Privacy policy
Last updated: January 27, 2026
MyBearBrick operates this shop and website, including all related information, content, features, tools, products, and services, to provide you as a customer with a personalized shopping experience (the "Services"). MyBearBrick is based on Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, or share personal data when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is a conflict between our Terms and Conditions and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing, and sharing of your personal data.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and agree to the collection, use, and sharing of your data as described in this Privacy Policy.
What personal data do we collect or process?
When we use the term "personal data," we refer to information that identifies you or another person or can be directly associated with you. Personal data does not include information that is collected anonymously or anonymized in such a way that identification or association with you is not possible. Depending on how you interact with the Services, where you reside, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from such personal data:
- Contact data including name, postal address, billing address, shipping address, phone number, and email address.
- Financial data including credit, debit, and financial account numbers, payment card information, financial account information, transaction details, payment type, payment confirmation, and other payment details.
- Account information including username, password, security questions, configurations, and settings.
- Transaction information including items you view, add to cart, add to wishlist, or purchase, return, exchange, or cancel, as well as your past transactions.
- Communications with us including information you provide when communicating with us, for example, when you send a customer support inquiry.
- Device information including information about your device, browser, or network connection, IP address, and other unique identifiers.
- Usage information including information about your interaction with the Services, including how and when you interact with or browse the Services.
Sources of personal data
We may collect personal data through the following sources:
- Directly from you We collect data when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
- Automatically through the Services We collect data from your device or when you use our products or Services or visit our website, as well as through the use of cookies and similar technologies.
- From our service providers We collect data when we engage service providers to enable certain technologies and when they collect or process your personal data on our behalf.
- From our partners and other third parties
Cookies and similar technologies
As mentioned under "Sources of personal data," we use cookies and similar tracking technologies to automatically collect information when you interact with our Services. A cookie is a small text file stored on your device. We use these technologies to ensure the functionality of our website, analyze usage, and display personalized advertising.
Through our cookie banner (provided by Consentmo), you can manage or withdraw your consent to the use of non-essential cookies at any time. Below is a detailed list of cookies we use, categorized by their purpose:
Necessary Cookies
These cookies are essential for the basic functions of the website and shop (e.g., the shopping cart and checkout process) and cannot be disabled.
| Name | Description | Provider | Duration |
|---|---|---|---|
| _orig_referrer | Enables the merchant to identify where visitors come from. | Shopify | 2 weeks |
| _landing_page | Records the visitor's landing page when coming from other websites. | Shopify | 2 weeks |
| _ab | Used to control when the admin bar is displayed in the storefront. | Shopify | 1 year |
| _secure_session_id | This cookie is generally provided by Shopify and is used to track a user's session during the multi-step checkout process and to connect their order, payment, and shipping details. | Shopify | 1 day |
| cart | Contains information about the user's shopping cart. | Shopify | 2 weeks |
| cart_sig | This cookie is generally provided by Shopify and used in connection with checkout. It is used to verify the integrity of the cart and ensure the performance of certain cart operations. | Shopify | 2 weeks |
| cart_ts | This cookie is generally provided by Shopify and used in connection with checkout. | Shopify | 2 weeks |
| cart_ver | This cookie is generally provided by Shopify and used in connection with the shopping cart. | Shopify | 2 weeks |
| cart_currency | Used after checkout to initialize a new empty cart with the same currency. | Shopify | 2 weeks |
| checkout_token | Used by checkout to identify the user. | Shopify | Session |
| Secure_customer_sig | Unknown | Not available | Unknown |
| storefront_digest | Stores a digest of the storefront password so merchants can view their storefront in password protection mode. | Shopify | 1 year |
| cookieconsent_status | This cookie is linked to the Consentmo GDPR Compliance app and is used to store customer consent. | Consentmo | 1 year |
