Privacy
Policy
How LOSTGEAR GbR collects, uses, and protects your personal data. Last updated: March 2026.
Data we collect
Name, address, email, payment & order data
Why we collect it
To process orders and provide customer support
Third parties
Shopify, payment processors, shipping carriers
Your rights
Access, correction, deletion, portability
Controller & scope
Who is responsible for your data and what this policy covers.
§1 Data controller
The controller responsible for processing your personal data is:
LOSTGEAR GbR
Seebachring 34, 67125 Dannstadt-Schauernheim, Germany
info@lostgear.xyz
Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
§2 Scope of this policy
This policy applies to all personal data collected when you visit lostgear.xyz, place an order, or contact us. It does not apply to third-party websites we may link to.
Data we collect & why
What personal data we process and the legal basis for each.
§3 Data collected during ordering
When you place an order we collect:
- Name and delivery address
- Email address
- Payment information (processed by Shopify Payments / PayPal — we do not store card numbers)
- Order contents and customization details
- Order note if provided
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
§4 Data collected when browsing
When you visit lostgear.xyz, Shopify's servers automatically log standard technical data including your IP address, browser type, referring URL, and pages visited. This data is used to keep the store operational and secure.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests (secure and functional website operation).
Third parties & data transfers
Who we share your data with and where it goes.
§5 Service providers
We share your data only with third parties necessary to fulfil your order:
- Shopify Inc. — e-commerce platform and hosting (data processing agreement in place)
- Payment processors (e.g. Shopify Payments, PayPal) — for secure payment handling
- Shipping carriers — name and delivery address to despatch your order
We do not sell your personal data to third parties.
§6 International data transfers
Shopify Inc. is based in Canada (considered adequate by the EU Commission) and may process data on servers in the United States. Where data is transferred outside the EEA, Shopify uses Standard Contractual Clauses approved by the European Commission.
Retention & your rights
How long we keep your data and the rights you have under GDPR.
§7 Data retention
Order and invoice data is retained for 10 years in accordance with German commercial law (§257 HGB / §147 AO). After this period, data is deleted.
Data no longer required for contract performance is restricted immediately after order completion.
§8 Your rights under GDPR
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you (Art. 15)
- Rectification — correct inaccurate data (Art. 16)
- Erasure — request deletion where data is no longer necessary (Art. 17)
- Restriction — limit processing in certain circumstances (Art. 18)
- Portability — receive your data in a structured, machine-readable format (Art. 20)
- Object — object to processing based on legitimate interests (Art. 21)
To exercise any of these rights, contact info@lostgear.xyz. We will respond within 30 days.
§9 Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority responsible for Rhineland-Palatinate:
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34, 55116 Mainz, Germany
www.datenschutz.rlp.de