PRIVACY POLICY
As of: [2026-06-23]
Thank you for visiting our website and online shop. Below, we inform you about which personal data we process when you use our online shop, place orders, submit contact inquiries, in connection with our newsletter, and within the scope of analytics, marketing, and shop functions.
Personal data means any information relating to an identified or identifiable natural person.
CONTROLLER
The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is:
Capelli Europe GmbH
Elisabethstr. 17
40880 Ratingen
Germany
Email: onlineCSP@capellieurope.com
Wherever "we," "us," or "our" are mentioned in this privacy policy, this refers to Capelli Europe GmbH.
GENERAL INFORMATION ON DATA PROCESSING
We process personal data exclusively within the framework of applicable data protection regulations, particularly the GDPR and – where applicable – the Telecommunications-Digital Services Data Protection Act (TDDDG).
We process personal data particularly when
- you visit our website,
- you create a customer account,
- you place an order,
- you contact us,
- you subscribe to our newsletter,
- you consent to analytics or marketing technologies,
- you use external links or embedded content.
SSL AND TLS ENCRYPTION
For security reasons and to protect the transmission of confidential content, our website uses SSL or TLS encryption. You can usually recognize an encrypted connection by the "https://" string and the lock symbol in your browser's address bar.
HOSTING, SHOP SYSTEM AND CHECKOUT VIA SHOPIFY
Our online shop is operated on the Shopify platform.
According to Shopify, the provider for customers from the EEA, the United Kingdom, the Middle East, South America, and Africa is:
Shopify International Ltd.
c/o Intertrust Ireland
2nd Floor, 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland
As part of operating our online shop, Shopify processes the following data on our behalf or under its own data protection responsibility – depending on the function – including:
- IP address,
- device and browser data,
- log and usage data,
- shopping cart contents,
- customer account and profile data,
- order and transaction data,
- billing and shipping data,
- communication data,
- security and fraud prevention data.
Processing is carried out for the purpose of providing our shop, for the technical delivery of the pages, to ensure stability and security, to process orders, to provide the checkout, for fraud prevention, and for evaluating and optimizing shop functions.
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for the initiation or performance of a contract, and Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in a secure, stable, and economically operated online shop.
Insofar as Shopify acts as a processor for certain processing activities, we conclude the necessary agreements according to Art. 28 GDPR or rely on the contractual documents provided by Shopify.
SHOPIFY CUSTOMER PRIVACY, COOKIE CONTROL, AND SHOPIFY NETWORK INTELLIGENCE
We use the privacy and consent functions provided by Shopify in conjunction with our consent solution to technically implement consents, revocations, and objections and to transfer them to Shopify-managed areas – especially checkout, pixel, and similar functions.
In addition, Shopify Network Intelligence is enabled in our Shopify setup. This allows Shopify to use customer data from interactions with our shop, along with data from interactions with Shopify and other merchants, to provide enhanced services and features for protection, growth, personalization, performance, and advertising support. No other merchant can access our data.
Insofar as technically non-essential cookies, pixels, or similar technologies are used for these extended functions, or if processing takes place for analysis, marketing, or advertising purposes, we obtain your consent in advance, where legally required. You can revoke or change granted consents at any time with effect for the future.
In connection with Shopify Network Intelligence, it may also be necessary to refer to Shopify's privacy information and the Shopify Privacy Portal in our privacy policy, through which data subjects can exercise additional rights and objection/opt-out options.
SERVER LOG FILES
Each time you visit our website, information is automatically transmitted by your device's browser to our servers or to the hosting service providers we use. This information is temporarily stored in so-called server log files.
In particular, the following can be processed:
- page accessed,
- date and time of access,
- referrer URL,
- browser type and browser version,
- operating system used,
- device characteristics,
- IP address,
- access status,
- amount of data transferred.
Processing is carried out to ensure the stability, security, and functionality of the website, as well as to prevent and analyze misuse, attacks, or disruptions.
The legal basis is Art. 6 para. 1 lit. f GDPR.
