Privacy policy

Last updated on November 29, 2025

We believe in being open about your data. This privacy policy shows you what information we collect from you, what we need it for, and who we share it with. We update this policy regularly so you're always up to date and know exactly what happens with your data.

Disclaimer

For your better understanding, we have summarized each section of legal language in plain language. The explanations serve only as a guide and to make reading easier. They are not legally binding.

The sole and authoritative legal basis is the text of the privacy policy, which is presented in the respective marked original version.

We point out that the legally binding formulations always take precedence.

What data we collect

What services we use

Privacy Policy

This webshop is operated by Ears & Gears, located at Rudolf-Breitscheid-Straße 35, 15366 Hoppegarten. In the following, terms like 'we' refer to exactly that.

Through our online service, we offer handcrafted leashes and collars made from vegan, high-quality materials. Our goal is to combine safety, design, and comfort. Through our configurator, you can design and order unique pieces for your favorite pets.

The protection of your personal data is of great importance to us. In this privacy policy, we inform you in a simple and transparent manner about what data we collect on our website and how we process it.

1. Responsible Party and Contact

If you have any questions or comments about this privacy policy, you can reach us by email at privacy@earsgears.shop or by post at:
Ears & Gears
Rudolf-Breitscheid-Straße 35
15366 Hoppegarten
Germany
Data Protection Officer:
Alina Marschke
Email: alina@earsgears.shop

2. Principles of Data Processing

We process your personal data only in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). This privacy policy transparently informs you about:
  • What data we collect and for what purposes
  • On what legal basis the processing takes place
  • How long we store your data
  • To whom data is disclosed
  • What rights you have and how you can object to processing

3. Definitions

3.1 What is personal data?

Personal data means all information through which an individual person can be identified directly or indirectly. This includes names, address information, dates of birth, digital contact methods such as email or telephone numbers, as well as technical identifiers such as IP addresses.

3.2 What does processing mean?

Processing is any form of handling or working with personal data, regardless of the method or tool used. This includes, for example: collecting, storing, adapting, transmitting, archiving, deleting personal data.

3.3 What does disclosure mean?

This means that personal data is transmitted to third parties or made accessible to them in any way, whether through targeted release, publication, or inspection.

3.4 What are third parties?

Third parties are all those who are neither the data subject themselves nor part of the responsible instances or those acting on their behalf. This includes both individuals and companies, authorities, or other organizations that are outside the direct area of responsibility or work and are not authorized to handle the relevant personal information independently.

3.5 When is there consent?

Consent exists when a person, of their own decision and with clear knowledge of the significance of their decision, expressly or through clearly recognizable action agrees that their personal data may be processed for a previously specified purpose. This consent must be unambiguous and may not be influenced by coercion or lack of clarity.

3.6 When is data considered pseudonymized?

Pseudonymization refers to a process in which personal information is modified or encrypted in such a way that it can no longer be directly attributed to a specific person without the use of additional, separately secured information. This additional data is kept separately and protected by technical and organizational safeguards to ensure that identification of the person concerned is excluded.

4. Data Security

Your data is securely stored by us, and we take all reasonable precautions to protect it from loss, unauthorized access, misuse, or alteration.
This includes, for example, the following measures:
  • SSL/TLS encryption for all data transmissions
  • Regular security updates
  • Access controls and authorization concepts
  • Regular data backups
Our business partners and employees who have access to your data are required to comply with applicable data protection regulations.
Despite all precautions, the security of data during transmission over the Internet cannot be 100% guaranteed.

5. Data Subject Rights

As a data subject under GDPR, you have various rights, which arise in particular from Articles 15 to 21 GDPR

5.1 Right to Object

You can revoke consent given for the processing of your personal data at any time without giving reasons. The revocation takes effect from the time of its notification and does not affect the lawfulness of processing that has already taken place.
If we base the processing of your data on a balancing of interests, you can object at any time. Please inform us of the reasons why you reject the processing. We will then check whether protective reasons on our part outweigh or whether we must stop processing.
In addition, you have the right to object to the processing of your data for advertising purposes and data analysis. You can inform us of this at any time using the contact details provided in this privacy policy.
To exercise your right of revocation or objection, contact us using the contact details provided at the beginning of this policy.
What this means
You can withdraw your consent at any time without giving reasons. This applies from the moment you inform us.
If we use your data based on legitimate interests, you can object. Just tell us why. We'll then check and stop processing if possible and necessary.
For advertising and data analysis purposes, you can always object.
Just send us a message using the contact details at the beginning of this policy.

