Privacy Policy
§ 1 General Information
This privacy policy provides detailed information about what happens to your personal data when you visit our website costvera.com. All data that allows personal identification on your part is personal data. We strictly comply with legal requirements when processing your data, in particular the General Data Protection Regulation („GDPR“). We consider it very important that your visit to our website is completely secure.
§ 2 Data Controller
The responsibility for the collection and processing of personal data on this website lies with:
- Name: Kolja Barde
- Address: Kolja Barde, c/o COCENTER, Koppoldstr. 1, 86551 Aichach
- Country: Germany
- Email: kontakt@costvera.com
§ 3 Access Data (Server Log Files)
When you visit our website, we automatically collect access data that your browser transmits to us and store it in so-called server log files. This includes:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Date and time of the server request
- IP address (possibly in anonymised form)
§ 3 (continued)
As a rule, it is not possible for us to assign this data to a specific person, nor is it our intention. This data is processed in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interest in improving the stability and functionality of our website.
We use Railway Corp., 2261 Market Street #4833, San Francisco, CA 94114, USA (“Railway”) to host and operate this website. Railway processes the technical data required for secure and stable operation (e.g. server log data) on our behalf. The legal basis is Art. 6(1)(f) GDPR; where applicable, processing is based on Art. 28 GDPR (data processing agreement). If personal data is transferred to third countries, such transfer is based on appropriate safeguards (in particular standard contractual clauses).
§ 4 Cookies
We use so-called cookies to make your visit to our website attractive and to enable the use of certain functions. These are small text files that are stored on your device. Cookies cannot execute programs or transmit viruses to your computer.
Necessary cookies that are required for electronic communication or the provision of certain functions are stored in accordance with Art. 6(1)(f) GDPR. Our legitimate interest in storage is the technically fault-free and optimised provision of our services. Other cookies (e.g. for analysing your browsing behaviour) are dealt with separately in this privacy policy.
We mainly use so-called „session cookies“, which are automatically deleted after your visit. We also use cookies that remain on your device until you delete them. These allow us to recognise your browser on your next visit.
You can set your browser to notify you when cookies are set, to allow cookies in individual cases, or to generally reject cookies. You can also set cookies to be automatically deleted when you close the browser. Please note that disabling cookies may limit the functionality of this website.
§ 4a Web Analytics (Amplitude)
If you choose „Accept all“ in the cookie banner, we use the analytics service Amplitude (Amplitude, Inc., USA). Amplitude collects usage data (e.g. page views, events) to evaluate and improve the use of the website. The legal basis is your consent (Art. 6(1)(a) GDPR). Processing only takes place after your consent; you can withdraw this at any time via the cookie banner or your cookie settings.
For more information on Amplitude, data processed and your rights, see https://amplitude.com/privacy. Data may be processed in the USA; Amplitude uses appropriate safeguards (e.g. standard contractual clauses).
§ 4b Web Analytics (Google Analytics)
If you have given your consent, Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), is used on this website. Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to and stored by Google on servers in the United States.
In Google Analytics 4, IP anonymization is activated by default. As a result, your IP address will be truncated by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting your cookie settings on our website.
§ 4c Google Ads Conversion Tracking
We use the offer of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We serve these advertising materials via so-called “Ad Servers”. For this purpose, we use Ad Server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured.
If you access our website via a Google ad, Google Ads stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time in the cookie settings.
§ 5 Contact
When you contact us, including by email, the data you provide, including your contact details, is stored so that we can process your enquiry and respond to any follow-up questions. This data is not passed on to third parties without your express consent.
The processing of your personal data is based solely on your consent in accordance with Art. 6(1)(a) GDPR. You have the right to withdraw this consent at any time without giving reasons. An informal email to us is sufficient. The lawfulness of processing carried out before withdrawal is not affected.
The data you provide will be stored by us until you request deletion, withdraw your consent to storage, or the purpose for storage no longer applies. Statutory retention periods remain unaffected.
§ 5a Email Delivery (Resend)
For transactional email delivery, we use Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA (“Resend”). Resend processes the data required for email delivery on our behalf.
Depending on the type of message, processing is based on Art. 6(1)(b) GDPR (performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in reliable and secure email delivery). If personal data is transferred to third countries, such transfer is based on appropriate safeguards (in particular standard contractual clauses).
§ 6 Customer Account
Creating a customer account requires your consent to the storage of your master data (name, address, email, bank details) and usage data (username, password). This data is stored to allow you to place orders via your account using your email and password.
