Language
Account
Women
Featured
Brand

SPRING/SUMMER '26

New Arrivals

ARCHIVE SALE

Last Seasons Up To 60% Off

HOME GOODS

Selected Home Goods
Men
Featured
Brand

SPRING/SUMMER '26

Early Season Arrivals

ARCHIVE SALE

Last Seasons Up To 60% Off

HOME GOODS

Selected Home Goods

Cart

Your cart is empty

Continue shopping

Privacy policy

STATUS AND SCOPE
This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data when using our website and our online shop.

1. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 We are pleased that you are visiting our website. In the following, we inform you about how your personal data is handled when using our website. Personal data means all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Rotholz GmbH
Geschwister Scholl Straße 94
14471 Potsdam
Germany
Phone: +49 (0) 331 9678 0000
Email: hello@rotholz-store.com

1.3 Data Protection Officer
A Data Protection Officer has not been appointed for our company, as there is no legal obligation to do so. If you have any questions regarding data protection, please contact us using the contact details listed in section 1.2.

1.4 For security reasons and to protect the transmission of confidential content (for example orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” in the address bar and the lock symbol in your browser.

2. DATA COLLECTION WHEN VISITING OUR WEBSITE (SERVER LOG FILES)

2.1 When you use our website for informational purposes only, we collect only the data that your browser transmits to our server (server log files). In particular, the following data may be processed:

  • visited page

  • date and time of access

  • amount of data transferred

  • referrer URL (source of the request)

  • browser type and browser version

  • operating system

  • IP address (possibly shortened or anonymized)

2.2 Purpose and legal basis
The processing is carried out for the technical provision of the website, to ensure stability and security, and for error analysis. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a secure and functional website).

2.3 Storage period
Log data is generally stored only for as long as necessary for the above purposes and is subsequently deleted or anonymized unless legal obligations or legitimate reasons (for example investigation of misuse) require longer storage.

3. HOSTING AND CONTENT DELIVERY

3.1 Hosting by Shopify
We use the shop system and hosting services of Shopify (Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland) to operate our online shop. In the course of this use, personal data may be processed on Shopify’s servers. Shopify may also use affiliated companies and subcontractors for this purpose, particularly in Canada and the United States.

3.2 Legal basis and purpose
Processing takes place for the provision, maintenance and operation of the online shop and for the processing of orders. The legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in a secure and efficient shop operation).

3.3 Transfer to third countries
Where data is transferred to third countries (for example the United States), this is done on the basis of appropriate safeguards, in particular the standard contractual clauses of the European Commission (Art. 46 GDPR) and, where necessary, additional protective measures. Further information about Shopify’s data protection practices can be found at:
https://www.shopify.de/legal/datenschutz
https://www.shopify.com/legal/dpa

4. COOKIES AND CONSENT MANAGEMENT

4.1 General
We use cookies and similar technologies (for example local storage or tracking pixels) to provide functions, store settings, enable the ordering process and – where you have given consent – to use marketing and analytics features. Cookies are small text files that are stored on your device.

4.2 Categories of cookies

a) Technically necessary cookies
These cookies are required to provide basic website functions (for example shopping cart, checkout or language settings). The legal basis is Art. 6(1)(b) GDPR (contract or pre-contractual measures) and/or Art. 6(1)(f) GDPR (legitimate interest in a functional website).

b) Optional cookies (analytics and marketing)
These cookies are only set if you have consented via our consent tool. The legal basis is Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time with effect for the future via the cookie settings.

4.3 Browser cookie settings
You can delete or block cookies at any time in your browser settings. If cookies are blocked, some functions of the website may be restricted.

5. CONTACTING US

5.1 If you contact us (for example by email or contact form), we process the data you provide (for example name, email address and message) in order to process your request.

5.2 Legal basis

Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). If your inquiry relates to the conclusion of a contract, the additional legal basis is Art. 6(1)(b) GDPR.

5.3 Storage period
The data will be deleted once your request has been fully processed and provided that no statutory retention obligations apply.