5.2 Right of Access

You have the right to request information at any time about the personal data we have stored about you. The information is provided free of charge in written or electronic form within one month of the request.
If necessary, we can extend the processing period by two additional months if the complexity or number of requests requires it. You will be informed of any extension in good time. In most cases, however, the information is automated and immediately available.
In the case of manifestly unfounded or abusive requests, we reserve the right to refuse the information or charge a fee. The right of access does not apply insofar as it would impair the rights and freedoms of other persons.
To exercise your right of access, you can take the following routes. In both cases, you will receive the information in a common electronic format:
  • An email with valid proof of identity to privacy@earsgears.shop
  • Direct download of data via the application (Profile > Account > Download personal data)
What this means
You can find out free of charge at any time what data we have stored about you. You normally receive the information within one month.
If it gets complicated or too many requests come in, we can extend the deadline by two months. In that case, we'll let you know in good time. Usually, however, it's automatic and immediate.
For manifestly pointless or abusive requests, we can refuse or charge a fee.
To get the data, simply send an email to privacy@earsgears.shop or download the data directly from your profile.

5.3 Rectification

You have the right, in accordance with legal requirements, to request the completion of data concerning you or the correction of inaccurate data concerning you.
To exercise your right to rectification, contact us using the contact details provided in this privacy policy.
What this means
You can request that we correct incorrect data about you or complete incomplete data. Just write to us using the contact details in this privacy policy.

5.4 Deletion and Restriction

You have the right to request the deletion of your personal data. However, this does not apply insofar as statutory retention obligations or other legal reasons prevent deletion. Please note that deletion of your data may affect the fulfillment of existing contracts.
To exercise your right to deletion, you can take the following routes:
  • An email with valid proof of identity to privacy@earsgears.shop
  • Direct deletion request via the application (Profile > Account > Delete account)
Alternatively, you can request that the processing of your data be restricted. This is particularly possible if you dispute the accuracy of the data, the processing is unlawful, you no longer need the data, or you have objected to the processing.
While a restriction applies, your data will only be stored. Further processing is only permitted with your consent, to assert legal claims, to protect the rights of third parties, or for reasons of important public interest. You will be notified when the restriction is lifted.
To exercise your right to restriction, contact us using the contact details provided in this privacy policy.
What this means
You can request that we delete your data. Exception: If we have to keep it for legal reasons. Note: Deletion may affect ongoing contracts.
To delete your data, simply send an email to privacy@earsgears.shop or delete the data directly from your account.
Instead of deletion, you can also request that we restrict processing.
With a restriction, we only store your data but no longer process it. Exceptions: You consent, we need it for legal claims, to protect others, or for important public interest. If we lift the restriction, we'll let you know.
Write to us if you want a restriction using the contact details in this privacy policy.

5.5 Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. This applies in particular when the processing is based on your consent or a contract with us and the processing is automated.
You can request that we transmit this data directly to another controller, provided this is technically feasible. We will not hinder you in this.
Please note that the right to data portability does not apply to data that we process for other legal reasons (e.g., due to legal obligations).
To exercise your right to data portability, contact us using the contact details provided in this privacy policy.
What this means
You can also request that we send your data directly to another provider if this is technically possible.
This does not apply to data that we must process for legal reasons.
Write to us if you want to transfer your data using the contact details in this privacy policy.

5.6 Complaint to Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the General Data Protection Regulation. The competent authority is in particular the supervisory authority in the country where you usually reside, work, or where the violation took place.
What this means
If you think we're violating data protection rules, you can complain to a data protection supervisory authority. The authority in the country where you live, work, or where the violation happened is responsible.

6. Individual data processing operations

6.1 Use of the Website - Hetzner Server Hosting

When you visit our website, technical data is automatically collected that your browser transmits to our server. This is necessary for the operation of the website.

List of processed data

All data is pseudonymized and cannot be attributed to a specific person.

  • IP address and internet service provider
  • Date and time of request
  • Technical data (browser type and version, operating system, amount of data transferred, hostname of accessing computer)
  • Referrer URL (previously visited page)

Purpose of Processing This Data

The legal basis for this data processing is Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the functionality and security of our website. These interests outweigh your data protection interests, as the processing is technically mandatory for the operation of the website and the data is only stored for a short time.

