Privacy Policy

Kaiser FC respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store and protect your information when you visit KaiserFC.com, create an account, place an order, subscribe to our newsletter or contact us. It applies to all visitors, customers and subscribers worldwide.

This policy is provided in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Data Controller

The data controller responsible for personal data processed through KaiserFC.com is:

Sebastian Bassini
Einzelunternehmen
Pfaffengasse 9
69117 Heidelberg, Germany
Email: hello@kaiserfc.com

For full legal information, please refer to our Impressum.

Who We Are

Kaiser FC is an independent football culture archive and apparel project based in Heidelberg, Germany. We create editorial content, archive-driven stories and apparel for supporters who value the traditions and human side of football.

Everything we publish and every product we make is rooted in that perspective. We do not sell personal data and we do not use it to build advertising profiles.

What Personal Data We Collect

We only collect information that is necessary to operate the website, process orders, provide customer support and improve the experience offered to visitors and customers.

Depending on how you interact with KaiserFC.com, we may collect the following categories of information:

• Name
• Email address
• Billing address
• Shipping address
• Phone number (if provided)
• Order details and purchase history
• Payment-related information (handled directly by payment providers)
• Account login credentials
• IP address
• Browser type and device information
• Communication history with customer support
• Newsletter subscription status

Legal Basis for Processing

We process personal data on the following legal grounds pursuant to Article 6(1) GDPR:

• Contractual necessity (Art. 6(1)(b) GDPR): Processing required to fulfill orders, manage customer accounts and provide customer service.
• Legal obligation (Art. 6(1)(c) GDPR): Retention of order and tax records for the periods required by German commercial and tax law.
• Consent (Art. 6(1)(a) GDPR): Newsletter subscriptions, optional cookies and analytics where applicable.
• Legitimate interests (Art. 6(1)(f) GDPR): Website security, fraud prevention, basic technical analytics that do not identify individuals, and improvement of the service.

Customer Accounts

Customers may create an optional account on KaiserFC.com. Guest checkout is also available, so creating an account is not required.

If you create an account, we store the information needed to manage your account, order history and checkout preferences. You are responsible for keeping your login details secure and choosing a strong password.

Orders & Payments

When you place an order, we collect the information necessary to process and fulfil your purchase: name, shipping address, billing details and order contents.

Payments are processed securely through trusted third-party providers:

• Stripe — Stripe Payments Europe Ltd., Ireland. stripe.com/privacy
• PayPal — PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. paypal.com/privacy

These providers operate under their own privacy and security frameworks and apply industry-standard protections to payment data. Kaiser FC does not store full credit card details on its servers. Sensitive card information is handled directly by the payment provider, not by us.

Fulfillment Partners

To produce and deliver our products efficiently, Kaiser FC works with carefully selected print-on-demand fulfillment partners located in the United States and Europe.

When an order is placed, the information required to manufacture and ship that order may be shared with our fulfillment partners. This typically includes:

• Recipient name
• Shipping address
• Product ordered (item, size, colour)
• Order details necessary for production and delivery

Only the information necessary to complete the order is provided. Our fulfillment partners are bound by their own data protection obligations, and the data shared is used exclusively for producing and shipping your order.

Newsletter & Email Communication

The Kaiser FC newsletter (“The Kaiser Transmission”) is delivered through our email service provider, Brevo (Sendinblue SAS), headquartered in Paris, France.

If you subscribe, your email address is stored by Brevo on EU-based infrastructure for the purpose of sending you Kaiser FC updates — new archives, product launches and editorial communications.

Subscription is opt-in and voluntary. You may unsubscribe at any time using the link included in every newsletter, or by contacting us directly at hello@kaiserfc.com. More information about Brevo: brevo.com/privacy.

Hosting & Infrastructure

KaiserFC.com is hosted by Hostinger International Ltd. on servers located in the European Union. The site runs on WordPress and WooCommerce.

Hosting providers process technical information such as IP addresses, browser data and session details as part of standard website operation, security and performance monitoring. They are not used to build personal profiles for advertising purposes.

Cookies

KaiserFC.com uses cookies and similar technologies for essential and, with your consent, optional purposes. When you first visit the site, you are presented with a consent banner allowing you to accept or reject non-essential cookies.

Essential cookies (no consent required) include:

• WooCommerce shopping cart and session cookies
• Customer account login session
• Cookie consent preference itself
• LiteSpeed Cache performance cookies
• Security cookies (CSRF and spam prevention)

Optional cookies (consent required) may include:

• Analytics cookies (when enabled)
• Marketing or attribution cookies (none currently active)

You can withdraw or change your cookie consent at any time by clearing your browser storage for kaiserfc.com. You may also disable cookies entirely through your browser settings, though some website features — including checkout and account functionality — may not work properly without them.

Analytics

We may use website analytics to understand which content is read, how customers navigate the site and where improvements can be made. Analytics are loaded only after the visitor has granted cookie consent.

Analytics data is reviewed in aggregate and is not used to build personal profiles or to deliver targeted advertising. IP addresses are anonymised wherever the analytics provider supports it.