Unless security-relevant incidents need to be investigated, log files are usually deleted or anonymized after a short period. If there are concrete indications of misuse, longer storage may be necessary until final clarification.
COOKIES, PIXELS, LOCAL STORAGE, AND SIMILAR TECHNOLOGIES
We use cookies, pixels, local storage, session storage, and comparable technologies on our website.
We use technically necessary technologies to provide the shop and enable basic functions, in particular:
- page delivery,
- shopping cart,
- checkout,
- payment processing,
- login and customer account,
- language settings,
- consent management,
- IT security,
- load balancing,
- error analysis to the absolutely necessary extent.
Insofar as the storage of information in your device or access to information in your device is technically absolutely necessary, this is done on the basis of Section 25 (2) TDDDG. Insofar as personal data is processed in this context, the processing takes place depending on the context on the basis of Art. 6 (1) lit. b or lit. f GDPR.
We only use analytics, marketing, and other non-essential technologies if and insofar as you have given us your consent for this. The legal basis for this is Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG.
You can revoke or adjust your consent at any time with future effect via our consent tool or the privacy settings accessible from it.
CONSENT MANAGEMENT VIA CONSENTO GDPR COMPLIANCE
We use the "Consento GDPR Compliance" application to obtain, manage, and document consents.
The following data may be processed in particular:
- your consent decision,
- timestamp,
- region/country,
- truncated or technical IP information,
- browser and device information,
- consent ID or log data.
The processing is carried out to legally obtain and store data protection consents and to be able to track changes or revocations.
The legal basis for this is Art. 6 para. 1 lit. c GDPR, insofar as legal proof obligations exist regarding consents, and additionally Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in proper, evidence-proof consent management.
CONTACTING US
If you contact us by email, via contact forms, via shop forms, or by other means, we process the personal data you transmit to handle your request.
In particular, the following data may be processed:
- Name,
- Email address,
- Phone number,
- Company/association,
- Customer or order number,
- Subject,
- Message text,
- any attachments,
- time of inquiry.
The legal basis is Art. 6 para. 1 lit. b GDPR if your inquiry is related to an order, a contractual relationship, or pre-contractual measures. In other cases, the legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in properly processing inquiries.
FORMS AND OTHER SHOP APPS
We use or may use additional apps and shop functions in our Shopify shop, for example for forms, lead capture, B2B inquiries, order functions, navigation, search and discovery functions, bundles, localization, or similar shop processes.
Depending on the specific function used, personal data may be processed, in particular:
- master data,
- contact data,
- association or company data,
- form contents,
- product and order interests,
- account and login data,
- search queries,
- preference data,
- technical usage data.
Processing only takes place insofar as it is necessary for the provision of the respective function, to process your request, to initiate or perform a contract, or to improve our shop functions.
The legal bases are, depending on the function, Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR, and – if consents are obtained – Art. 6 para. 1 lit. a GDPR.
Insofar as the respective app providers act as processors for us, we conclude – where legally required – data processing agreements in accordance with Art. 28 GDPR.
CUSTOMER ACCOUNT
You can create a customer account in our shop. As part of registering and using a customer account, we process the data required for this purpose.
This includes in particular:
- Name,
- Email address,
- Password in encrypted form,
- Billing and shipping addresses,
- Order history,
- Stored preferences,
- Company or association data, if provided.
Processing is carried out for the purpose of providing the customer account, simplifying future orders, and managing your customer data.
The legal basis is Art. 6 para. 1 lit. b GDPR.
You can have your customer account deleted at any time. Statutory retention periods and mandatory proof obligations remain unaffected.
ORDERS AND CONTRACT PROCESSING
If you order in our online shop, we process the data necessary for the conclusion and performance of the contract.
This includes in particular:
- First and last name,
- Billing address,
- Shipping address,
- Email address,
- Phone number, if provided,
- Company/association, if provided,
- Products ordered,
- Order status,
- Payment information,
- Communication data,
- Shipping data.
Processing is carried out to process your order, for payment processing, delivery, communication with you, returns and complaint handling, and to fulfill legal obligations.
