Kostenloser DHL-Versand mit Sendungsverfolgung — ohne Mindestbestellwert
    Enhanced Republic

    Legal

    Privacy Policy

    We treat your personal data with the same care we apply to our products. This policy explains what we collect, why we collect it, and the rights you have under the GDPR.

    Last updated · April 2026

    1. Controller

    Enhanced Republic OÜ, Registry Code 17473323.
    Registered Office: Narva mnt 5, 10117 Tallinn, Estonia.
    European Correspondence: Emsdettener Str. 10, 48268 Greven, Germany.
    Contact: privacy@enhancedrepublic.com.

    2. Data we collect

    • Account data: your email, password hash, and optionally your first name, last name, and phone number.
    • Order data: shipping and billing address, items purchased, payment method, order history, and your age and research-use confirmation.
    • Technical data: IP address (used for geo-detection, not stored long-term), browser and device type, and anonymized analytics events.
    • Cart data: the items in your active cart, stored via a Cart-Token in your browser localStorage.
    • Communications: emails, support tickets, and any messages you send us.

    3. Legal bases (Art. 6 GDPR)

    • Contract performance, for processing and shipping your orders.
    • Legal obligation, for invoice retention under Estonian accounting law and for age verification on restricted product categories.
    • Legitimate interest, for fraud prevention, service security, and basic analytics.
    • Consent, for marketing emails.

    4. Sharing with processors

    We share data only with processors that are strictly necessary to deliver our service. All processors are bound by Art. 28 GDPR data processing agreements:

    • Logistics partner for tracked delivery across Europe.
    • Payment processors: payprocc (cards), CoinPayments (cryptocurrency), and our banking partners (SEPA). Each has its own privacy policy governing payment data.
    • Hosting: Hetzner Online GmbH (Germany).
    • CDN and security: Cloudflare Inc. (see Section 7 regarding international transfers).
    • Email delivery: Postmark and Mailgun.
    • VAT compliance: Hellotax Global S.L. (Spain).

    5. Retention

    • Account data: until you delete your account, or after 3 years of inactivity.
    • Order and invoice data: 7 years, as required by Estonian accounting law.
    • Marketing consent: until you withdraw it.
    • Support communications: 2 years.
    • Anonymized analytics: up to 26 months.

    6. Your rights

    Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your data. You also have the right to withdraw consent at any time for processing based on consent. To exercise any right, email privacy@enhancedrepublic.com. You may also lodge a complaint with the Estonian Data Protection Inspectorate (AKI) at aki.ee, or with your local EU data protection authority.

    7. International transfers

    Most processing takes place inside the EU and EEA. Where data is processed outside the EU (notably by Cloudflare Inc. for CDN and security services), we rely on Standard Contractual Clauses approved by the European Commission, together with additional safeguards under the EU-US Data Privacy Framework.

    8. Cookies and local storage

    We use only strictly necessary technologies for core functionality:

    • Session cookie for login persistence.
    • Cart-Token, stored in your browser localStorage to preserve your cart across page loads.
    • Country cache, stored in your browser localStorage for 24 hours, used for geo-based banner display.

    We do not use third-party advertising cookies or tracking pixels. You can clear your browser data at any time.

    9. Data security

    All data in transit is encrypted with TLS 1.3. Data at rest is encrypted on our infrastructure providers. Access to personal data is restricted to authorized personnel on a need-to-know basis. We continuously review our security practices.

    10. Automated decision-making

    We do not use automated decision-making or profiling that produces legal effects concerning you.

    11. Children's data

    Our service is intended exclusively for adults aged 18 or older. We do not knowingly collect or process personal data from minors. If you believe we have inadvertently received data from a minor, contact privacy@enhancedrepublic.com and we will delete it promptly.

    12. Newsletter

    Marketing emails are sent only to subscribers who have explicitly opted in. We use double opt-in, which means you confirm your email before being added to the list. You can unsubscribe at any time via the link in any marketing email or by contacting privacy@enhancedrepublic.com.

    13. Changes to this policy

    We may update this policy to reflect changes in our service or in legal requirements. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email to account holders.