Skip to main content

Legal

Privacy Policy

Last updated: 1 March 2026

Bestsellers (“we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our website and services. It applies in accordance with the EU General Data Protection Regulation (GDPR) and German data protection law (BDSG).

1. Controller

The data controller responsible for your personal data is:
Bestsellers
Germany
Contact: contact form

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (hashed) when you register.
  • Order data: shipping address, order contents, and payment confirmation references.
  • Usage data: pages visited, search queries, and interaction logs for analytics purposes.
  • Communication data: messages sent via the contact form or email.
  • Newsletter data: email address if you subscribe to our newsletter.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing your orders and account details.
  • Legitimate interests (Art. 6(1)(f) GDPR): fraud prevention, security, and improving our services.
  • Consent (Art. 6(1)(a) GDPR): newsletter subscription and optional cookies.
  • Legal obligation (Art. 6(1)(c) GDPR): tax and accounting requirements.

4. Cookies & Tracking

We use strictly necessary cookies to operate the website (e.g., session cookies for authentication and shopping cart). We do not currently use third-party tracking or advertising cookies.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Payment processors (Stripe): to process transactions securely. Stripe's privacy policy applies.
  • Email service providers (Resend): to send transactional emails and newsletters.
  • Hosting infrastructure: server-side data processing for website operation.

6. Data Retention

We retain your data only as long as necessary. Account data is kept for the duration of your account. Order records are kept for 10 years as required by German tax law (§ 147 AO). Newsletter subscriptions are kept until you unsubscribe.

7. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Erasure (“right to be forgotten”) under certain conditions (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interests (Art. 21 GDPR)
  • Withdraw consent at any time without affecting prior processing

To exercise your rights, contact us via our contact form. You also have the right to lodge a complaint with the relevant supervisory authority (e.g., Landesbeauftragter für Datenschutz in your German state, or the BfDI).

8. Security

We implement appropriate technical and organisational measures to protect your data, including TLS/HTTPS encryption, hashed passwords, and access controls. No transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a notice on this page. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Reach us via our contact form or see our Impressum.

Terms of Service|Impressum|Back to Home