Imprint/Data Privacy
This Privacy Policy explains how we process your personal data when you visit the equip-1.c-e.group online shop and place an order, in accordance with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG). It is written in English for convenience; the underlying legal obligations follow German and EU law.
1. Controller
The party responsible for data processing (“controller” under Art. 4(7) GDPR) is:
CEG UG (haftungsbeschränkt)
trading as Computer Equipment Group
An St. Magdalenen 6
50678 Köln
Germany
Email: orders@c-e.group
We have not appointed a Data Protection Officer (Datenschutzbeauftragter), as we are not legally required to do so. You can reach us about any privacy matter at the email address above.
2. What data we process, and why
a) Visiting the website (server logs)
When you access the site, our web server automatically records technical information sent by your browser: your IP address, the date and time of the request, the page requested, the referring URL, and your browser and operating system identifiers. This is necessary to deliver the website, ensure stability, and detect and defend against attacks.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure, functioning website).
b) Shopping cart
To let you add items and check out, our shop software (Medusa) creates a cart that is stored on our server and referenced by an identifier kept in your browser. An empty or abandoned cart contains no information that identifies you — only a random cart ID, timestamps, and the items selected. A cart only becomes linked to you once you enter your details at checkout.
Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) and Art. 6(1)(f) GDPR (legitimate interest in providing shop functionality).
c) Placing an order
To process a purchase we collect the data you enter at checkout: your name, email address, billing and shipping address, the items ordered, and an invite code where applicable. Payment is handled by Stripe (see section 4); we do not store your full card details on our servers.
Legal basis: Art. 6(1)(b) GDPR (performance of the purchase contract). Retention of invoices and order records is additionally based on Art. 6(1)(c) GDPR (legal retention obligations under German tax and commercial law).
d) Transactional emails
We send you order-related emails — order confirmation and invoice, production-status updates, and shipping notifications — to the email address you provide. These are not advertising; they are necessary to fulfil your order. We do not send marketing emails without your separate, explicit consent.
Legal basis: Art. 6(1)(b) GDPR (performance of the contract).
3. Cookies and local storage
We only use cookies and browser storage that are strictly necessary for the shop to work — primarily to keep track of your cart and session. These do not require consent under § 25(2) TTDSG. We do not use advertising, tracking, or analytics cookies. Should we ever introduce such tools, we would ask for your consent beforehand via a cookie banner.
4. Recipients and processors
We host the shop and its database on our own server infrastructure within the EU. To fulfil orders we share the minimum necessary personal data with the following service providers, each acting as a processor or recipient under a data processing agreement:
- Stripe (Stripe, Inc. / Stripe Payments Europe Ltd.) — payment processing. Receives the data needed to take payment. Stripe may process data in the USA under the EU Standard Contractual Clauses.
- Resend (Resend, Inc.) — delivery of transactional order emails. Receives your email address and order details. May process data in the USA under the EU Standard Contractual Clauses.
- DHL (Deutsche Post DHL Group) — shipping and label creation. Receives your name and shipping address to deliver your order.
We do not sell your personal data and do not share it beyond what is necessary to operate the shop and deliver your order, or where we are legally required to do so.
5. International data transfers
Some of the providers above (Stripe, Resend) may process data outside the European Economic Area, in particular in the United States. Where this happens, the transfer is safeguarded by the European Commission’s Standard Contractual Clauses and/or the providers’ certification under applicable adequacy frameworks.
6. How long we keep your data
- Server log data: deleted or anonymised after a short period.
- Empty or abandoned carts: routinely deleted after they expire, as they serve no further purpose.
- Order, invoice and accounting records: retained for the statutory periods under German law (generally up to 10 years, § 147 AO, § 257 HGB), after which they are deleted.
- Other personal data: deleted once the purpose for processing no longer applies and no retention obligation prevents it.
7. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased, subject to legal retention obligations (Art. 17);
- restrict processing (Art. 18);
- receive your data in a portable format (Art. 20);
- object to processing based on legitimate interests (Art. 21);
- withdraw any consent you have given, with effect for the future (Art. 7(3)).
To exercise any of these rights, contact us at orders@c-e.group.
8. Right to lodge a complaint
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or the place of the alleged infringement.
9. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
10. Changes to this policy
We may update this Privacy Policy to reflect changes to our shop or legal requirements. The current version always applies, with its date shown at the top of this page.
