Privacy Policy

Privacy Policy

Cardloader.eu
An offer from TCG-Trade.de Inh. André Prange

As of: June 2026

1. Responsible person

Responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

TCG-Trade.de Inh. André Prange
c/o flexdienst – #20694
Kurt-Schumacher-Straße 76
67663 Kaiserslautern
Germany
Email:info@cardloader.eu

Cardloader.eu is an online store for TCG accessories and protection products from the brand Cardloader®.

2. General information on data processing

We only process personal data to the extent that this is necessary to provide our online shop, to process orders, to communicate with customers, to fulfill legal obligations or based on consent.

Personal data is any information that relates to an identified or identifiable natural person, for example name, address, email address, telephone number, order information, payment information, IP address or usage data.

The legal bases for processing arise in particular from Art. 6 Abs. 1 lit. a GDPR (consent), Art. 6 Abs. 1 lit. b GDPR (performance of the contract and pre-contractual measures), Art. 6 Abs. 1 lit. c GDPR (legal obligation) and Art. 6 Abs. 1 lit. f GDPR (legitimate interest).

3. Access data and server log files

When you access our website, the web server automatically processes technical data. This includes, in particular, browser type and browser version, operating system used, referrer URL, pages accessed, date and time of access, IP address, amount of data transferred and the requesting provider.

The processing takes place in order to provide the website technically, to ensure stability and security, to prevent misuse and to be able to analyze errors. The legal basis is Art. 6 Abs. 1 lit. f GDPR. Our legitimate interest lies in a secure and functional online shop.

4. Hosting, shop system and Shopify

Our online shop is operated via Shopify. The provider is Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify processes personal data on our behalf to the extent that this is necessary for the operation of the online shop, the display of products, shopping cart and checkout functions, order processing, fraud prevention, technical security and shop analyses.

When using the shop, contact details, delivery and billing data, order information, payment status, IP addresses, device information and usage data may be processed. The processing is carried out to fulfill the contract in accordance with Art. 6 Abs. 1 lit. b GDPR and on the basis of our legitimate interest in a secure and efficient shop system in accordance with Art. 6 Abs. 1 lit. f GDPR.

Shopify may also process data in Canada, the USA or other countries. To the extent that data is transferred to third countries, Shopify claims to base this on appropriate guarantees, in particular EU standard contractual clauses.

Further information can be found in Shopify's data protection information:https://www.shopify.com/legal/privacy.

5. Orders and contract processing

If you order via Cardloader.eu, we process the data required for the conclusion, implementation and processing of the purchase contract. This includes, in particular, name, email address, billing and delivery address, order content, payment method, payment status, shipping information and communication data.

Processing is carried out to fulfill the contract in accordance with Art. 6 Abs. 1 lit. b GDPR. In addition, we process certain data to fulfill commercial and tax retention obligations in accordance with Art. 6 Abs. 1 lit. c GDPR.

Without the required order data we cannot carry out the contract.

6. Payment Processing

For payments we use the payment service providers offered in the checkout. Depending on the payment method chosen, this may include in particular Shopify Payments, PayPal, Klarna, credit card providers, Apple Pay, Google Pay, Shop Pay or other payment providers integrated via Shopify.

For payment processing, the required payment, order and contact details are transmitted to the selected payment service provider. Processing is carried out to fulfill the contract in accordance with Art. 6 Abs. 1 lit. b GDPR and for fraud prevention and payment security based on legitimate interests in accordance with Art. 6 Abs. 1 lit. f GDPR.

For data processing by the respective payment service provider, their data protection information also applies. We have only limited influence on the scope and purposes of independent data processing by payment providers.

7. Shipping and delivery

In order to deliver your order, we pass on the necessary data to the respective shipping service provider. This includes, in particular, name, delivery address, if applicable, e-mail address, telephone number and shipment information.

The transfer takes place to fulfill the contract in accordance with Art. 6 Abs. 1 lit. b GDPR. If contact details are transmitted for shipment notification or parcel notification, this is also done for proper delivery or on the basis of legitimate interests in accordance with Art. 6 Abs. 1 lit. f GDPR.

In particular, DHL, Deutsche Post or other service providers used in checkout or shipping processing can be used as shipping service providers.

8. Customer account and registration with Google

If you use a customer account or log in via the customer account functions provided by Shopify, the data required for registration, authentication, management of the customer account and viewing previous orders will be processed.

If you use login via Google, you will be redirected to Google for authentication. Google processes in particular data that is necessary for identification and registration, for example Google account information, email address and technical access data. We only receive the data that is required to create or log in to the customer account.

The legal basis is Art. 6 Abs. 1 lit. b GDPR, insofar as processing is necessary to provide the customer account, and Art. 6 Abs. 1 lit. f GDPR for secure and user-friendly registration. Further information on data processing by Google can be found athttps://policies.google.com/privacy.

