Data Protection

Privacy Policy

In our privacy policy, we inform you about how we collect, process, and protect your data. Please take a moment to familiarize yourself with our measures to protect your privacy. If you have any questions or comments about this privacy policy, please feel free to contact us at any time.

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This only applies unless otherwise stated during the subsequent processing operations.

"Personal data" means any information relating to an identified or identifiable natural person.

Server log files
You can visit our website without providing any personal information. Each time you access our website, usage data is transmitted to us or our web host/IT service provider via your internet browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. Processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in ensuring the smooth operation of our website and improving our offering.

Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.

Contact

Person responsible
Please contact us if you wish. The controller responsible for data processing is:

Randolf-Christian Autenrieth
P5, 11
68161 Mannheim
Germany
Phone: +49 (0)151 50305646
Email: info[at]gearsofriot.de

Customer's proactive contact via email
If you initiate business contact with us by email, we will only collect your personal data (name, email address, message text) to the extent you have provided it. The data is processed to process and respond to your contact request. If the contact is for the purpose of carrying out pre-contractual measures (e.g. advice in the event of a purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR. If contact is made for other reasons, this data is processed on the basis of Art. 6 (1) (f) GDPR out of our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time for reasons arising from your particular situation. We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.

Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent you have provided it. The data is processed for the purpose of establishing contact. If the contact is for the implementation of pre-contractual measures (e.g. advice in the event of a purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR. If you are contacted for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR out of our overriding legitimate interest in processing and answering your enquiry. In this case, you have the right to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR for reasons arising from your particular situation. We will only use your email address to process your enquiry. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.

Customer account / orders

Customer account
When you open a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your customer account will then be deleted.

For maximum convenience when shopping, we offer the option of permanently storing your personal data in a password-protected customer account. The password is a one-time verification code, which you will receive from us via email. Creating this account is voluntary and based on your consent in accordance with Article 6 (1) (a) GDPR. Once the customer account is set up, you will not need to enter your data again. Furthermore, you have access to the data stored in your customer account at any time, allowing you to view and edit it.

Collection, processing and transfer of personal data when placing orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. Providing this data is required to conclude a contract. Failure to provide this data will result in no contract being concluded. Processing is based on Art. 6 (1) (b) GDPR and is necessary to fulfill a contract with you.

Your data will be shared, for example, with your chosen shipping companies and dropshipping providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to a minimum.

Orders are processed by Printful Inc. (11025 Westlake Drive, Charlotte, NC 28273, USA; "Printful"). To process your online order, your name, address, and any other personal data will be transmitted exclusively to Printful in accordance with Art. 6 (1) (b) GDPR. Data will only be shared to the extent necessary to process your order. Further information on Printful's privacy policy can be found at https://www.printful.com/de/policies/privacy

In order to fulfill our contractual obligations to our customers, we work with external shipping service providers. We transmit your personal data exclusively for the purpose of delivering goods in accordance with Art. 6 (1) (b) GDPR to a shipping partner selected by us.

Advertising

Use of the email address for sending newsletters
We use your email address, regardless of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

To ensure secure registration, we use the double opt-in process. This ensures that your email address is not used without authorization. After registering, you will receive an email with a confirmation link. Only when you click this link will you be added to our newsletter mailing list.

Our email newsletter is sent via the email app of the provider Shopify International Ltd. (2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify"). The data you provide when registering for the newsletter will be transmitted to Shopify. This data transfer occurs in accordance with Art. 6 (1) (f) GDPR and serves our legitimate interest in an effective, secure, and user-friendly newsletter system.

Shopify uses this information exclusively to send newsletters on our behalf. Shopify does not use the data of our newsletter recipients for its own purposes or share it with third parties.

In addition, Shopify uses comprehensive data processing agreements that incorporate the latest version of the European Commission-approved Standard Contractual Clauses (SCCs) to regulate the following:

- all transfers within the Shopify group
- further transfers to their subcontractors

Shopify's privacy policy can be found here: Shopify Privacy Policy - Shopify Germany and information on transfers of personal data

No direct advertising without consent
We only send our newsletter to people who have expressly consented to receive it. There are no tacit consents, no hidden clauses – just transparent communication based on your active consent.

Payment service providers

Using PayPal
We use the PayPal payment service provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal") on our website. Data processing serves the purpose of offering you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.

All PayPal transactions are subject to the PayPal Privacy Policy, which can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

For certain payment methods such as credit card via PayPal and direct debit via PayPal, PayPal reserves the right to obtain a credit report based on mathematical and statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default to make a balanced decision on the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical and statistical procedures and which include, among other things, address data. Your legitimate interests will be taken into account in accordance with the statutory provisions. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes advance payments.

