GDPR & Data Protection
Introduction
This page explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data We Collect
We may collect the following types of personal data:
- Identity information (name, username)
- Contact information (email, phone, address)
- Payment information (processed securely by payment providers)
- Delivery information
- Technical data (IP address, browser type, device information)
Purpose of Processing
We use your personal data for the following purposes:
- Processing and fulfilling your orders
- Managing customer accounts and providing customer service
- Sending order updates and, with your consent, marketing communications
- Complying with legal obligations
- Improving our website and services
Legal Basis
We process your personal data based on:
- Contract performance - to fulfill orders and provide services
- Your consent - for marketing communications
- Legitimate interests - to improve our services
- Legal obligations - tax and accounting requirements
Data Retention
We retain your personal data only as long as necessary for the purposes outlined above, or as required by law. Order data is typically retained for 10 years for tax purposes.
Your Rights
Under GDPR, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (right to be forgotten)
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing
To exercise these rights, please contact us at privacy@catbrick.com
Data Sharing
We may share your data with:
- Shopify: Our e-commerce platform provider
- Payment processors for secure transaction processing
- Shipping carriers to deliver your orders
- Legal authorities when required by law
International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure.
Right to Lodge a Complaint
You have the right to lodge a complaint with your national data protection authority if you believe your data protection rights have been violated.
Contact Information
Data Protection Officer:
Email: privacy@catbrick.com
Policy Updates
We may update this policy from time to time. We will notify you of any significant changes by posting a notice on our website or by email.
Last Updated: 11/29/2025