Legal

Privacy Policy.

At einHaru Collective, we handle your personal data with the same care and intention we bring to every piece we curate. This policy explains what we collect, why we collect it, how we protect it, and what rights you have as an EU-based customer.

We are committed to compliance with the General Data Protection Regulation (GDPR) and applicable German data protection law.

Last updated: March 2026

Data Controller

The data controller responsible for your personal information is:

einHaru Collective
Berlin, Germany
Email: einharu@gmail.com
Instagram: @einharucollective

If you have questions about how your data is processed, contact us directly at the email above.

Data We Collect

We only collect data necessary to process orders, support customers, and improve site operations.

When you place an order

Full name
Email address
Delivery address
Order history and purchase details
Payment confirmation details from Stripe (not full card data)

When you contact us

Name and email address
Message content
Any order details you provide

When you browse our website

Browser/device details
Pages visited and approximate usage times
Referrer/source information
IP address (anonymised where possible)

How We Use Your Data

Process and fulfil orders
Provide shipping/tracking updates
Handle customer support and returns
Send transaction confirmations through checkout systems
Meet legal/accounting obligations in Germany
Improve site reliability and prevent fraud

We do not sell personal data. We do not run third-party ad profiling from customer order data.

Legal Basis for Processing

Contract performance — handling orders and delivery (Art. 6(1)(b) GDPR)
Legal obligation — tax and accounting compliance (Art. 6(1)(c) GDPR)
Legitimate interests — fraud/security and service quality (Art. 6(1)(f) GDPR)
Consent — where required for optional communications (Art. 6(1)(a) GDPR)

Payments & Stripe

All payments are processed by Stripe. We do not store full payment card details on einHaru systems.

For Stripe-specific processing details, see the Stripe Privacy Policy.

Cookies

We use a limited set of cookies and storage/session mechanisms needed for store functionality and measurement.

Essential usage

Shopping bag/session continuity
Checkout and payment flow support

Analytics usage

Our site uses analytics tags (for example Google tag) for aggregate measurement. Where possible, configuration is privacy-conscious and non-advertising focused.

Data Retention

Order/accounting records retained to satisfy legal obligations
Support communications retained as needed to resolve requests
Analytics data retained in aggregate form

Data is deleted or anonymised when no longer required.

Your Rights Under GDPR

You may request access, correction, deletion, restriction, portability, objection, and withdrawal of consent where applicable.

Right of Access

Request a copy of your data.

Rectification

Correct inaccurate data.

Erasure

Request deletion where permitted.

Restriction

Limit processing in certain cases.

Portability

Receive machine-readable export.

Objection

Object to certain processing.

German supervisory authority: BfDI — www.bfdi.bund.de

Data Security

We use encrypted connections (HTTPS) and limit data access to operational need. Payment data handling is delegated to Stripe.

Minors

einHaru is intended for adults. If data from a minor is identified, contact us and we will take appropriate removal steps.

Changes to This Policy

We may update this policy over time. Any material changes will be reflected with an updated date on this page.

Contact

For privacy requests, contact:

einHaru Collective
Berlin, Germany
Email: einharu@gmail.com

Your data, handled with care.

Questions? We are here.

If anything in this policy is unclear, write to us directly.

einharu@gmail.com