You have the right to object to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR at any time by notifying PayPal, for reasons related to your particular situation. Providing this data is necessary for concluding the contract using your preferred payment method. Failure to provide this data will result in the contract not being concluded using your chosen payment method.

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide whether to accept them individually, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies already stored can be deleted at any time. However, please note that in this case, you may not be able to use all the functions of this website to their full extent.

The following links will tell you how to manage (including deactivate) cookies in the most important browsers:

Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablassen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies
Unless otherwise stated in the privacy policy below, we only use technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you change pages and to offer you services. Some functions of our website cannot be offered without the use of cookies. These require that the browser is recognized even after you change pages.

The use of cookies or similar technologies is based on Section 25 (2) of the Telemedia Act (TDDDG). Your personal data is processed on the basis of Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in ensuring optimal website functionality and a user-friendly and effective design of our services. You have the right to object to this processing of personal data concerning you at any time for reasons arising from your particular situation.

Use of the CCM19 Cookie Consent Manager
We use the CCM19 Cookie Consent Manager from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn - "CCM19" - on our website. This tool allows you to grant consent to data processing via the website, in particular the use of cookies, as well as to exercise your right to revoke consent you have already granted.
Data processing serves the purpose of obtaining and documenting the necessary consent for data processing activities and thus complying with legal obligations. Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to CCM19: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, and consent status. This data will not be shared with other third parties.
Data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR.

Further information on data protection at CCM19 can be found at: Privacy statement - CCM19

A notice:
Details on the use and the individual cookie categories can be found at any time in the settings of the cookie banner and in our cookie policy , which can be accessed via the bottom of every page.

Analysis / Statistics

Using Shopify Statistics
We use the statistical and analytics functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website as part of a contract processing agreement. Shopify is an affiliate of Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data is processed for the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and made available in reports, analyses, and statistics. The following device information is collected and processed, among other things: information about the web browser, IP address, time zone, and some of the cookies installed on your device. When you navigate the website, information about the websites or products visited, the referrer URL (website from which you accessed our website), and information about how you interact with the website is also collected. Technologies such as cookies, web beacons, tags, and pixels (electronic files used to collect information about how you navigate the website) are used for this purpose.
Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) (s) 1 of the Telemedia Act (TDDDG) in conjunction with Article 6 (1) (a) of the GDPR. Your personal data is processed with your consent in accordance with Article 6 (1) (a) of the GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz , information about the order processing agreement at https://www.shopify.com/de/legal/dpa and information about the cookies used at https://www.shopify.com/de/legal/cookies .

Using the Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. Meta and we are jointly responsible for the collection of your data when integrating the service and the transmission of this data to Meta. This is based on an agreement between us and Meta regarding the joint processing of personal data, which defines the respective responsibilities. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools . According to this agreement, we are particularly responsible for fulfilling the information obligations pursuant to Art. 13 and 14 GDPR, for adhering to the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33 and 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the agreement on joint processing. Meta is responsible for enabling the rights of data subjects in accordance with Articles 15 - 20 GDPR, for complying with the security requirements of Article 32 GDPR with regard to the security of the service and for complying with the obligations under Articles 33 and 34 GDPR, insofar as a breach of the protection of personal data affects Meta's obligations under the joint processing agreement.

The application serves the purpose of targeting website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag has been implemented on the website. This tag establishes a direct connection to the Meta servers when you visit the website. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.

The application also serves the purpose of compiling conversion statistics. This allows us to learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions were taken after being redirected to this website. However, we do not receive any information that could personally identify users.

Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is thus committed to complying with European data protection principles.

Your personal data is processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
You can deactivate the "Custom Audiences" remarketing feature here. Further information on how Meta collects and uses data, your rights in this regard, and options for protecting your privacy can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/ .

Use of Google Maps
We use the Google Maps embedding feature provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website. This feature enables the visual display of geographical information and interactive maps. When you access pages that contain embedded Google Maps, Google also collects, processes, and uses data from visitors to the website. Your data may also be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) (s) 1 of the Telemedia Act (TDDDG) in conjunction with Article 6 (1) (a) of the GDPR. Your personal data is processed with your consent in accordance with Article 6 (1) (a) of the GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information about Google's collection and use of data, please see Google's privacy policy at https://www.google.com/privacypolicy.html . There, you can also change your settings in the Privacy Center so that you can manage and protect the data processed by Google.

Rights of data subjects and storage period

Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular those under tax and commercial law, and then deleted or blocked after the expiry of the period unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you are entitled to the following rights under Articles 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
Furthermore, according to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR and to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Phone: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right of objection
If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
Once you have objected, the processing of the data in question will be stopped unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If personal data is processed for direct marketing purposes, you can object to this processing at any time by notifying us. Once you object, we will stop processing the data in question for direct marketing purposes.

last updated: June 27, 2025

Country/region

Language