Legal Basis for Data Processing

The legal basis for this data processing is Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the functionality and security of our website. These interests outweigh your data protection interests, as the processing is technically mandatory for the operation of the website and the data is only stored for a short time.

Data Disclosure

We host our entire infrastructure with Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Hetzner operates the server infrastructure in German data centers as our processor. All servers are located exclusively in Germany, so your data does not leave the Federal Republic of Germany. We have concluded a data processing agreement with Hetzner in accordance with Art. 28 GDPR. Further information on data protection at Hetzner can be found in their privacy policy.

Preventing Data Processing

The processing of this data is technically mandatory for the operation of the website, but is never permanently stored and only exists for the duration of the session. The storage of log files is necessary for the technical operation and security of our website. This data is automatically collected and stored. Since this storage is technically necessary, you cannot object to it.
What this means
When you visit our website, technical data is automatically collected - this is necessary for operation.
What data: IP address, date/time, browser and device info, previous page. All data is pseudonymized.
Why: So the website works and stays secure.
Where: All servers are at Hetzner in Germany. Your data always stays in Germany.
The data is only stored briefly and is technically necessary - you cannot object to this.

6.2 Use of the Website - Bunny

We use Bunny as a Content Delivery Network (CDN) for optimized content delivery. Technical data is collected that is necessary for functionality.

List of processed data

  • IP address and internet service provider
  • Date and time of request
  • Technical data (browser type and version, operating system, amount of data transferred, hostname of accessing computer)
  • Referrer URL (previously visited page)

Purpose of Processing This Data

We use Bunny to deliver content from our website quickly and securely to you. The CDN distributes our website content to servers worldwide so they can be loaded from a server near you. This significantly improves loading speed and reduces the load on our main servers hosted on Bunny. Bunny also helps us defend against DDoS attacks and ensure website availability. The processed data is used exclusively to optimize website performance and ensure security.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(f) GDPR. We have a legitimate interest in providing our website quickly, securely, and reliably. The use of a CDN is technically necessary to ensure adequate performance, especially for users who are geographically far from our main server.

Data Disclosure

The data is transferred to Bunny (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia) as our processor. Bunny operates a global server network with locations in Europe, North America, Asia, and other regions. Your data may be processed on any of these servers, with Bunny having implemented adequate industry-standard security measures. Further information about Bunny's data protection practices can be found on their website.

Preventing Data Processing

Processing by Bunny is technically mandatory to provide our website. Without this processing, you cannot use our website, as all content is delivered via the CDN or server. If you do not want the processing, you must refrain from visiting our website. The data is only processed for the duration of content delivery and stored according to Bunny's retention policies.

Storage Duration

The data is only stored at Bunny for as long as technically necessary to provide CDN services.
What this means
We use Bunny CDN so the website loads faster - especially if you're far from our main server.
What data: IP address, date/time, browser and device info, previous page.
Why: Faster loading times, better security against attacks, more reliable website.
Where: Bunny has servers worldwide (Europe, USA, Asia). Your data can end up on any of these servers.
Processing is technically necessary - without it you can't use the website. Data is only stored temporarily.

6.3 Data Storage and Database Hosting

All personal data collected via our website is stored in a central database that we use to operate our services.

List of processed data

All personal data described in the previous or subsequent sections of this privacy policy. Including, among others, the following.

  • Session information
  • Technical metadata (creation and modification timestamps)
  • Pet emergency entries
  • Authentication data (OAuth connections)
  • Order data (addresses, order history)
  • Account data (email address, name, phone number)

Purpose of Processing This Data

The database forms the technical foundation for all our services. It enables us to store and retrieve your account information, manage and track your orders, recognize and log you in on each visit, save your preferences and settings, and provide all functions of our website. Central data storage ensures the consistency and integrity of your data across all areas of our website and enables us to efficiently implement your rights to access, rectification, and deletion.

Legal Basis for Data Processing

The legal bases for data storage correspond to the respective legal bases of the individual data processing operations explained in the previous sections of this privacy policy. Storage takes place in particular for contract fulfillment (Art. 6(1)(b) GDPR), based on your consent (Art. 6(1)(a) GDPR), to fulfill legal obligations (Art. 6(1)(c) GDPR), and based on our legitimate interests in the proper operation of our website (Art. 6(1)(f) GDPR).