| cookieconsent_preferences_disabled | This cookie is linked to the Consentmo GDPR Compliance app and is used to store customer consent. | Consentmo | 1 day |
| _shopify_m | This cookie is generally provided by Shopify and is used to manage customer privacy settings. | Shopify | 1 year |
| _shopify_tm | This cookie is generally provided by Shopify and is used to manage customer privacy settings. | Shopify | 30 minutes |
| _shopify_tw | This cookie is generally provided by Shopify and is used to manage customer privacy settings. | Shopify | 2 weeks |
| _tracking_consent | Used to store a user's preferences when a merchant has set privacy rules in the visitor's region. | Shopify | 1 year |
| tracked_start_checkout | This cookie is generally provided by Shopify and used in connection with checkout. | Shopify | 1 year |
| identity_state | This cookie is generally provided by Shopify and used in connection with customer authentication. | Not available | 1 day |
| identity_customer_account_number | Stores an identifier to facilitate login between customer account and storefront domains. | Shopify | 12 weeks |
| _customer_account_shop_sessions | Used in combination with the _secure_account_session_id cookie to track user sessions for new customer accounts. | Shopify | 30 days |
| _secure_account_session_id | Used to track user sessions for new customer accounts. | Shopify | 30 days |
| _shopify_country | Used for Plus shops where currency/country is set via GeoIP to avoid further GeoIP queries. | Shopify | 30 minutes |
| _storefront_u | Used to facilitate the update of customer account data. | Shopify | 1 minute |
| _cmp_a | Used to manage customer privacy settings. | Shopify | 1 day |
| c | Unknown | Shopify | Unknown |
| checkout | Used by checkout to identify the user. | Shopify | 21 days |
| customer_account_locale | Used to track customer domain locale during redirects. | Shopify | 1 year |
| dynamic_checkout_shown_on_cart | Used in connection with payments. | Shopify | 30 minutes |
| hide_shopify_pay_for_checkout | Set when a buyer closes the Shop Pay login window during checkout. | Shopify | Session |
| shopify_pay | Used to log a buyer into Shop Pay when returning to checkout in the same shop. | Shopify | 1 year |
| shopify_pay_redirect | Used to speed up the checkout process when the buyer has a Shop Pay account. | Shopify | 1 year |
| shop_pay_accelerated | Indicates whether a buyer is eligible to use accelerated Shop Pay checkout. | Shopify | Session |
| keep_alive | Used when international domain forwarding is enabled to determine if the request is the first of the session. | Shopify | Session |
| source_name | Used in combination with mobile apps to provide personalized checkout behavior when browsing a compatible mobile app store. | Shopify | Session |
| master_device_id | Merchant authentication: Permanent device identifier, public version. | Shopify | 1 year |
| previous_step | Used in connection with payments. | Shopify | 1 year |
| discount_code | Stores a discount code received via URL parameter to apply at next checkout. | Shopify | Session |
| remember_me | Used in connection with payments. | Shopify | 1 year |
| checkout_session_lookup | Used in connection with payments. | Shopify | 3 weeks |
| checkout_prefill | Used in connection with payments. | Shopify | 5 minutes |
| checkout_queue_token | Used in connection with payments. | Shopify | 1 year |
| checkout_queue_checkout_token | Used in connection with payments. | Shopify | 1 year |
| checkout_worker_session | Used in connection with payments. | Shopify | Session |
| checkout_session_token | Used in connection with payments. | Shopify | 3 weeks |
| cookietest | Used to ensure our systems function properly. | Shopify | 1 minute |
| order | Used to provide access to the buyer's order details page. | Shopify | 3 weeks |
| identity-state | Stores a hash of the OAuth flow state between redirects. | Shopify | 1 day |
| card_update_verification_id | Used in connection with payments. | Shopify | 1 day |
| customer_account_new_login | Used in connection with user identification. | Shopify | 20 minutes |
| customer_account_preview | Used in connection with user identification. | Shopify | 7 days |
| customer_payment_method | Used in connection with payments. | Shopify | 60 minutes |
| customer_shop_pay_agreement | Used in connection with payments. | Shopify | 1 minute |
| pay_update_intent_id | Used in connection with payments. | Shopify | 20 minutes |
| localization | Used to localize the cart to the correct country. | Shopify | 2 weeks |
| profile_preview_token | Used to preview checkout customizations. | Shopify | 5 minutes |
| login_with_shop_finalize | Used to facilitate login with Shop. | Shopify | 5 minutes |
| preview_theme | Used in connection with the theme editor. | Shopify | Session |
| shopify-editor-unconfirmed-settings | Used in connection with the theme editor. | Shopify | 1 day |
| wpm-test-cookie | Used to ensure our systems function properly. | Shopify | Session |
Statistics Cookies
These cookies (also known as analytics cookies) help us understand how visitors interact with our website by collecting and reporting information anonymously. This enables us to improve our Services. Consent is voluntary.
