Privacy Policy

Last updated: June 2025

1. WHO WE ARE

Responsible party (Verantwortlicher) under GDPR:
Niall O'Hara · Catface Tees
Berlin, Germany
Email: [email protected]
Full legal details: Impressum

2. DATA WE COLLECT & WHY

Data you provide directly

Order data: name, delivery address, email, optional phone — needed to fulfil your order and communicate about it.
Payment data: processed entirely by Stripe. We never see or store your card number — only a transaction reference.
Contact messages: name, email, message — used only to respond to your enquiry.
Newsletter sign-up: email only, used solely to notify you of new drops. Unsubscribe any time.

Data collected automatically

Analytics: pages visited, time on site, device/browser type — only with your consent (see Section 5).
Server logs: IP address, request timestamps — retained 90 days for security.

3. LEGAL BASIS (GDPR / DSGVO)

Art. 6(1)(b): Contract performance — processing your order.
Art. 6(1)(f): Legitimate interest — fraud prevention, site security, service improvement.
Art. 6(1)(a): Consent — analytics cookies, marketing emails. Withdraw any time.
Art. 6(1)(c): Legal obligation — retaining transaction records (10 years, German commercial law).

4. WHO WE SHARE DATA WITH

Recipient	Purpose	Location
Stripe, Inc.	Payment processing	USA — EU Standard Contractual Clauses in place
DHL / Deutsche Post	Shipping & delivery	EU
Google Analytics	Site analytics (if consented)	USA — EU SCCs in place, IP anonymised
Email provider	Transactional + newsletter emails	EU

We do not sell your data. Not to anyone. Not for any reason.

5. COOKIES

Essential: cart session, checkout state, security tokens. Cannot be disabled.
Analytics: Google Analytics with anonymised IP. Set only with consent.
Personalisation: dismissed notices, display preferences. Set only with consent.

Update your cookie preferences at any time:

6. RETENTION PERIODS

Order records: 10 years (§ 257 HGB)
Contact enquiries: 2 years after resolution
Analytics data: 26 months
Newsletter list: until unsubscription
Server logs: 90 days

7. YOUR RIGHTS (GDPR / DSGVO)

Under EU law you have the right to: access data we hold about you · correct inaccurate data · erase your data (subject to legal obligations) · restrict processing · portability of your data · object to legitimate-interest processing · withdraw consent at any time.

Contact: [email protected]. We respond within 30 days. You also have the right to complain to the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

8. SECURITY

All data is transmitted over HTTPS/TLS. Payment handling is delegated entirely to Stripe (PCI DSS Level 1 certified). Access to customer data is restricted to personnel with a legitimate need.

9. CHANGES

We'll update the date above when this policy changes. Significant changes will be flagged on the site.