Data Disclosure

We host and manage our database ourselves on our own infrastructure within Germany. There is no disclosure of data to third-party providers for database hosting. Your data never leaves Germany. We have implemented extensive technical and organizational measures to ensure the security of your data, including encryption at rest and in transit, strict access control and monitoring, and automated backups to prevent data loss.

Preventing Data Processing

Storage of your data in our database is technically mandatory to provide you with our services. Without this data storage, you cannot create an account, place orders, or use other functions of our website. If you do not want your data stored, you must refrain from using our services. However, you have the right at any time to delete your account and thus all stored data (see Section 5.4). After deletion of your account, all personal data will be removed from the database, except for data that we must continue to store due to statutory retention obligations (such as order data for tax purposes).

Storage Duration

The storage duration is based on the specific retention periods for individual data types, as described in the respective sections of this privacy policy. In general: Account data is stored until deletion of your account, order data is subject to a statutory retention obligation of 10 years, temporary session data is deleted after the end of the session, and data without specific retention obligations is deleted when the processing purpose ceases or you request deletion.

Data Security

The database is protected by multiple security layers. All data is encrypted both in transit and at rest. Access to the database is strictly controlled and only possible for authenticated systems and authorized employees. Automatic backups are created and stored encrypted to prevent data loss. The database infrastructure is continuously monitored to detect anomalies or security incidents early.
What this means
All your data (account, orders, settings, etc.) is stored in our central database.
What data: Email, name, phone, addresses, orders, login info, pet emergency entries, and more.
Why: So the website works - for your account, orders, login, and all functions.
Where: Our own database in Germany. Your data never leaves Germany.
Security: Everything is encrypted, access strictly controlled, automatic backups.
Storage duration: Account data until deletion, order data 10 years (legal), session data only during session.
You can delete your account at any time - then all data is removed (except order data, which we must keep for 10 years for tax purposes).

6.4 Contact

When you contact us by email, phone, or through our contact form, we process your data to handle your inquiry.

List of processed data

  • Name
  • Email address
  • Content of your message
  • Time of contact
  • For contact form: IP address to protect against abuse

Purpose of Processing This Data

We process your contact data to answer your inquiry and provide you with customer service and support. Documentation of communication serves to protect both of us and enables us to refer back to previous correspondence in case of follow-up questions.

Legal Basis for Data Processing

The legal basis for processing is usually Art. 6(1)(f) GDPR, as we have a legitimate interest in responding to inquiries. If your inquiry relates to an existing or future contractual relationship, the legal basis is Art. 6(1)(b) GDPR.

Data Disclosure

As a rule, we do not share your contact data with third parties. Disclosure only occurs if necessary to answer your inquiry (for example, if you have a delivery status inquiry and we need to contact the shipping service provider).

Preventing Data Processing

Without providing your contact data, we cannot answer your inquiry. If you do not want the processing, you must refrain from contacting us. You can request deletion of your data after completion of communication, provided there are no retention obligations.

Storage Duration

For general inquiries, we delete your data after completion of the inquiry or after the end of communication. For contract-related inquiries, we store the data according to statutory retention periods (usually 10 years).
What this means
When you write to us by email, phone, or contact form, we store your data to be able to respond to you.
What data: Name, email, your message, timestamp. For contact form also IP address against abuse.
Why: To answer your inquiry and provide support. Documentation protects both of us.
Disclosure: Normally not. Only if necessary (e.g., for delivery status questions to the shipping service provider).
Storage duration: General inquiries are deleted after completion. Contract-related inquiries 10 years (legal).
You can request deletion after the end of communication if there is no legal retention obligation.

6.5 Newsletter via Brevo

We offer you the opportunity to subscribe to our newsletter to be informed about new products, offers, and news.

List of processed data

  • Email address (required field)
  • Name (optional, for personalized address)
  • Time of registration
  • IP address at time of registration (to document the registration process)
  • Time of confirmation (double opt-in)
  • Open rate (whether and when you open newsletters)
  • Click behavior (which links you click in the newsletter)
  • Device information (device type, operating system, email client)
  • Time of unsubscription (if applicable)

Purpose of Processing This Data

We process your data to regularly send you our newsletter with information about new products, special offers, discount promotions, and news about Ears & Gears. Collection of open and click rates serves to measure the success of our newsletter campaigns and helps us understand which content is most relevant to our subscribers. This allows us to continuously improve our newsletters and better align them with your interests. Storage of your IP address and registration and unsubscription times serves as proof that you legitimately subscribed to the newsletter and protects us from abusive registrations by third parties.

