Compliance - https://carrera-toys.com BeaverCheck Audit

F

GDPR Article 13 Disclosures

Action

0 / 8 Art. 13 categories matched in homepage body

FIX

0 / 8 Art. 13 categories matched in homepage body

GDPR Article 13 disclosure coverage: 0 / 8 categories

Scanned the homepage body text for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: this scan does not fetch the privacy policy sub-page; if Article 13 disclosures live there, they are not visible to this check.

Got: 0/8

C

Cookie Consent & Privacy

Action

privacy policy found

REVIEW

privacy policy found

Privacy policy link found

Got: https://www.ad4mat.com/de/datenschutz/

Terms of service link found

No cookie consent banner detected

3 non-essential cookie(s) set without consent banner

Unrecognized (treated as non-essential): localization, cart_currency, _shopify_essential

This is an automated check, not legal advice

BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

Consent Banner Not detected Privacy Policy https://www.ad4mat.com/de/datenschutz/ Terms of Service https://www.shopify.com/legal/privacy

Pre-consent Cookies

localization Functional

cart_currency Functional

_shopify_essential Functional

This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.

Unrecognized (treated as non-essential): localization, cart_currency, _shopify_essential

Why this matters

Setting tracking cookies without a consent banner is the single most-fined GDPR violation in EU enforcement actions.

Learn more ▾

GDPR + ePrivacy require opt-in BEFORE setting non-essential cookies. Loading Google Analytics, Facebook Pixel, or any third-party tracker on page load -- without a consent mechanism -- is the highest-frequency fine pattern in EU enforcement. Add a Consent Management Platform (Cookiebot, OneTrust, Klaro) that blocks tracker scripts until consent.

Source: GDPR + ePrivacy Directive / EU DPA enforcement

BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.

Why this matters

Disclaimer: legal-page checks identify presence/absence; consult counsel for legal sufficiency.

B

Hreflang Configuration

2 hreflang issue(s) across 13 tag(s)

REVIEW

2 hreflang issue(s) across 13 tag(s)

No `x-default` hreflang tag

Google recommends including `<link rel="alternate" hreflang="x-default" href="...">` so search engines have a fallback URL for users whose language / region doesn't match any specific hreflang entry. Typically points to a language-selection page or your default locale.

Hreflang cluster missing self-reference

This page (https://carrera-toys.com/de-eu) appears in no hreflang entry on itself. Per Google's spec, each page in a hreflang cluster must include its own URL with the appropriate hreflang code -- otherwise the cluster is incomplete and search engines may not index alternates correctly.

C

Viewport Configuration

Action

Viewport prevents zooming

REVIEW

Viewport prevents zooming

Viewport meta tag is present

width=device-width is set

Viewport prevents user zooming

user-scalable=no or maximum-scale < 2 prevents users from zooming. This is a WCAG 1.4.4 (Level AA) failure and an accessibility barrier for users with low vision.

Got: width=device-width, initial-scale=1.0, height=device-height, minimum-scale=1.0, maximum-scale=1.0 Expected: width=device-width, initial-scale=1 (without zoom restrictions)

Viewport Configuration Problem

Content

width=device-width, initial-scale=1.0, height=device-height, minimum-scale=1.0, maximum-scale=1.0

width=device-width

Responsive layout enabled

initial-scale=1

Correct initial zoom level

maximum-scale=1.0

Restricts zoom — set to 5.0 or higher, or remove entirely

User zooming BLOCKED

WCAG 1.4.4 violation — users with low vision cannot zoom. Remove user-scalable=no and set maximum-scale to at least 5.0.

user-scalable=no or maximum-scale < 2 prevents users from zooming. This is a WCAG 1.4.4 (Level AA) failure and an accessibility barrier for users with low vision.

Why this matters

user-scalable=no is a WCAG 1.4.4 failure and creates ADA/EAA legal exposure — low-vision users rely on pinch-zoom every day.

Learn more ▾

Setting user-scalable=no (or maximum-scale=1) in the viewport meta blocks pinch-zoom. WCAG 2.1 success criterion 1.4.4 (Resize Text) requires zoom up to 200%. ADA lawsuits against inaccessible US sites have risen sharply; the EU Accessibility Act adds another enforcement layer in 2025. Remove user-scalable and maximum-scale from the viewport meta.