6. CUSTOMER ACCOUNT AND CONTRACT PROCESSING

6.1 When placing orders and/or creating a customer account, we process in particular the following data:

  • master data (for example name)

  • contact data (for example email address, telephone number)

  • address data (billing and delivery address)

  • order, payment and shipping data

6.2 Purpose and legal basis
Processing is carried out for the performance of the contract, order processing, delivery and customer service. The legal basis is Art. 6(1)(b) GDPR.

6.3 Storage period
We store data within the scope of statutory retention periods (in particular commercial and tax law obligations). After these periods expire, the data will be deleted unless another lawful basis for processing exists.

7. NEWSLETTER AND EMAIL COMMUNICATION

7.1 Newsletter subscription (double opt-in)
If you subscribe to our newsletter, we use your email address to send it. Subscription takes place using the double opt-in procedure. For verification purposes, we store your IP address as well as the date and time of subscription and confirmation.

7.2 Legal basis
Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time, for example via the unsubscribe link in the newsletter or by contacting us.

7.3 Newsletter distribution via Mailchimp (The Rocket Science Group LLC d/b/a Mailchimp, USA)
The newsletter may be sent via Mailchimp. The data required for sending the newsletter is transmitted to Mailchimp. Mailchimp may evaluate usage data (for example open rates and click rates) using tracking technologies, where this is active within your newsletter subscription.

7.4 Transfer to third countries

Mailchimp processes data in the United States. Data transfers take place on the basis of appropriate safeguards, in particular standard contractual clauses (Art. 46 GDPR). Further information:
https://mailchimp.com/legal/privacy/
https://mailchimp.com/legal/data-processing-addendum/

7.5 Storage period
After you unsubscribe, your email address will be removed from the distribution list unless statutory retention obligations or another legal basis apply.

8. PRODUCT AVAILABILITY NOTIFICATION

8.1 If you request a product availability notification, we process your email address in order to inform you once when the product becomes available.

8.2 Legal basis

Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in providing customer-friendly service), depending on the specific implementation (for example double opt-in).

8.3 Storage period
The data will be deleted after the notification has been sent or once the purpose no longer applies, unless statutory retention obligations apply.

9. DATA PROCESSING FOR ORDER PROCESSING, SHIPPING AND PAYMENT

9.1 Shipping service providers
For delivery, we transmit the necessary data (name, delivery address and, if necessary, telephone number) to shipping service providers (for example DHL). The legal basis is Art. 6(1)(b) GDPR.

9.2 Order processing services (for example Billbee)
For order processing we may use service providers (for example Billbee GmbH, Paulinenstraße 54, 32756 Detmold, Germany). The data necessary for processing is transmitted. The legal basis is Art. 6(1)(b) GDPR.

9.3 Payment service providers
For payment processing we process the payment and transaction data necessary depending on the selected payment method. The legal basis is Art. 6(1)(b) GDPR.

We offer in particular the following payment methods:
a) Shopify Payments (technical provider: Stripe Payments Europe Ltd., Ireland)
b) PayPal (Europe) S.a.r.l. et Cie, S.C.A., Luxembourg
c) Apple Pay (Apple Distribution International, Ireland)

Further information can be found in the privacy policies of the respective providers:
Stripe: https://stripe.com/de/privacy
PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Apple Pay: https://support.apple.com/de-de/HT203027

Note: If payment providers carry out their own credit checks, this takes place within their own responsibility. Please refer to the respective privacy notices of the providers.

10. ONLINE MARKETING AND TRACKING (ONLY WITH CONSENT, WHERE USED)

10.1 General
We only use marketing and tracking technologies if you have given consent via our consent tool (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with effect for the future.

10.2 Meta Pixel (Facebook/Meta) including Advanced Matching
Where used, we use the Meta Pixel of Meta Platforms Ireland Limited, Ireland. Information about your user behavior (for example visited pages or events such as “purchase”) may be processed and transmitted to Meta. In the case of Advanced Matching, additional data you provide (for example your email address) may be transmitted in hashed form in order to better assign conversions. The tool is used only after consent via the consent tool. Data transfers to third countries (in particular the United States) may occur. Appropriate safeguards are implemented in accordance with Art. 46 GDPR (for example standard contractual clauses).