Legal Basis for Data Processing

The legal basis for sending the newsletter is Art. 6(1)(a) GDPR, based on your express consent. You give this consent through the double opt-in procedure: After registration, you receive an email with a confirmation link. Only when you click this link is your registration activated and you receive our newsletter. Processing for documentation of registration is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in being able to prove the legitimacy of the registration.

Data Disclosure

For sending our newsletter, we use the service Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany, parent company: Sendinblue SAS, 55 rue d'Amsterdam, 75008 Paris, France). Brevo is a certified email marketing service provider based in the European Union and processes your data as our processor. All newsletter data (email address, name, tracking data) is stored and processed on Brevo's servers within the EU. Brevo has committed to comply with all GDPR requirements. Further information on data protection can be found directly at Brevo.

Preventing Data Processing

You can revoke your consent to receive the newsletter at any time without incurring costs. At the end of each newsletter you will find an unsubscribe link with which you can unsubscribe with one click. Alternatively, you can send us an email to privacy@earsgears.shop, send the revocation by post to our address, or make it directly in the profile settings under Privacy. After unsubscribing, you will be immediately removed from our newsletter distribution list and will no longer receive any newsletters. Revocation of consent does not affect the lawfulness of processing that took place up to the revocation.

Storage Duration

We store your newsletter data as long as you are subscribed to the newsletter. After you unsubscribe, your data is deleted from the active newsletter distribution list. We store the documentation data (IP address, time of registration and unsubscription) for 3 years to be able to prove in case of disputes that the registration was legitimate. This storage is based on our legitimate interest according to Art. 6(1)(f) GDPR.

Tracking in Newsletter

Our newsletters contain so-called tracking pixels (web beacons). A tracking pixel is a small graphic file embedded in emails that enables us to recognize whether and when you opened a newsletter. The links contained in the newsletters are provided with tracking parameters so that we can track which links were clicked. This information is collected pseudonymously and serves statistical purposes only. It is not merged with other personal data and is not shared with third parties. If you do not want tracking, you can disable the display of images in your email program or generally reject HTML emails. However, this may affect the display of the newsletter.
What this means
You can subscribe to our newsletter to get info about new products and offers.
What data: Email (required), optional name, registration time, IP address, whether/when you open newsletters, which links you click, device info.
Why: To send you newsletters and see which content interests you - so we can improve the newsletters.
Double opt-in: You must confirm your registration via link in an email - only then will you receive newsletters.
Where: We use Brevo (German/EU provider). All data stays in the EU.
Tracking: We see whether/when you open newsletters and which links you click (anonymized, for statistics only). You can prevent this by disabling images.
Unsubscribe: Free at any time - via link in newsletter, email to privacy@earsgears.shop, or in your profile settings.
Storage duration: As long as you're subscribed. After unsubscribing, data is deleted. Documentation (IP, timestamps) for 3 years as proof.

6.6 Technically Necessary Cookies

We use cookies to ensure the functionality of our website and improve your user experience. Most of the cookies we use are so-called "session cookies". These are automatically deleted as soon as you leave our website. Other cookies remain stored on your device until you manually delete them or their validity period expires.

List of processed data

For an exact technical listing of all cookies in their details, you can look at our Cookie Policy.

  • Session ID and cache (to maintain login)
  • Language and region settings
  • Tracking preferences (your settings in the Privacy menu)
  • Already completed interactions (privacy accepted, warnings seen once, etc.)

Purpose of Processing This Data

These cookies serve to maintain your login during the session so that you don't have to re-enter your credentials on every page. We store your cookie settings to respect your preferences and not ask for your consent again on every visit. The language and region settings enable us to display the website in your preferred language.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(f) GDPR. We have a legitimate interest in the technical operation of the website and in providing basic functions. These cookies are technically necessary and their use outweighs your data protection interests.

Data Disclosure

These cookies are set exclusively by us and the data is not shared with third parties.

Preventing Data Processing

You can block or delete cookies in your browser settings. However, this may significantly limit the functionality of the website. In particular, login is not possible without session cookies and your preferences cannot be saved.