| Name | Description | Provider | Duration |
|---|---|---|---|
| _s | This cookie is linked to the Shopify analytics suite. | Shopify | 30 minutes |
| _shopify_d | Unknown | Not available | Unknown |
| _shopify_fs | This cookie is linked to the Shopify analytics suite. | Shopify | 30 minutes |
| _shopify_s | Used to identify a specific browser session/shop combination. Valid for 30 minutes after last use. | Shopify | 30 minutes |
| _shopify_sa_t | This cookie is linked to the Shopify analytics suite for marketing and referrals. | Shopify | 30 minutes |
| _shopify_sa_p | This cookie is linked to the Shopify analytics suite for marketing and referrals. | Shopify | 30 minutes |
| _shopify_y | Shopify Analytics. | Shopify | 1 year |
| _y | This cookie is linked to the Shopify analytics suite. | Shopify | 1 year |
| _shopify_evids | Unknown | Not available | Unknown |
| _ga | This cookie name is linked to Google Universal Analytics. | Google Analytics | 2 years |
| _gat | This cookie name is linked to Google Universal Analytics. | Google Analytics | 1 minute |
| __atuvc | Unknown | Not available | Unknown |
| __atuvs | Unknown | Not available | Unknown |
| __utma | Unknown | Not available | Unknown |
| customer_auth_provider | This cookie is linked to the Shopify analytics suite. | Not available | Session |
| customer_auth_session_created_at | This cookie is linked to the Shopify analytics suite. | Not available | Session |
Marketing Cookies
These cookies are used to display relevant advertisements and marketing campaigns to visitors. They track visitors across websites and collect information to provide tailored advertisements. Consent is voluntary.
| Name | Description | Provider | Duration |
|---|---|---|---|
| _gads | Unknown | Not available | Unknown |
| IDE | This domain is owned by Doubleclick (Google). Main business activity: Doubleclick is Google's real-time advertising exchange. | Google DoubleClick | 2 years |
| GPS | This cookie is linked to YouTube, which collects user data via videos embedded in websites, aggregated with profile data from other Google services, to display targeted advertising to web visitors across a wide range of their own and other websites. | YouTube | Session |
| PREF | This cookie, which may be set by Google or Doubleclick, may be used by advertising partners to build an interest profile to display relevant ads on other websites. | YouTube | 8 months |
| BizoID | This is a first-party cookie from Microsoft MSN to enable user-based content. | 1 month | |
| _fbp | Used by Facebook to deliver a range of advertising products such as real-time bidding from third-party advertisers. | Meta Platforms, Inc. | 3 months |
| _fbc | Unknown | Not available | Unknown |
| __adroll | This cookie is linked to AdRoll. | Adroll Group | 1 year |
| __adroll_v4 | This cookie is linked to AdRoll. | Adroll Group | 1 year |
| __adroll_fpc | This cookie is linked to AdRoll. | Adroll Group | 1 year |
| __ar_v4 | This cookie is linked to AdRoll. | Adroll Group | 1 year |
Preference Cookies
These cookies enable a website to remember information that affects the behavior or appearance of the website, such as your preferred language or the region where you are located. Consent is voluntary.
| Name | Description | Provider | Duration |
|---|---|---|---|
| _gid | This cookie name is linked to Google Universal Analytics. | Google Analytics | 1 day |
| __cfduid | Unknown | Not available | Unknown |
How do we use your personal data?
Depending on how you interact with us or which Services you use, we may use personal data for the following purposes:
- Providing, customizing, and improving the Services. We use your personal data to provide you with the Services. This includes, among other things, fulfilling our contract with you, processing your payments, executing your orders, storing your configurations and items you are interested in, sending notifications related to your account, creating, maintaining, and otherwise managing your account, organizing shipping, facilitating returns and exchanges, enabling you to submit reviews, and creating a personalized shopping experience for you by, for example, recommending products based on your purchases. This may also include using your personal data to better customize and improve the Services.
- Marketing and advertising. We use your personal data for marketing and advertising purposes, for example, to send marketing and advertising communications via email, SMS, or mail, and to display online advertising for products or services for the Services or other websites, including based on items you have previously purchased or added to your cart, as well as other activities related to the Services.
- Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action against potential fraudulent, illegal, unsafe, or malicious activities, protect public safety, and ensure the security of our Services. If you choose to use the Services and register an account, you are responsible for protecting your account login credentials. We strongly recommend that you do not share your username, password, or other access credentials with others.
- Communicating with you. We use your personal data to provide you with customer support and effective services, respond promptly to your inquiries, and maintain our business relationship with you.
- Legal reasons. We use your personal data to comply with applicable law or respond to lawful process, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual litigation, or other adversarial proceedings, and to investigate potential violations of our terms or policies or to enforce our terms and policies.
How do we share personal data?
Under certain circumstances, we may share your personal data with third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:
- With Shopify, these are providers and other third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, fulfillment, and shipping).