10.3 Google services (for example Google Ads conversion tracking, remarketing or AdSense)
Where used, we use services from Google Ireland Limited, Ireland. Cookies or identifiers may be set and usage data may be processed in order to measure advertising and display interest-based advertising. These services are only used with your consent. Data may be transferred to servers of Google LLC in the United States. Appropriate safeguards are implemented in accordance with Art. 46 GDPR.
Further information: 
https://policies.google.com/privacy
https://policies.google.com/technologies/partner-sites

11. CATEGORIES OF RECIPIENTS

Recipients of your data may include in particular:

  • hosting and shop platform providers (Shopify)

  • shipping service providers (for example DHL)

  • payment service providers (Shopify Payments/Stripe, PayPal, Apple Pay)

  • order processing service providers (for example Billbee)

  • newsletter and email service providers (for example Mailchimp), where used

  • IT service providers for maintenance and support

Where necessary, we engage service providers as processors pursuant to Art. 28 GDPR.

12. OBLIGATION TO PROVIDE DATA

The provision of personal data is necessary for the conclusion and performance of a contract (for example ordering, shipping or payment). Without this data we are generally unable to conclude or perform the contract. The provision of data for newsletters or marketing purposes is voluntary.

13. AUTOMATED DECISION-MAKING AND PROFILING

As a rule, we do not carry out automated decision-making within the meaning of Art. 22 GDPR. If third-party providers (for example advertising platforms) use profiling for advertising purposes, this takes place only with your consent and within their responsibility or joint responsibility where applicable. Please refer to the respective privacy notices of these providers for further details.

14. RIGHTS OF DATA SUBJECTS

Where the statutory requirements are met, you have the following rights:

  • right of access (Art. 15 GDPR)

  • right to rectification (Art. 16 GDPR)

  • right to erasure (Art. 17 GDPR)

  • right to restriction of processing (Art. 18 GDPR)

  • right to data portability (Art. 20 GDPR)

  • right to withdraw consent (Art. 7(3) GDPR)

  • right to object to processing based on legitimate interests (Art. 21 GDPR)

  • right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

15. RIGHT TO OBJECT

If we process personal data on the basis of Art. 6(1)(f) GDPR (legitimate interest), you have the right to object at any time to this processing for reasons arising from your particular situation. We will then no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. In this case we will no longer process your data for these purposes.

16. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is in particular the authority of your habitual place of residence or the location of our company. For Brandenburg, this is the State Commissioner for Data Protection and the Right of Access to Files of Brandenburg.

17. STORAGE PERIOD OF PERSONAL DATA

The storage period depends on:

  • the respective legal basis

  • the purpose of processing

  • statutory retention periods (in particular commercial and tax law obligations)

Data from contracts and orders is stored within the statutory retention periods and then deleted. Data based on consent is stored until the consent is withdrawn. Data processed on the basis of legitimate interests is stored until an objection is made unless overriding reasons or legal obligations apply. Log data is generally stored only for a short period (see section 2.3).

18. CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this Privacy Policy in order to adapt it to changes in legal requirements or changes to our services. The version published on this website shall apply.

Conscious Materials

We work exclusively with certified, responsibly sourced materials — organic cotton, linen, organic wool, and recycled fibers. Natural, durable, and carefully chosen for people and planet.

Human Craft

Our pieces are made in close collaboration with European, family-run ateliers and small master workshops. Built on fairness, respect, and long-term relationships — with safe conditions and fair wages throughout.

Made in Europe

All production steps take place in Europe — from fabrics to finishing. Short distances, close oversight, and reduced CO₂ emissions through proximity and transparency.

Designed to Last

Longevity guides every decision — from material choice to construction. Durable, repair-friendly garments made to be worn, cared for, and kept over time.