Storage Duration

Session cookies are deleted after the end of your browser session. Persistent cookies (for cookie settings and language preferences) remain stored until you delete them.
What this means
We use cookies so the website works properly.
What data: Session ID for login, language/region, your privacy settings, whether you've already seen certain notices.
Why: So you stay logged in, your language is saved, and we don't constantly ask you for cookie consent.
Disclosure: None - only we use these cookies.
You can block cookies in the browser, but then the website won't work properly anymore (e.g., no login possible).
Storage duration: Session cookies until you close the browser. Other cookies until you delete them.
Details on all cookies can be found in our Cookie Policy.

6.7 Plausible

We use Plausible to measure and analyze user interactions on our website. This enables us to understand user behavior and continuously improve our services. Plausible is a completely cookie-free and anonymous analytics solution that we host ourselves.
Cookie-free and anonymous analysis: Plausible works completely without cookies and does not collect personal data. No user profiles are created and no visitors are tracked across different sessions. The legal basis for processing is our legitimate interest in further developing, optimizing, and generally administering the website based on user interaction by observing the functionalities and capacities and adjusting them as needed (Art. 6(1)(f) GDPR).

List of processed data

  • Pages visited and their sequence
  • Time spent on individual pages
  • Origin of visit (referrer)
  • Device type, browser, operating system
  • IP address (anonymized)

Purpose of Processing This Data

We use Plausible to understand how visitors use our website and to make improvements based on this. Analysis of user behavior helps us identify and fix technical problems. We optimize user guidance and content to provide you with a better user experience. We also want to understand which products and content are most relevant to our visitors.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). Since Plausible works completely anonymously and cookie-free, no consent under GDPR or TTDSG is required.

Data Disclosure

We host Plausible ourselves on our own infrastructure within Germany. There is no disclosure of data to third-party providers. Your data never leaves Germany.

Preventing Data Processing

Since Plausible does not collect personal data and works completely anonymously, there is usually no need to prevent data processing. Should you nevertheless want to prevent the collection of analytics data, you can use browser add-ons to block tracking tools (for example uBlock Origin, Privacy Badger, or Ghostery).
What this means
We use Plausible (self-hosted) to see how the website is used - completely anonymous and without cookies.
What data: Pages visited, time spent, where you come from, device type/browser. IP address is anonymized.
Why: To improve the website, find problems, and understand which content is interesting.
Important: No cookies, no profiles, no tracking across sessions - completely anonymous.
Where: On our own servers in Germany. Data never leaves Germany.
You can block Plausible with browser add-ons (e.g., uBlock Origin), but since it's anonymous, it's actually not necessary.
No consent required because completely anonymous.

6.8 Registration and Login

Registration and login are required to use certain functions of our website (e.g., orders, manage pets, save favorites).

List of processed data

Additional data is collected when logging in via OAuth services (Google, Facebook, Instagram, TikTok). These are marked with an *.

  • Email address (required field)
  • Name (first and last name) (optional)
  • Phone number (optional)
  • Time of registration and last login
  • IP address at time of registration
  • Delivery addresses
  • Profile ID of the respective service*
  • Email address (stored by the service)*
  • Name (stored by the service)*
  • Phone number (stored by the service)*

Purpose of Processing This Data

We process your registration data to manage your customer account and authenticate you when logging in. The data enables us to communicate with you, for example to send order confirmations or important account information. We also need the data to prevent abuse and fraud and to fulfill pre-contractual and contractual obligations.

Legal Basis for Data Processing

The legal basis for processing your registration data is Art. 6(1)(b) GDPR, as processing is necessary for contract fulfillment or to carry out pre-contractual measures. When using OAuth login services and providing optional data (such as phone number during registration), processing is based on your consent according to Art. 6(1)(a) GDPR.

Data Disclosure

When using OAuth login, we communicate with the respective providers (Google, Facebook, Instagram, TikTok) to verify your identity. These providers process your data according to their own privacy policies.

Preventing Data Processing

Without registration, you cannot place orders or use personalized functions. If you do not want your data processed, you must refrain from using these functions. You can completely delete your account at any time under Profile > Account > Delete account. For OAuth logins, you can additionally revoke the connection in the settings of the respective service.

