We appreciate your interest in our website. Protecting your personal data is very important to us. The following information explains how we process personal data when you visit our website, in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications and Telemedia Data Protection Act (TTDSG).
CaruSales
Thimo Grauerholz
Sole Proprietorship
Albert-Gebel-Straße 10
21035 Hamburg
Germany
E-Mail: privacy@carusales.com
Phone: +49 151 253 40 685
When you access our website www.carusales.com, information is automatically transmitted to the server by your browser and stored in log files. The following data may be collected:
IP address of the device
Date and time of access
URL of the requested page/file
Referrer URL (the website previously visited)
Browser type/version, operating system
This data is technically necessary to provide the website and to ensure security.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in security and stability).
Our website uses cookies and similar technologies.
Technically necessary cookies are used to ensure the basic functionality of the website (Legal basis: Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) TTDSG).
Optional cookies (e.g., Google Analytics) are only set with your explicit consent (Legal basis: Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TTDSG).
When you first visit our website, a consent banner (consent tool) appears, allowing you to choose which cookies you wish to allow. You can change or withdraw your consent at any time.
We use the Complianz plugin to manage cookie consents. It records your selection and ensures that cookies are set only according to your consent.
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies that allow analysis of your use of our website. The information collected (including truncated IP addresses) is usually transmitted to a Google server in the USA.
IP anonymization is enabled (your IP address is truncated within the EU).
Google processes the data on our behalf to analyze website usage.
Legal basis: Your consent (Art. 6 (1) lit. a GDPR, § 25 TTDSG).
You can withdraw your consent at any time via the cookie banner or prevent tracking using a browser plugin:
👉 https://tools.google.com/dlpage/gaoptout
Data transfer to the USA:
Google is certified under the EU-US Data Privacy Framework. Standard Contractual Clauses (SCC) are also in place.
Further information: https://policies.google.com/privacy
For consistent website presentation, we use Google Fonts. These fonts are locally hosted, so no data is transmitted to Google servers.
Login within the CaruSales app is handled exclusively via Amazon Merch on Demand.
We do not have access to your login credentials.
We do not store any login credentials.
The entire authentication process is handled directly by Amazon.
When you contact us via e-mail or a form, we store the data you provide (e.g., name, e-mail address, content of the message) in order to process your inquiry.
Legal basis:
Art. 6 (1) lit. b GDPR (pre-contractual steps/contract performance)
Art. 6 (1) lit. f GDPR (legitimate interest in communication)
Personal data is only disclosed to third parties if:
you have given your consent (Art. 6 (1) lit. a GDPR),
it is required to fulfill a contract (Art. 6 (1) lit. b GDPR),
there is a legal obligation (Art. 6 (1) lit. c GDPR),
or a legitimate interest exists (Art. 6 (1) lit. f GDPR).
Log files: automatically deleted after a maximum of 14 days
Cookies/Analytics: in accordance with your consent (see cookie banner)
Contact inquiries: deleted after resolution or no later than 6 months
You have the following rights under GDPR:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
TLS/SSL encryption is used for all data transfers
No storage of Amazon login data
App data remains local on the user’s device
This Privacy Policy is currently valid (as of September 2025).
We reserve the right to update it in case of new features or legal changes.
E-Mail: privacy@carusales.com