Comments & Forms

If visitors leave comments or submit forms on the website, we may collect the data shown in the form, along with the IP address and browser information of the sender. This data helps us detect spam, protect the website and respond appropriately when needed.

Embedded Content

Pages or articles on this website may include embedded content such as videos, images or articles from other websites. Embedded content from other websites behaves exactly as if you had visited those websites directly. Those websites may collect data about you, use cookies and track your interaction with the embedded content according to their own policies.

How Long We Keep Your Data

We keep personal data only as long as necessary for the purposes for which it was collected, or as required by law:

• Order and invoicing data: 10 years from the end of the calendar year of the transaction, in accordance with § 147 AO (German Tax Code) and § 257 HGB (German Commercial Code).
• Customer account data: Until the customer requests deletion or the account becomes inactive for more than three years.
• Newsletter subscription data: Until the subscriber unsubscribes.
• Customer support communication: Up to three years after the last interaction.
• Technical logs: Up to thirty days for routine security and operational monitoring.

Once data is no longer required, it is either deleted or fully anonymised.

Your Rights

Under the GDPR and applicable national law, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — obtain confirmation of whether we process your data and receive a copy
• Right to rectification (Art. 16 GDPR) — correct inaccurate or incomplete data
• Right to erasure (Art. 17 GDPR) — request deletion of your data, subject to legal retention requirements
• Right to restriction (Art. 18 GDPR) — request that processing be limited
• Right to data portability (Art. 20 GDPR) — receive your data in a structured, machine-readable format
• Right to object (Art. 21 GDPR) — object to processing based on legitimate interests, including direct marketing
• Right to withdraw consent (Art. 7(3) GDPR) — withdraw consent at any time for processing based on it

To exercise any of these rights, contact us at hello@kaiserfc.com. We aim to respond to legitimate requests within thirty days and in accordance with applicable law.

Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the data protection authority of your federal state (Landesbeauftragte für Datenschutz und Informationsfreiheit), or the Federal Commissioner for Data Protection (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, BfDI).

For Baden-Württemberg (where Kaiser FC is based): baden-wuerttemberg.datenschutz.de

Children's Data

KaiserFC.com is not directed to children. We do not knowingly collect personal data from individuals under the age of sixteen (16). If you become aware that a minor has provided us with personal data without parental consent, please contact us so the data can be deleted.

California Resident Rights (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), regardless of where Kaiser FC is based.

Categories of Personal Information Collected

In the past twelve (12) months, Kaiser FC has collected the categories of personal information described in the “What Personal Data We Collect” section above, sourced directly from you when you visit the site, create an account, subscribe to the newsletter or place an order.

Sale or Sharing of Personal Information

Kaiser FC does not sell or share the personal information of any customer for monetary or other valuable consideration. We have not done so in the past twelve months and we do not plan to. Kaiser FC also does not engage in cross-context behavioural advertising.

Your California Rights

As a California resident, you have the right to:

• Know what personal information we collect about you, the categories of sources, the purposes for collection and the categories of third parties with whom it is shared
• Access a copy of the personal information we have collected about you
• Delete personal information we hold about you, subject to legal retention requirements (such as tax records)
• Correct inaccurate personal information
• Opt out of the sale or sharing of your personal information — we do not sell or share, but you may still record this preference
• Limit the use of sensitive personal information — we do not collect sensitive personal information for purposes beyond providing our service
• Non-discrimination — we will not deny service, charge different prices or provide a lower quality of service if you exercise any of these rights

How to Exercise Your California Rights

To exercise any of the rights described above, please contact us at hello@kaiserfc.com with the subject line “California Privacy Request.” We may need to verify your identity by requesting information to confirm your relationship to the data we hold.

You may also designate an authorised agent to make a request on your behalf, provided that the agent can demonstrate your authorisation. We will respond to verified requests within forty-five (45) days, with the possibility of one extension of up to forty-five additional days where reasonably necessary.

“Do Not Sell or Share” Signal

Kaiser FC honours the Global Privacy Control (GPC) browser signal. When detected, your visit will be treated as a request to opt out of any sale or sharing of personal information, even though we do not engage in such practices.

Data Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/SSL), restricted access to administrative systems, secure payment processing through certified providers, and trusted hosting infrastructure based in the European Union.

However, no method of online transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security on the internet.

International Customers & Data Transfers

Kaiser FC is based in Germany and ships internationally. If you place an order from outside the European Economic Area, your data may be processed in other countries where our payment, hosting, fulfillment or service providers operate.

For transfers outside the EEA, we rely on appropriate safeguards as required by Articles 44–49 GDPR, including Standard Contractual Clauses and adequacy decisions where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or legal requirements. The latest version will always be available on this page, with the “last updated” date shown at the top.

For the legal framework governing your use of the site, see our Terms & Conditions.

Contact

If you have questions about this Privacy Policy, your personal information or how your data is processed, we encourage you to contact us.

We believe privacy should be transparent, understandable and respectful. If anything in this document is unclear, or if you would like to know more about a specific practice, we are happy to explain.

Email: hello@kaiserfc.com
Postal: Sebastian Bassini, Pfaffengasse 9, 69117 Heidelberg, Germany