Storage Duration

We store your registration data until deletion of your account.
What this means
To place orders, manage pets, or save favorites, you need an account.
What data: Email (required), optional name and phone, registration time, IP address, delivery addresses.
For login via Google/Facebook/Instagram/TikTok: Additionally profile ID and data stored by the service (email, name, phone).
Why: For your customer account, login, communication (e.g., order confirmations), fraud protection.
For OAuth login: We verify your identity with the respective provider (they have their own privacy policies).
Without an account you can't order or use personalized functions.
You can completely delete your account at any time under Profile > Account > Delete account.
Storage duration: Until you delete your account.

6.9 Order Processing

When you order products from us, we collect additional data to process your order.

List of processed data

  • All data from your customer account (email, name)
  • Delivery address (name, street, house number, postal code, city, country)
  • Billing address (if different from delivery address)
  • Ordered products and quantities
  • Order date and time
  • Order number
  • Price and payment status
  • Delivery status
  • Communication in connection with the order

Purpose of Processing This Data

We process your order data to process your order and deliver the products to you. We also need the data for invoicing and for our customer service to be able to answer inquiries about your order. In addition, we are legally obliged to retain order data for commercial and tax purposes. The data may also be required to assert legal claims.

Legal Basis for Data Processing

Processing of your order data is based on Art. 6(1)(b) GDPR for fulfillment of the purchase contract. Long-term retention is based on Art. 6(1)(c) GDPR, as we are legally obliged to retain the data for commercial and tax purposes.

Data Disclosure

We share your name and delivery address with the shipping service provider we commission so that they can deliver the products to you. For payment processing, the necessary data is transmitted to Mollie (see Section 6.10). In the context of our accounting, anonymized or aggregated data may be shared with our tax advisor. In individual cases, we may be entitled to share your data with a collection agency in the event of payment default.

Preventing Data Processing

Without processing this data, we cannot process your order and deliver the products to you. If you do not want the processing, you can refrain from ordering or use alternative purchasing options.

Storage Duration

Order data is stored for 10 years to comply with statutory retention obligations under § 147 AO (Tax Code) and § 257 HGB (Commercial Code). We store communication in connection with orders for 3 years after the end of the contract.
What this means
When you order, we need additional data to process the order.
What data: Account data (email, name), delivery and billing address, ordered products, order number, price, payment and delivery status, communication about the order.
Why: To process your order, deliver it, issue invoices, provide support. Legally we must keep the data for tax/commercial purposes.
Disclosure: Name and address to shipping service provider. Payment data to Mollie. Anonymized data possibly to tax advisor. In case of payment default possibly to collection agency.
Without this data we can't deliver - if you don't want this, you must refrain from ordering.
Storage duration: Order data 10 years (legally required). Communication about order 3 years after end of contract.

6.10 Payment Processing with Mollie

We use Mollie, an online payment processing platform, to process payments securely. Mollie enables us to accept various payment methods. Payment is processed via a checkout page provided by Mollie.

List of processed data

Mollie manages, among other things, the following data. We only receive the data marked with an * from Mollie.

  • Name
  • Email address
  • Billing address
  • Payment information (credit card number, expiration date, security code)
  • Order amount
  • Order number
  • Payment status (*successful/failed)
  • Transaction ID*
  • Time of payment*
  • Mollie customer number for assignment*

Purpose of Processing This Data

Processing serves to process payment for your order. Mollie also uses the data for fraud prevention to protect both you and us from fraudulent transactions. In addition, we are legally obliged to retain transaction data for tax and accounting purposes.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(b) GDPR, as payment processing is necessary for fulfillment of the purchase contract. Without processing of payment data by Mollie, we cannot execute your order.

Data Disclosure

Your payment data is transmitted to Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands). Mollie is a company based in the European Union and processes your data as our processor. The data is processed and stored within the EU. Further information can be found in Mollie's privacy policy at https://www.mollie.com/de/legal/privacy.

Preventing Data Processing

Without transmission of payment data to Mollie, you cannot complete an order with us. If you do not want processing by Mollie, you must refrain from ordering or use alternative payment methods, if we offer them in the future.

Storage Duration

We store the transaction data received from Mollie (payment status, transaction ID, etc.) for 10 years according to statutory retention obligations. Mollie stores the complete payment data according to their own privacy policy and the legal requirements applicable to payment service providers.
What this means
We use Mollie to process your payments securely. Payment is processed via a checkout page provided by Mollie.
What data: Mollie processes name, email, address, and payment data. We only get info like payment status and transaction ID.
Why: So your order can be paid for and to prevent fraud.
Where: Data goes to Mollie in the Netherlands (EU). All data stays within the EU.
Without Mollie you can't order from us. We store transaction data for 10 years (legal obligation).