The legal basis is Art. 6 para. 1 lit. b GDPR. Insofar as statutory retention and documentation obligations exist, processing is additionally carried out on the basis of Art. 6 para. 1 lit. c GDPR.
ORDER PROCESSING VIA BASE.COM
We use Base.com or BaseLinker for taking, consolidating, and operatively processing orders.
In particular, the following data may be transferred to or processed by Base.com:
- Customer master data,
- Billing and shipping data,
- Order numbers,
- Product and item data,
- Shipping information,
- Status information,
- Payment status,
- Returns and complaint information.
Processing is carried out exclusively for the purpose of executing and organizing order and shipping processing.
The legal basis is Art. 6 para. 1 lit. b GDPR.
Insofar as Base.com acts as a processor for us, we conclude the necessary agreements in accordance with Art. 28 GDPR.
SHIPPING SERVICE PROVIDERS
To deliver ordered goods, we transmit the data required for delivery to the shipping service provider commissioned by us. Depending on the shipping method, these may include DHL, DPD, and UPS.
The following data may be processed in particular:
- Name,
- Delivery address,
- Email address,
- Phone number, if required or provided by you,
- Order number,
- Shipping and tracking information.
The data is passed on for the purpose of delivery and shipment tracking.
The legal basis is Art. 6 para. 1 lit. b GDPR.
If you have explicitly consented to a shipping notification or delivery announcement during the order process, your email address and/or phone number may also be processed on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
PAYMENT PROCESSING VIA SHOPIFY PAYMENTS
Payment processing in our shop is carried out via Shopify Payments.
In the context of payment processing, data necessary for transaction processing is processed, including in particular:
- Name,
- Billing and, if applicable, delivery address,
- Email address,
- Phone number, if provided,
- Payment and transaction data,
- Order amount,
- Currency,
- Payment status,
- Technical connection and security data,
- Risk assessment and fraud prevention data.
The legal basis is Art. 6 para. 1 lit. b GDPR.
Via Shopify Payments – depending on the country, customer constellation, checkout settings and technical availability – the following payment methods visible in the shop can be offered in particular:
- American Express,
- Apple Pay,
- Bancontact,
- EPS,
- Google Pay,
- iDEAL / Wero,
- Klarna,
- Maestro,
- Mastercard,
- MobilePay,
- PayPal,
- Shop Pay,
- UnionPay,
- Visa.
Depending on the selected payment method, your data will also be transmitted to the respective payment service, wallet provider, card-issuing bank, card organizations or other parties involved in the payment. These providers may process data partly on their own data protection responsibility, for example for identity verification, credit checks, fraud prevention, fraud detection, authorization or regulatory documentation.
SHOP PAY
If you use Shop Pay as an accelerated checkout function, your email address, payment information, and shipping and billing information can be stored and used for future accelerated purchases.
The use of Shop Pay simplifies payment processing and accelerates order processing.
The legal basis is Art. 6 para. 1 lit. b GDPR. If further permanent storage outside of the specific order is based on a declaration or activation by you, Art. 6 para. 1 lit. a GDPR may additionally apply.
NEWSLETTER VIA MAILPOET
If you subscribe to our newsletter, we use your email address and – if provided by you – other data to regularly send you information about our products, offers, promotions and news.
We use MailPoet for sending and managing the newsletter.
As a preliminary provider notice until the later generator version:
Wysija SARL / MailPoet
6 rue Dieudé
13006 Marseille
France
Subscription to our newsletter generally takes place via a double opt-in procedure. This means that after your registration, you will first receive an email asking you to confirm your registration. Only after this confirmation will your email address be added to our newsletter distribution list.
In the context of newsletter registration and management, the following data may be processed in particular:
- Email address,
- Name, if provided,
- IP address,
- Date and time of registration and confirmation,
- Information about consent and revocation,
- Technical shipping and delivery information,
- Open and click rates, if corresponding tracking is activated.
The legal basis for sending the newsletter is Art. 6 para. 1 lit. a GDPR.
