Privacy Policy – Practical kettles with clean designs for home, office, and shared spaces.trailhydration.com

Kettle Group GmbH (“we”, “us”, or “our”) operates the website www.trailhydration.com (the “Site”). We are committed to protecting the privacy and personal data of our users and customers in the European Economic Area (EEA), the United Kingdom, and the United States.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site and purchase our hydration products.

Data Controller
The entity responsible for the processing of your personal data under European and international data protection laws is:

Company: Kettle Group GmbH

Address: Berger Straße 77, 60316 Frankfurt am Main

Tel: +49 69 48006040

Email: kettle@trailhydration.com

Legal Basis for Processing (EEA & UK)
We process personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Our legal bases include:

Performance of a Contract (Art. 6(1)(b) GDPR): To process and fulfil your orders, manage your account, and provide customer support.

Legitimate Interests (Art. 6(1)(f) GDPR): To optimize our website performance, commercial operations, and fraud prevention measures.

Compliance with Legal Obligations (Art. 6(1)(c) GDPR): To adhere to statutory tax, commercial, and financial reporting requirements.

Information We Collect and How We Use It
3.1 Ordering and Transaction Data
When you purchase a product from our Site, we collect the necessary information required to fulfil the commercial transaction, including:

Full name

Shipping and billing addresses

Email address and telephone number

3.2 Technical and Usage Data
When you browse our Site, we automatically collect standard internet log information and technical data, including your IP address, browser type, operating system, and pages visited, to maintain operational stability and monitor for malicious activity.

Payment Processing via Stripe
To complete transactions on our Site, financial data is processed directly by our third-party payment processor.

Payment Processor: Stripe (Stripe Payments Europe, Ltd. for European transactions; Stripe, Inc. for US transactions).

Data Involved: Credit/debit card numbers, card verification codes, and billing details.

Processing Protocol: We do not store or host complete financial transaction credentials on our servers. All financial data is transmitted directly to Stripe via encrypted channels. Stripe handles this data in strict compliance with the Payment Card Industry Data Security Standard (PCI-DSS).

The processing of this information by Stripe is governed by Stripe’s own privacy policy, accessible via their official channels.

Data Sharing and International Transfers
We only share personal data with external service providers to the extent necessary to execute our business functions. These parties include:

Logistics and courier services for physical product delivery.

The designated payment processing infrastructure (Stripe).

IT infrastructure and hosting providers.

For users within the EEA, if data is transferred to entities outside the European Economic Area (such as US-based service infrastructure), such transfers are governed by appropriate safeguards, including European Commission-approved Standard Contractual Clauses (SCCs).

Data Retention Period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or to comply with statutory legal, accounting, and tax obligations.

Contractual & Transaction Data: Retained for the duration of the commercial relationship.

Statutory Retention (Germany/Europe): Under the German Commercial Code (HGB) and Fiscal Code (AO), specific transaction records, invoices, and accounting documentation containing personal data must be retained for up to ten (10) years.

US Compliance: Data is retained in alignment with federal and state limitation periods applicable to commercial contracts and financial record-keeping.

Once these retention periods lapse, the data is permanently deleted or anonymised.

Your Legal Rights
Depending on your geographical location, you possess specific statutory rights regarding your personal data.

7.1 EEA and UK Residents (GDPR)
You have the right to request access to, correction of, or erasure of your personal data. You may also object to processing, request restriction of processing, or request data portability. If you wish to exercise these rights, please contact us at kettle@trailhydration.com. You also hold the right to lodge a complaint with a competent supervisory authority in Germany or your jurisdiction of residence.

7.2 US Residents (State-Specific Privacy Laws)
In accordance with applicable US state privacy laws (including California, Virginia, and Colorado), residents have the right to request access to the specific pieces of personal data collected about them, request deletion of their data, and opt out of the sale or sharing of personal data (noting that Kettle Group GmbH does not sell personal data to third parties).

Data Security Measures
We deploy industry-standard technical and organizational measures designed to mitigate risks of unauthorised access, alteration, or disclosure of your personal data. These measures match the risk profile of the data processed. Please note that while we implement rigorous operational protocols to protect user data, transmissions over the internet cannot be classified as absolutely impenetrable.