GDPR & Data Protection

Introduction

This page explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

We may collect the following types of personal data:

  • Identity information (name, username)
  • Contact information (email, phone, address)
  • Payment information (processed securely by payment providers)
  • Delivery information
  • Technical data (IP address, browser type, device information)

Purpose of Processing

We use your personal data for the following purposes:

  • Processing and fulfilling your orders
  • Managing customer accounts and providing customer service
  • Sending order updates and, with your consent, marketing communications
  • Complying with legal obligations
  • Improving our website and services

Legal Basis

We process your personal data based on:

  • Contract performance - to fulfill orders and provide services
  • Your consent - for marketing communications
  • Legitimate interests - to improve our services
  • Legal obligations - tax and accounting requirements

Data Retention

We retain your personal data only as long as necessary for the purposes outlined above, or as required by law. Order data is typically retained for 10 years for tax purposes.

Your Rights

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (right to be forgotten)
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

To exercise these rights, please contact us at privacy@catbrick.com

Data Sharing

We may share your data with:

  • Shopify: Our e-commerce platform provider
  • Payment processors for secure transaction processing
  • Shipping carriers to deliver your orders
  • Legal authorities when required by law

International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.

Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection authority if you believe your data protection rights have been violated.

Contact Information

Data Protection Officer:
Email: privacy@catbrick.com

Policy Updates

We may update this policy from time to time. We will notify you of any significant changes by posting a notice on our website or by email.

Last Updated: 11/29/2025