9. Contact and customer service

If you contact us by email, contact form or other contact methods, we will process the data you provide to process your request. This includes, in particular, name, email address, content of the message and, if applicable, order information.

Depending on the content of the request, processing is carried out on the basis of Art. 6 Abs. 1 lit. b GDPR, as far as contract or order inquiries are concerned, or on the basis of our legitimate interest in answering inquiries in accordance with Art. 6 Abs. 1 lit. f GDPR.

10. Newsletters and Email Alerts

If you sign up for our newsletter or other email notifications, we will use your email address to send you the information you requested. Registration will only take place with your consent in accordance with Art. 6 Abs. 1 lit. a GDPR.

You can revoke your consent at any time with future effect, for example via an unsubscribe link in the respective email or by notifying us.

If we offer notifications about the availability of products, we will use the email address provided exclusively for the desired availability notification, unless you have expressly consented to further use.

11. Cookies and similar technologies

Our website uses cookies and similar technologies. Some cookies are technically necessary for the shop to function, for example for shopping cart, checkout, language settings, security or login functions. Other cookies or technologies can be used to analyze, improve our offering or for marketing purposes, provided consent is required and has been given.

Technically necessary cookies are processed based on Art. 6 Abs. 1 lit. f GDPR. Our legitimate interest lies in the functional and secure provision of the shop. Cookies and services requiring consent are processed based on your consent in accordance with Art. 6 Abs. 1 lit. a GDPR.

You can delete or block cookies in your browser settings. However, this may limit individual functions of the shop.

12. Analytics, marketing and conversion measurement

We may use analytics and marketing services to understand the use of our store, improve our offerings and measure the effectiveness of marketing efforts. This may in particular include analysis functions provided by Shopify, Google analytics, Google ads or conversion measurement, Meta pixels or comparable services, provided these are activated in the shop.

These services may process cookies, device information, IP addresses, usage data, purchase or shopping cart information and similar data. If consent is required for this, processing will only take place on the basis of your consent in accordance with Art. 6 Abs. 1 lit. a GDPR. Otherwise, processing takes place on the basis of legitimate interests in accordance with Art. 6 Abs. 1 lit. f GDPR, to the extent permitted by law.

Third-party providers such as Google or Meta can also process data outside the European Union. Further information can be found in the data protection information of the respective providers.

13. Protection against misuse, spam and automated access

Security services may be used to protect our website, forms and shop functions from misuse, spam, fraud or automated access. This may in particular include Shopify security functions, hCaptcha, Google reCAPTCHA or comparable protection mechanisms.

Technical data such as IP address, browser information, device information, interaction data and usage behavior can be processed. The legal basis is Art. 6 Abs. 1 lit. f GDPR. Our legitimate interest lies in protecting our online shop from misuse and attacks.

For information about hCaptcha, seehttps://www.hcaptcha.com/privacy. For information about Google reCAPTCHA, seehttps://policies.google.com/privacy.

14. Social media and external links

Our website may contain links to external websites, social networks or platforms. If you click on such links, you will leave our area of ​​responsibility. The respective providers are responsible for the processing of personal data on the linked pages.

15. Transfer of data to service providers

We use service providers to assist us with store operation, hosting, payment processing, shipping, customer service, emailing, analytics, security, accounting or technical support. These service providers only process personal data to the extent necessary and, if they act as processors, on the basis of an order processing contract in accordance with Art. 28 GDPR.

Personal data will only be passed on beyond this if this is necessary to fulfill the contract, there is a legal obligation, you have consented or we have a legitimate interest and your interests worthy of protection do not outweigh this.

16. Transfer to third countries

When using certain service providers, in particular Shopify, Google, Meta, payment service providers or technical security services, personal data may be transferred to countries outside the European Union or the European Economic Area.

Unless there is an adequacy decision by the European Commission, such transfer will only take place on the basis of suitable guarantees, in particular EU standard contractual clauses, or on the basis of legal exceptions.

17. Storage period

We only store personal data for as long as necessary for the respective purposes. Order and contract data are stored in accordance with the statutory commercial and tax retention periods. Data from inquiries will be deleted when the inquiry has been finally processed and there are no legal retention requirements.

We store data that is processed on the basis of consent until the consent is revoked or until the purpose of the processing no longer applies.

18. Your Rights

You have the following rights within the scope of the legal requirements:

  • Right to information according to Art. 15 GDPR,
  • Right to rectification in accordance with Art. 16 GDPR,
  • Right to deletion according to Art. 17 GDPR,
  • Right to restriction of processing in accordance with Art. 18 GDPR,
  • Right to data portability according to Art. 20 GDPR,
  • Right to object to processing in accordance with Art. 21 GDPR,
  • Right to revoke consent given with effect for the future.

To exercise your rights, you can contact us at any time:info@cardloader.eu.

19. Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR. In particular, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

20. Currentness and changes to this data protection declaration

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or takes into account changes to our services. The current data protection declaration applies to your next visit.