Privacy policy
Last updated: June 2026
1. Introduction & Our Commitment
Kavallier ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit www.kavallier.de or place an order with us.
Kavallier acts as the data controller under the EU General Data Protection Regulation (GDPR). This means we are responsible for deciding how and why your personal data is processed. We will never sell, rent, or trade your personal data to third parties under any circumstances.
If you have any questions about this policy or how we handle your data, please contact us at kontakt@kavallier.de.
2. Information We Collect
We collect two types of information: data you provide directly to us and data collected automatically when you use our website.
Information you provide includes your name, email address, delivery address, phone number, and payment information when you place an order, create an account, or contact our customer support team.
Information collected automatically includes your IP address, browser type, device information, and data about the pages you visit on our website. This information is collected through cookies and similar tracking technologies as described in Section 4.
3. How We Use Your Information
We use your personal data only for the purposes for which it was collected. Your information is used to process and fulfil your orders, send you order confirmation and dispatch emails, provide customer support, and comply with our legal obligations. This processing is carried out on the basis of contractual necessity — it is required to complete your purchase.
Where you have given us consent, we may send you marketing communications about new products, promotions, and updates. You may withdraw this consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at kontakt@kavallier.de.
We may also use aggregated and anonymised data — data that cannot be linked back to any individual — for analytics and to improve our website and services. This data does not identify you personally.
4. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to operate effectively and to help us understand how visitors use our site.
Strictly necessary cookies are essential for the website to function. They enable core features such as the shopping cart and secure checkout. These cookies cannot be disabled as the website cannot function properly without them.
Analytical and advertising cookies are used by Meta, Google Ads, and TikTok to serve relevant advertisements and to measure the performance of our marketing campaigns. These platforms may use cookies, pixels, and similar technologies to track your activity on our website.
On your first visit to our website, you will be presented with a cookie consent tool allowing you to accept or decline non-essential cookies. You may update your preferences at any time.
5. Order Fulfilment & Third-Party Services
To operate our store and deliver your orders, we work with a number of trusted third-party service providers. Each provider receives only the data necessary to perform their specific function, and all are contractually bound to handle your data in accordance with GDPR.
Our store is built on and hosted by Shopify, which acts as a data processor providing our website infrastructure and checkout functionality. Shopify processes data in accordance with its own GDPR-compliant privacy practices.
Payments are processed securely through Shop Pay, Visa, Mastercard, American Express, Diners Club, Discover, Apple Pay, Google Pay, and PayPal Wallet. We do not store your full card details on our systems. Payment data is handled directly by the respective payment processors under their own security standards.
To ensure fast and efficient delivery, orders are fulfilled from our network of fulfilment centres located in the United States, Germany, and China, with each order routed to the most appropriate and available centre. All fulfilment locations operate under the same rigorous quality control standards regardless of origin, and all outgoing orders are sealed in reinforced, tamper-evident packaging before dispatch.
Our shipping carriers receive your name and delivery address for the sole purpose of completing your delivery. No additional personal data is shared with carriers.
Meta, Google Ads, and TikTok provide advertising and analytics services through pixels and cookies placed on our website. These platforms may process data in accordance with their own privacy policies. You can manage your preferences through our cookie consent tool.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Order records are retained for a minimum of ten years in accordance with German commercial law (HGB). Account information is retained for as long as your account remains active. Marketing data is retained until you withdraw your consent.
Upon receipt of a valid deletion request, we will action the request within 30 days, except where retention is required by applicable law.
7. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data:
The right to access — you may request a copy of the personal data we hold about you.
The right to rectification — you may request that we correct inaccurate or incomplete data.
The right to erasure — you may request that we delete your personal data, subject to any legal retention obligations.
The right to restriction of processing — you may request that we limit how we use your data in certain circumstances.
The right to data portability — you may request that we provide your data in a structured, commonly used, and machine-readable format.
The right to object — you may object to the processing of your data for marketing purposes or where we rely on legitimate interests.
The right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at kontakt@kavallier.de. We will acknowledge your request within 48 hours and provide a full response within 30 days.
8. International Data Transfers
As we work with third-party service providers located outside the European Economic Area, your personal data may be transferred to and processed in countries that are not subject to EU data protection law. In all such cases, we ensure that appropriate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms. These safeguards are subject to the oversight of the competent supervisory authority of your EU member state.
9. Data Security
We take the security of your personal data seriously. Our website uses SSL/TLS encryption to protect all data transmitted between your browser and our servers. Our store infrastructure is provided by Shopify, which maintains industry-standard security practices including regular security audits and access controls.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.
10. Children's Privacy
Our website is not directed at children under the age of 16, in accordance with the GDPR threshold applicable in the EU. We do not knowingly collect personal data from anyone under this age. If you believe that a child under 16 has submitted personal data to us, please contact us at kontakt@kavallier.de and we will take prompt steps to delete that information from our records.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page will always reflect when the policy was last revised. By continuing to use our website after any changes are published, you accept the updated policy.
12. Contact Us & Supervisory Authority
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us at kontakt@kavallier.de. Our team responds within 24 hours on business days.
You also have the right to lodge a complaint with the competent data protection supervisory authority in your EU member state. For customers based in Germany, the relevant authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI), which can be reached at bfdi.bund.de.