Privacy policy

Dr. Breuer
Last updated: 08 August 2025

1. Introduction

This Privacy Policy explains how Dr. Breuer (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website, make a purchase, or otherwise interact with our services.

We are committed to protecting personal data in accordance with applicable data protection laws worldwide, including but not limited to:

  • EU General Data Protection Regulation (GDPR)

  • UK GDPR

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Australian Privacy Act 1988

  • Other applicable privacy and consumer protection laws

2. Data Controller

The entity responsible for the processing of personal data in connection with this website is the operator of the Dr. Breuer online store.

All matters relating to personal data are handled exclusively through the contact mechanisms made available on our website.

3. Personal Data We Collect

a) Information you provide directly

  • Name, billing address, and shipping address

  • Contact details provided during checkout or account creation

  • Payment-related information (processed securely by third-party payment providers; we do not store full payment card details)

  • Account credentials (if an account is created)

  • Messages or inquiries submitted via our website

b) Information collected automatically

  • IP address, browser type, operating system

  • Pages viewed, time spent on the website, referral URLs

  • Device identifiers

  • Cookies and similar tracking technologies

c) Information from third parties

  • Payment service providers

  • Shipping and logistics partners

  • Analytics and marketing service providers (where applicable and permitted by law)

4. Purposes of Processing

We process personal data for the following purposes:

  • To process and fulfil orders

  • To provide customer service and support

  • To manage payments and prevent fraud

  • To send transactional communications and, where permitted, marketing communications

  • To improve our website, products, and services

  • To comply with legal and regulatory obligations

5. Legal Bases for Processing (GDPR / UK GDPR)

Personal data is processed on one or more of the following legal bases:

  • Performance of a contract – to process and deliver orders

  • Legal obligation – compliance with tax, accounting, and consumer protection laws

  • Consent – where required, for marketing communications and non-essential cookies

  • Legitimate interests – fraud prevention, analytics, business operations, and service improvement

6. Sharing of Personal Data

Personal data may be shared with:

  • Payment service providers

  • Shipping and logistics partners

  • Marketing and analytics providers (where applicable)

  • IT, hosting, and cloud service providers

  • Legal or regulatory authorities where required by law

We do not sell personal data to third parties.

7. International Data Transfers

Personal data may be transferred to and processed in countries outside the user’s country of residence. Where required, appropriate safeguards are applied, including:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions for jurisdictions recognized as providing adequate data protection

8. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, including:

  • Compliance with legal and tax obligations

  • Resolution of disputes

  • Enforcement of agreements

When personal data is no longer required, it is securely deleted or anonymized.

9. Your Privacy Rights

a) Rights under GDPR and UK GDPR

  • Access to personal data

  • Rectification of inaccurate or incomplete data

  • Erasure (“right to be forgotten”)

  • Restriction or objection to processing

  • Data portability

  • Withdrawal of consent at any time

b) Rights under CCPA / CPRA (California)

  • Right to know what personal data is collected and how it is used

  • Right to request deletion of personal data

  • Right to opt out of the sale or sharing of personal data (we do not sell personal data)

  • Right to non-discrimination for exercising privacy rights

c) Other jurisdictions

We respect and comply with equivalent rights provided under applicable privacy laws worldwide.

Requests to exercise privacy rights may be submitted through the contact options available on our website.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Ensure website functionality

  • Analyze website usage

  • Personalize content and advertising where consent is provided

Cookie preferences can be managed through browser settings and our cookie consent tools.

11. Data Security

We apply appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit

  • Secure servers and access controls

  • Internal policies and staff training

12. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be published on our website with a revised “Last updated” date.

14. Contact

All questions, requests, and concerns relating to this Privacy Policy or the processing of personal data should be submitted using the contact mechanisms provided on our website.