The logging of the double opt-in procedure and the consent records is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in being able to demonstrate properly given consent.
You can revoke your consent at any time with effect for the future, in particular via the unsubscribe link in each newsletter or by notifying us.
GOOGLE ANALYTICS 4
If you have consented, we use Google Analytics 4, a web analytics service from Google.
The provider in Europe is:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Analytics 4 can process the following data in particular:
- Pseudonymous identifiers,
- Device and browser information,
- Approximate location data,
- Page views,
- Session data,
- Interactions,
- Conversion and event data,
- Referrer information,
- Technical connection data.
The processing is carried out for audience measurement, for statistical analysis of the use of our shop, for improving our offer and for measuring the success of campaigns.
The legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.
You can revoke your consent at any time with effect for the future via our consent tool. In addition, you can prevent or restrict the storage of cookies in your browser settings and – if provided by Google – use browser extensions to deactivate Google Analytics.
To the extent that Google processes data outside the EU or the EEA, this is done, according to Google, using appropriate safeguards, in particular standard contractual clauses.
META PIXEL
If you have consented, we use Meta Pixel from Meta Platforms to measure conversions, evaluate the effectiveness of our advertisements and for remarketing/retargeting purposes.
The provider in Europe is:
Meta Platforms Ireland Limited
Merrion Road
Dublin 4
D04 X2K5
Ireland
Within the scope of the Meta Pixel, the following data may be processed in particular:
- Page views,
- URL and referrer data,
- Device and browser information,
- Event data,
- Interactions with our shop,
- Pseudonymous identifiers,
- Marketing and attribution data.
Processing is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.
You can revoke your consent at any time with effect for the future via our consent tool. Additionally, you can manage advertising preferences in your Meta account if you are logged in there.
To the extent that Meta processes data in third countries, this is done, according to Meta, on the basis of appropriate safeguards, in particular standard contractual clauses or other permissible transfer mechanisms.
GOOGLE SEARCH CONSOLE
We use Google Search Console, a Google tool for the technical analysis of our visibility in Google Search.
Google Search Console is used in particular to:
- Monitor the indexing status of our website,
- Detect crawling and rendering errors,
- Make technical SEO improvements,
- Evaluate aggregated search queries and visibility data.
No tracking cookies are set via our shop for analysis or marketing purposes. Google Search Console is an administrative webmaster or SEO tool. To the extent that personal data is processed here at all, it is generally processed outside of direct shop tracking only to the extent that Google provides search and technical data.
The legal basis is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in ensuring the technically trouble-free discoverability of our online shop.
SOCIAL MEDIA LINKS
On our website, we link to our profiles or presences on external platforms, in particular:
- Facebook,
- X,
- Instagram,
- YouTube,
- TikTok,
- LinkedIn.
These links are generally simple external links. As long as you do not click on the respective link, no additional data will be specifically transmitted to the respective platform beyond the usual page view of our website by simply calling up the link.
Only when you click on such a link do you leave our website and data is transmitted to the respective platform operator, in particular your IP address, browser data, referrer information and the time of the call.
The legal basis for providing the links is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in an additional corporate and brand presence.
YOUTUBE EMBEDS OR YOUTUBE LINKS
If we embed videos from YouTube or link to YouTube content on individual pages, data processing by Google or YouTube may occur when such content is activated or accessed.
In the case of a mere link to YouTube, data is only transmitted to the third-party provider when the link is clicked.
If videos are embedded and playing or loading the embedded content triggers additional cookies or similar technologies, this will only happen – if legally required – after your consent based on Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.
EXTERNAL B2B LINK
Our website contains a link to an external B2B shop or B2B area under a separate domain.
According to our current setup, no order or profile data is automatically transmitted to the B2B system when merely displaying this link. Only when you actively click the link do you leave our website, and the data protection regulations of the respective target offer apply.
The legal basis for providing the link is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in separating B2C and B2B offers.