- We share personal data with business and marketing partners who provide marketing services to you and display advertising to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activities across various merchants and websites. Our business and marketing partners use your data in accordance with their own privacy policies. Depending on where you reside, you may have the right to instruct us not to share information about you to display targeted advertising and marketing based on your online activities across various merchants and websites. If you wish to exercise your right and opt out of such uses, you can do so here
- When you request or otherwise consent to the sharing of certain information with third parties, for example, to deliver products to you, or when you use social media widgets or login integrations.
- We share personal data with our affiliates or otherwise within our corporate group.
- In connection with a business transaction such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
Relationship with Shopify
The Services are hosted by Shopify, where Shopify collects and processes personal data about your access to and use of the Services to provide and improve the Services. Data you submit to the Services will be shared with Shopify and third parties who may be located in countries other than your country of residence to provide and improve the Services. To protect, expand, and improve our business, we also use certain advanced Shopify features that incorporate data and information from your interactions with our shop, with other merchants, and with Shopify. To provide these advanced features, Shopify may use personal data collected about your interactions with our shop, other merchants, and Shopify. Under these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information about how Shopify uses your personal data and what rights you have, please see the Shopify Consumer Privacy Policy. Depending on where you reside, you can exercise certain rights regarding your personal data listed here at the Shopify Privacy Portal.
Third-party websites and links
The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliate websites or not controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of information found on those websites. Information you provide in public or semi-public places, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without restrictions on their use by us or by any third party. Our inclusion of such links does not imply that we endorse the content of those platforms or their owners or operators, unless expressly stated in the Services.
Children's data
The Services are not intended for use by children, and we do not knowingly collect personal data from children who are not yet of legal age in your country. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details below to request deletion of that data. As of the effective date of this Privacy Policy, we are not aware that we "share" or "sell" personal data from individuals under 16 years of age (as those terms are defined in applicable law).
Security and retention of your data
Please note that no security measures are perfect or impenetrable, and we therefore cannot guarantee "perfect security." Additionally, information you send to us may be at risk during transmission. We recommend that you do not use insecure channels when transmitting sensitive or confidential information to us.
How long we retain your personal data depends on various factors. These include, for example, whether we need the data to manage your account, provide you with Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.
Your rights and choices
Depending on where you reside, you may have some or all of the rights listed below with respect to your personal data. However, these rights are not absolute, may only apply under certain circumstances, and in certain cases, we may decline your request to the extent permitted by law.
- Right of access. You may have the right to request access to the personal data we hold about you.
- Right to erasure. You may have the right to request that we delete the personal data we hold about you.
- Right to rectification. You may have the right to request that we correct inaccurate personal data we hold about you.
- Right to data portability. You may have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party under certain circumstances and with certain exceptions.
- Managing communication preferences. We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you opt out, we may still send you non-promotional emails, such as about your account or orders you have placed.
If you reside in the United Kingdom or the European Economic Area, subject to exceptions and limitations under local law, you may exercise the following rights in addition to those mentioned above:
- Right to object and right to restriction of processing. You may have the right to request that we cease or restrict the processing of personal data for certain purposes.
- Withdrawal of consent. Where we rely on consent to process your personal data, you have the right to withdraw that consent. If you withdraw your consent, this will not affect the lawfulness of processing based on your consent before withdrawal.
You can exercise these rights where indicated in the Services or by contacting us using the contact details below. For more information about how Shopify uses your personal data and what rights you have, including rights regarding data processed by Shopify, please visit https://privacy.shopify.com/en.
Exercising these rights will not result in any disadvantage to you. Where permitted or required by applicable law, we may need to verify your identity before processing your requests. In accordance with applicable laws, you may designate an authorized agent to make requests to exercise your rights on your behalf. Before we accept such a request from an agent, we require them to provide proof that you have authorized them to act on your behalf. This may require you to verify your identity directly with us. We will respond to your request promptly in accordance with applicable law.
Complaints
If you have complaints about how we process your personal data, please contact us using the contact details below. Depending on where you reside, you have the right to appeal our decision by contacting us at the contact details below or by filing your complaint with the relevant data protection authority. For the European Economic Area, there is a list of relevant data protection supervisory authorities. If you wish to access this list, you can do so here.
International transfers
Please note that we may transfer, store, and process your personal data outside the country in which you reside.
When we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses or equivalent contracts issued by the relevant UK authority, unless the data transfer is to a country that demonstrably provides an adequate level of protection.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example, to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date accordingly, and provide notice as required by applicable law.
Contact
If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of the rights available to you, please contact us by phone at +49 (0)711 84940172, by email at info@mybearbrick.de, or by mail at Gabriele-Münter-Straße 22, 73760 Ostfildern, Germany. For the purposes of applicable data protection laws, we are the data controller for your personal data.