Toy Compass

Privacy Policy

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Stefan Weixler
35066 Frankenberg
E-Mail: kontakt@spielzeugkompass.com

2. Privacy at a Glance

This website collects as little personal data as possible. We do not use tracking cookies, social media tracking, or advertising technologies. For anonymized usage analytics we use PostHog (without cookies or persistent identifiers). Below we explain in detail what data we collect, on what legal basis, and for what purpose.

3. Hosting

This website is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). When visiting our website, Cloudflare automatically collects technical access data:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Requested page

The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient provision of the website). Cloudflare is certified under the EU-US Data Privacy Framework. More information: https://www.cloudflare.com/privacypolicy/

4. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock icon in your browser bar.

5. Cookies

This website only uses technically necessary cookies that are required for the operation of the website (e.g., language setting). No tracking, analytics, or advertising cookies are used. The analytics tool PostHog stores data exclusively in browser memory (no cookie, no localStorage). The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in the technical operation of the website).

6. Comment Function

On our product pages you can leave comments and ratings. The following data is collected:

  • Name (freely selectable, no real name required)
  • Comment text
  • Rating (optional, 1–5 stars)
  • IP address (stored anonymized as hash)
  • Time of creation

The IP hash is stored for spam prevention and abuse protection. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in spam prevention). Comments are only published after manual approval by the operator.

7. Cloudflare Turnstile

To protect our comment function from automated spam, we use Cloudflare Turnstile. When submitting a comment, a token is generated and sent to our server, which verifies it with Cloudflare. Cloudflare may process technical data such as IP address and browser information. No visible CAPTCHAs are displayed. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in protection against spam). More information: https://www.cloudflare.com/privacypolicy/

8. Usage Analytics with PostHog

This website uses PostHog (PostHog Inc., 965 Mission Street Suite 430, San Francisco, CA 94103, USA; EU server: Frankfurt) for anonymized analysis of website usage. The following data is processed:

  • Visited pages (URL)
  • Browser type and version
  • Operating system
  • Screen resolution
  • Time of visit

PostHog is operated with persistence: "memory": no cookies are set and no data is stored in localStorage. All analytics data is processed exclusively on EU servers in Frankfurt. The data is anonymized and does not allow identification of individual persons. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in improving our service). More information:

https://posthog.com/privacy

9. Affiliate Links (Amazon Associates Program)

This website contains affiliate links to the Amazon Associates Program. When you click on such a link, you will be redirected to Amazon. Amazon records via the referrer header that the visit originated from our website and may set its own cookies. We do not use any tracking technologies of our own in this context. Amazon is solely responsible for data processing by Amazon. For more information: Amazon Datenschutzhinweis

10. Storage Duration

Comments and associated data (IP hash, timestamp) are stored permanently until deleted by the operator or you request deletion. Server log data is stored by Cloudflare in accordance with their own retention policies.

11. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise these rights, you can contact us by email.

12. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You may contact the supervisory authority of your place of residence, your workplace, or the place of the alleged violation.

13. Updates to This Privacy Policy

This privacy policy is currently valid as of March 2026. Due to the further development of our website or changes in legal requirements, it may become necessary to update this privacy policy.