§ 7 Online Payments
To process your order we need certain personal data from you. Mandatory fields are marked accordingly. Depending on the payment method you choose, the data required for payment processing is transmitted to the respective payment service provider. The legal basis for processing is Art. 6(1)(b) GDPR.
A. Apple Pay
Our website uses Apple Pay. The service provider is Apple Inc., USA. For data processing in connection with Apple Pay, see https://www.apple.com/legal/privacy/.
B. Mastercard
Our website uses the payment service provider Mastercard. For the European region, Mastercard Europe SA, Belgium, is responsible. For more information see https://www.mastercard.com/global/en/legal/privacy.html.
C. PayPal
Our website uses PayPal. For the European region, PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg, is responsible. For more information see https://www.paypal.com/legal/privacy-full.
D. Visa
Our website enables payments via Visa. For more information see https://www.visa.com/legal/privacy-policy.html.
E. Stripe
For online payment processing, we use Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (and, where applicable, affiliated Stripe entities) (“Stripe”). Payment-related data is transmitted to Stripe only to the extent necessary for payment processing.
The legal basis is Art. 6(1)(b) GDPR (performance of a contract) and, where applicable, Art. 6(1)(c) GDPR (legal obligations). Further information on Stripe’s data processing is available at: https://stripe.com/privacy.
§ 8 Use and Disclosure of Data
We assure you that personal data you provide to us (e.g. when placing an order or by email), such as your name, address or email, will not be sold or otherwise used for commercial purposes by third parties. Your data is processed solely for correspondence with you and to fulfil the purpose for which you provided it. As part of payment processing, your payment data is forwarded to the commissioned payment institution.
Data collected automatically when you visit our website is used solely for the purposes described above. The data is not used for any other purpose.
The protection of your personal data is important to us. We do not pass on your data to third parties unless we are legally obliged to do so or you have given us your express consent.
§ 9 Encryption (SSL/TLS)
Our website uses SSL or TLS encryption to ensure the security and protection of confidential content. This applies in particular to orders or enquiries that you send to us as the website operator. An encrypted connection is indicated by „https://“ in the address bar of your browser and the lock symbol.
SSL/TLS encryption ensures that data you send to us cannot be read by unauthorised third parties.
§ 10 Storage Period
Your personal data that you transmit to us via our website is stored only for as long as necessary to achieve the respective purpose of processing. In accordance with commercial and tax retention obligations, storage of certain data may extend to 10 years.
§ 11 Your Data Protection Rights
As a data subject, you have the following rights vis-à-vis the controller in accordance with the law:
A. Right to withdraw consent
If processing is based on your consent, you have the right to withdraw it at any time with effect for the future (Art. 7(3) GDPR). The lawfulness of processing carried out before withdrawal remains unaffected.
B. Right of access
Under Art. 15 GDPR you have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data and related information (purposes, categories, recipients, storage period, your rights, origin, etc.).
C. Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you and/or the completion of incomplete data (Art. 16 GDPR).
D. Right to erasure
You have the right to obtain the erasure of your personal data where the conditions of Art. 17 GDPR are met (e.g. purpose no longer applies, withdrawal of consent, objection, unlawful processing). Legal retention obligations may limit this right.
E. Right to restriction of processing
Under Art. 18 GDPR you have the right to obtain restriction of processing (e.g. while accuracy is verified). Contact details can be found in the imprint.
F. Right to be informed
If you exercise your right to rectification, erasure or restriction, we are obliged under Art. 19 GDPR to inform all recipients to whom the data was disclosed. We will inform you of these recipients on request.
G. Right not to be subject to automated decision-making (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions apply e.g. for contract performance or with your explicit consent.
H. Right to data portability
Where processing is based on consent or contract and is carried out by automated means, you have the right under Art. 20 GDPR to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller.
I. Right to object
Where we process your data on the basis of a balancing of interests (Art. 6(1)(f) GDPR), you have the right to object at any time on grounds relating to your situation. We will then no longer process the data unless we demonstrate compelling legitimate grounds. You may object to direct marketing at any time.
J. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you consider that processing infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work or place of the alleged infringement. Our competent authority is: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany, poststelle@lda.bayern.de, https://www.lda.bayern.de.
§ 12 Validity and Amendments to this Privacy Policy
This privacy policy is effective as of 14 February 2026. We reserve the right to amend it as necessary in compliance with applicable data protection law, for example to meet new legal requirements or to reflect changes to our website or new services. The current version available on our website at the time of your visit is binding.
In the event of changes, we will publish them on this page to inform you fully about what personal data we collect, how we process it and under what conditions we may disclose it.