6.11 Pet Emergency Page

On our pet emergency page, we offer pet owners the opportunity to make their contact information publicly accessible for emergencies.

List of processed data

  • Name of pet owner
  • Phone number
  • Email address
  • Information about the pet (name, species, special features)
  • Optional: Photo of the pet
  • Date of last update

Purpose of Processing This Data

We process and publish this data to make your contact information publicly available for emergencies. This enables finders or helpers to contact you quickly in an emergency if your pet gets into a difficult situation.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(a) GDPR. Publication is based exclusively on your express consent. You explicitly agree to public publication when setting up the pet emergency entry.

Data Disclosure

Important: This data is published publicly on our website and is visible to any visitor who has the link to the pet profile. This is not disclosure to specific third parties, but general publication on the internet. Any internet user can view, copy, or save this data.

Preventing Data Processing

You can delete the data at any time in your user profile or contact us at privacy@earsgears.shop. After revocation or deletion, your data will be immediately removed from the pet emergency page and will no longer be publicly visible.
Please note that data that was already public may have been saved or copied by third parties. We have no control over the deletion of such copies. We therefore recommend that you carefully consider what data you want to disclose before publication.

Storage Duration

We store and publish your data until you delete the entry or until you delete your entire user account.
What this means
You can voluntarily publish your contact information on our pet emergency page so people can reach you in an emergency.
What data: Your name, phone, email, info about your pet, and optionally a photo.
Why: So finders or helpers can contact you quickly if your pet is in distress.
IMPORTANT: This data is publicly visible on the internet to anyone with the link and can be copied by others.
You can delete your data yourself at any time or contact us. Data remains stored until you delete it or delete your account.

6.12 Address Validation

We use Geoapify to validate and complete delivery addresses to ensure that your orders can be delivered correctly.

List of processed data

  • Entered address (potentially incomplete search query)
  • Validation result (complete and correct address)

Purpose of Processing This Data

We process your address data with Geoapify to check the accuracy and completeness of your delivery address. This serves to avoid delivery problems and ensure that your order actually reaches you. The service helps us complete incomplete addresses (for example, add missing postal codes), detect and correct typos in street names or place names, and identify non-existent addresses before the order is completed. This allows us to give you feedback before completing the purchase and you have the opportunity to correct the address, preventing delays in delivery.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6(1)(b) GDPR, as address validation is necessary for proper fulfillment of the purchase contract. Without a valid delivery address, we cannot deliver your order correctly. In addition, we have a legitimate interest according to Art. 6(1)(f) GDPR in avoiding incorrect deliveries and associated costs and efforts.

Data Disclosure

The address data is transmitted to Geoapify (Geoapify GmbH, Marienstraße 23, 10117 Berlin, Germany) for validation. Geoapify processes the data as our processor exclusively for the purpose of address validation.
Important privacy aspect: Validation requests are made exclusively from our server, not directly from your browser. This means that Geoapify cannot establish a connection between the address data and your IP address or other personal identification characteristics. Geoapify only receives the address to be validated without information about who made the request. This ensures additional data protection, as Geoapify cannot create user profiles or assign addresses to specific persons.
Geoapify stores validation requests only for technical and statistical purposes and deletes them after a short time. Further information on data protection at Geoapify can be found on their website.

Preventing Data Processing

Address validation occurs automatically when you enter a delivery address to ensure the quality of address data. You cannot directly prevent validation without refraining from ordering. However, since validation is exclusively server-side and Geoapify cannot establish a connection to you as a person, the interference with your data protection rights is minimal. Processing serves your own interest in successful delivery. If you do not want address validation, you can refrain from ordering from us.

Storage Duration

Address data is only processed temporarily at Geoapify for the duration of the validation request and is not permanently stored. In our own database, we store the validated address according to the retention periods for order data already described.
What this means
We use Geoapify to check and complete your delivery address so your package arrives.
What data: Your entered address and the corrected/completed version.
Why: To find typos, add missing info, and ensure the address exists.
Where: Geoapify in Berlin checks the address. Important: The check runs through our server, not directly from your browser - so Geoapify doesn't know who you are.
Validation happens automatically when ordering and cannot be prevented. Geoapify only stores data briefly, we store it like other order data.