Privacy Policy
Effective 22 April 2026
PRIVACY POLICY
At Geberich OÜ we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use www.geberich.eu.
1. DATA CONTROLLER
Geberich OÜ Laeva 2, 10111 Tallinn, Estonia Registration Number: 12018330 Email: sales@geberich.com Phone: +49 35586 689723
Represented by: Ilja Burtsev
2. PERSONAL DATA WE COLLECT
We collect the following categories of personal data:
- Identity data: name, date of birth (where applicable)
- Contact data: email, phone, delivery address, billing address
- Transaction data: order details, payment method used, amounts
- Technical data: IP address, browser type, device, operating system
- Usage data: pages visited, time spent, interactions
- Marketing data: your preferences and consent status
3. HOW WE COLLECT DATA
Data is collected:
- Directly from you when you place an Order, create an account, contact us, or subscribe to our newsletter
- Automatically via cookies and similar technologies when you browse our Website
- From third-party payment providers and logistics partners
4. LEGAL BASIS AND PURPOSES
We process your data on the following legal bases under GDPR:
| Purpose | Legal basis |
|---|---|
| Processing your Orders and delivering Products | Performance of a contract (Art. 6(1)(b)) |
| Compliance with tax, accounting, and consumer protection laws | Legal obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Website analytics, fraud prevention, service improvement | Legitimate interest (Art. 6(1)(f)) |
5. RECIPIENTS OF YOUR DATA
We may share your data with:
- Couriers and fulfilment partners: MBE, Neo Logistics, LogiQom, Postpac / OGOship
- Payment providers: Shopify Payments, PayPal, and others listed at checkout
- IT service providers: Shopify (website hosting), email service providers, analytics tools
- Regulatory authorities: where required by law or court order
All third parties are bound by contractual confidentiality obligations and process data only on our documented instructions.
6. INTERNATIONAL TRANSFERS
Your data is stored on servers within the EU. If data is transferred outside the EU (e.g., to service providers in the US or UK), we ensure an adequate level of protection through Standard Contractual Clauses approved by the European Commission, or other GDPR-compliant safeguards.
7. DATA RETENTION
We retain your data only for as long as necessary:
- Order data: 7 years (tax and accounting obligations)
- Account data: until you close your account + 1 year
- Marketing consent records: until you withdraw consent
- Website analytics: up to 26 months
- Support communications: up to 3 years after resolution
8. YOUR RIGHTS UNDER GDPR
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict processing in specific circumstances
- Object to processing based on legitimate interest
- Data portability: receive your data in a structured, machine-readable format
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your national data protection authority
To exercise any of these rights, contact us at sales@geberich.com. We will respond within 30 days.
9. COOKIES
Our Website uses cookies for essential functionality, analytics, and marketing. You can manage your preferences via the cookie banner displayed on your first visit, or through your browser settings.
Categories of cookies we use:
- Strictly necessary (required for Website functionality, no consent needed)
- Analytics (to understand site usage — consent required)
- Marketing (for personalized advertising — consent required)
10. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure, including:
- TLS/SSL encryption for all data transmission
- Access controls and authentication
- Regular security audits
- PCI-DSS compliant payment processing
11. CHILDREN'S PRIVACY
Our Website and Products are not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us to have it deleted.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Changes will be posted on this page with a new effective date. We encourage you to review this page periodically.
13. CONTACT
For any questions about this Privacy Policy or your personal data:
Geberich OÜ Laeva 2, 10111 Tallinn, Estonia Email: sales@geberich.com Phone: +49 35586 689723
You may also contact your national data protection authority. A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en