims
to protect our rights, property, safety and that of our users or others

Legal basis (EEA/UK):
Legal obligation (Art. 6(1)(c) GDPR) and/or legitimate interests (Art. 6(1)(f) GDPR).

5. How We Share Personal Information

We share your Personal Information with third parties only to the extent necessary and lawful.

5.1 Service providers (processors)

We use service providers who process data on our behalf, including:

Shopify – store hosting, checkout, payments, fraud prevention, analytics, email notifications
Payment providers – card acquirers, Revolut Pay, PayPal, and others shown at checkout
Shipping providers – FedEx, UPS, DHL, DPD and local postal services
Email and marketing tools – newsletter and transactional email services
IT, analytics and cloud providers – infrastructure, storage, performance monitoring

These providers are contractually bound to process your data only under our instructions and to implement appropriate security measures.

5.2 Independent controllers

Some third parties act as independent controllers, meaning they decide how they process your data. This includes, for example:

payment providers when you enter your payment details on their pages
Shopify, when it uses consumer data to provide its own services across merchants
social media platforms, if you interact with our profiles there
analytics or advertising partners, where used

Their own privacy policies apply in addition to this one.

5.3 Legal and business transfers

We may share Personal Information where required by law or in connection with a corporate transaction (e.g. merger, asset sale), always in line with applicable data protection law.

We do not sell your Personal Information in the sense of typical “data broker” activities.

6. International Data Transfers

Some service providers (including Shopify and certain payment and email providers) are located outside your home country, including in Canada and the United States.

Where your data is transferred from the EU/EEA or UK to a country without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and, where required, additional technical and organisational measures.

You can contact us for more information about these safeguards.

7. Cookies and Targeted Advertising

You can control cookies through your browser settings and, where applicable, through our cookie banner or cookie settings tool.

If we use targeted advertising or retargeting services (for example, Meta/Facebook Ads, Google Ads, or similar), this will typically involve:

using cookies or identifiers to recognise your device
sharing limited information with the advertising provider so they can show you relevant ads
receiving aggregated statistics about ad performance

In many regions you can opt out of targeted advertising:

via the privacy or ad settings in the relevant platform (e.g. Google, Facebook), and
via industry opt-out tools like the Digital Advertising Alliance: http://optout.aboutads.info/

In the EU/EEA and UK, non-essential cookies and similar technologies for advertising or advanced analytics will only be used with your consent.

8. How Long We Keep Your Information

We keep Personal Information only for as long as necessary for the purposes described above or as required by law.

Typical retention periods include:

Order and invoice data: generally 10 years (tax/commercial law)
Customer account data: as long as your account is active, or until you request deletion (subject to legal retention)
Newsletter data: until you unsubscribe or we stop sending newsletters to you
Technical logs and analytics data: for a period appropriate to security and performance monitoring and then anonymised or deleted
Support requests: for as long as needed to handle your request and for documentation, then according to statutory retention rules

When data is no longer needed, we delete it or anonymise it.

9. Your Rights

9.1 Rights under GDPR (EEA/UK)

If you are in the EU/EEA or UK, you have the following rights under the GDPR / UK-GDPR (subject to legal conditions):

Right of access – to know whether we process your data and to receive a copy
Right to rectification – to correct inaccurate or incomplete data
Right to erasure – to request deletion of your data where legally permitted
Right to restriction of processing
Right to data portability – to receive certain data in a structured, commonly used and machine-readable format
Right to object – in particular to processing based on legitimate interests and to direct marketing
Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time with future effect

To exercise these rights, please contact us at contact@capu.de.

You also have the right to lodge a complaint with your local supervisory authority. For CAPU GmbH, one competent authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany

9.2 Rights in other regions

Depending on where you live, you may have additional rights under local law (for example, certain US state privacy laws). These may include the right to:

request information about how we process your data
request access, correction or deletion
object to or restrict certain processing
opt out of targeted advertising or certain data sharing

We will honour all rights granted to you under applicable law. You can contact us at contact@capu.de with any request, stating your place of residence so we can process it under the correct legal framework.

10. Children and Age Restrictions

Our Site and products are not intended for individuals under the age of 18 (or the age of majority in your country, if higher). We do not knowingly collect personal information from minors.

If you believe that a minor has provided us with personal information, please contact us so we can delete it where required.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example due to changes in law, our services or the technologies we use.

The latest version will always be available on this page and will apply from the date it is posted.

12. Contact Us

For questions about this Privacy Policy, our privacy practices, or to exercise your rights, you can contact us at:

Email: contact@capu.de
Phone: +49 89 50008290

Privacy Policy

Menu

Customer care

Legal

Get 10% OFF

Are you over 21?