INTERNATIONAL DATA TRANSFERS
In the course of our shop operations, personal data may be transferred to recipients outside the European Union or the European Economic Area, particularly if service providers we use operate globally or use subcontractors in third countries.
Such a transfer only takes place if the legal requirements for this are met. We ensure that suitable safeguards in the sense of Chapter V GDPR are in place, such as:
- an adequacy decision by the European Commission,
- standard contractual clauses of the European Commission,
- supplementary contractual, technical or organisational protective measures.
Especially with global providers such as Shopify, Google, Meta or newsletter/app providers, it cannot be excluded that data may also be processed in countries outside the EEA.
PROCESSORS AND CONTRACTS ACCORDING TO ART. 28 GDPR
Insofar as service providers used by us process personal data on our behalf, we conclude – where legally required – data processing agreements in accordance with Art. 28 GDPR or rely on equivalent contractual provisions of the providers.
This applies in particular to technical service providers for hosting, shop operation, order processing, consent management, forms, newsletter dispatch and analysis functions, insofar as they act as processors.
STORAGE PERIOD
We generally store personal data only as long as this is necessary for the respective processing purposes, as long as consent exists or as long as legal retention obligations require it.
Unless explicitly shorter or longer periods are set in our systems, the following periods typically apply:
- Server log files: usually short-term, often between 7 and 30 days, unless security-relevant evaluation is required.
- Order and invoice data: generally for the duration of contract processing and subsequently within the framework of commercial and tax retention obligations, regularly 6 or 10 years.
- Customer account data: until the customer account is deleted, subject to legal retention obligations and open processes.
- Shipping and complaint data: for the duration of the processing and any warranty or limitation periods.
- Consent records: regularly up to 3 years from the end of the year of the last relevant declaration or as long as proof is required.
- Newsletter data: until revocation or unsubscribing; consent proof data possibly until the expiry of legal limitation periods.
- Analysis and marketing data: according to the storage periods configured by us or specified by the provider, but generally only as long as this is necessary for the respective purposes or until a revocation occurs.
DATA SUBJECT RIGHTS
In accordance with the statutory provisions, you have the following rights in particular:
- Right of access according to Art. 15 GDPR,
- Right to rectification according to Art. 16 GDPR,
- Right to erasure according to Art. 17 GDPR,
- Right to restriction of processing according to Art. 18 GDPR,
- Right to data portability according to Art. 20 GDPR,
- Right to object according to Art. 21 GDPR,
- Right to withdraw given consent according to Art. 7 para. 3 GDPR,
- Right to lodge a complaint with a data protection supervisory authority according to Art. 77 GDPR.
WITHDRAWAL OF CONSENT
If processing is based on your consent, you can withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
A withdrawal is possible in particular
- via our consent tool,
- via unsubscribe links in newsletters,
- via settings in your browser,
- via your account settings with certain third-party providers, if such functions are provided there.
RIGHT TO OBJECT
Insofar as we process personal data on the basis of Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing at any time for reasons arising from your particular situation.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.
CONTACT FOR DATA PROTECTION INQUIRIES
If you wish to exercise your data protection rights or have questions about the processing of your personal data, please contact us at:
onlineCSP@capellieurope.com
UPDATE OF THIS PRIVACY POLICY
We reserve the right to adapt this privacy policy if this becomes necessary due to technical changes, legal developments or changes to our services. The version published on our website at the time is authoritative.
Collection of your order
We are happy to offer you the option of picking up your order in person at our location in Ratingen. As soon as your order is fully prepared and ready for pickup, you will receive a corresponding notification from us.
Pickup address
Capelli Sport Europe GmbH
Elisabethstraße 17
40880 Ratingen
Germany
Pickup times
Monday – Friday: 09:00 AM – 04:00 PM
Saturday: Closed
Sunday: Closed
Notes on pickup
- Please only pick up your order after receiving our pickup confirmation.
- For faster processing, please have your order number ready when picking up.
- Pickup is only possible during the specified opening hours.
Contact
If you have any questions about your order or pickup, our customer service will be happy to assist you.