Source: WCAG 2.1 SC 1.4.4 / ADA / EAA

C

Legal Page Ecosystem

Action

3 of 7 expected legal pages detected

REVIEW

3 of 7 expected legal pages detected

Privacy Policy detected

Found at https://business.safety.google/privacy/.

Got: https://business.safety.google/privacy/

Terms of Service detected

Found at https://www.shopify.com/legal/privacy.

Got: https://www.shopify.com/legal/privacy

Cookie Policy not detected

No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.

Accessibility Statement detected

Found at /de-eu/pages/declaration-of-accessibility.

Got: /de-eu/pages/declaration-of-accessibility

DMCA / Copyright Notice not detected

No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.

Refund / Returns Policy not detected

No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.

Acceptable Use Policy not detected

No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.

Privacy Policyhttps://business.safety.google/privacy/

Terms of Servicehttps://www.shopify.com/legal/privacy

Cookie PolicyNot found

Accessibility Statement/de-eu/pages/declaration-of-accessibility

DMCA / Copyright NoticeNot found

Refund / Returns PolicyNot found

Acceptable Use PolicyNot found

3 of 7 common legal pages detected

C

Copyright Notice

Action

No copyright notice detected

REVIEW

No copyright notice detected

No copyright notice detected in the page content. While not legally required in most jurisdictions (copyright exists automatically), a notice is standard practice and signals site ownership.

Copyright Notice Not Detected

Copyright exists automatically — a notice is standard practice but not legally required.

C

Compliance Badges

Action

0 compliance badge(s) detected

REVIEW

0 compliance badge(s) detected

No compliance badges detected

No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.

SOC 2

ISO 27001

PCI DSS

GDPR Certified

HIPAA Compliant

Better Business Bureau

TRUSTe / TrustArc

Privacy Shield

McAfee SECURE / TrustedSite

Norton Secured

Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.

A+

WCAG Compliance

No testable criteria

PASS

No testable criteria

Level A

Level AA

0

Passed

0

Failed

0

Partial

0

Manual review

0

Not tested

Key accessibility barriers

Images without alt text

Screen reader users cannot understand 7 image(s)

~8M screen reader users in the US

Form controls without labels

Assistive technology cannot identify 4 input(s)

Screen reader and voice-control users

Links with unclear purpose

3 link(s) have empty or generic text

Screen reader users navigating by link list

Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.

Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket

A+

Consent UX Depth

No consent-UX depth issues detected

PASS

No consent-UX depth issues detected

A+

Tracker Inventory

No known trackers detected on this page

PASS

No known trackers detected on this page

A+

Language & i18n

Lang attribute + Content-Language header

PASS

Lang attribute + Content-Language header

<html lang> attribute is present

<html lang> value is valid

Content-Language header is set

Got: de-DE

Language signals are consistent

Page Language DetectedContent-Language Header de-DEConsistent Yes

A+

Internationalization Extras

1 i18n signal(s) detected

PASS

1 i18n signal(s) detected

Mixed-language content: 1 subtree language(s) declared (en)

The page has elements with `lang="X"` attributes that differ from the root `<html lang>`. Per WCAG 3.1.2 (Level AA), this is the correct way to mark language-of-parts: a screen reader switches pronunciation when entering a `lang="fr"` block on an English page. The catalog is informational -- presence of subtree lang attributes is a positive a11y signal.

A+

Readability & Typography

Font sizes and tap targets checked

PASS

Font sizes and tap targets checked

A

Accessibility Statement

Statement found, no conformance level

PASS

Statement found, no conformance level

Accessibility statement found but lacks WCAG conformance level

Mature accessibility statements declare a target conformance level (e.g., WCAG 2.1 AA). Without a stated level, users and reviewers cannot tell what the statement actually commits to.

Got: /de-eu/pages/declaration-of-accessibility

A+

Third-Party Trackers

3 trackers detected

PASS

3 trackers detected

3 third-party trackers detected

Found 1 analytics, 0 advertising, 1 marketing, 1 tag manager, 0 session-replay, 0 heatmap trackers.

Got: 3 trackers

A+

Tracking Pixel Inventory

No tracking pixels detected

PASS

No tracking pixels detected

A+

Browser Fingerprinting

No browser-fingerprinting libraries detected

PASS

No browser-fingerprinting libraries detected

A+

Cross-Site Cookies (SameSite=None)

No SameSite=None cookies -- no cross-site travel surface

PASS

No SameSite=None cookies -- no cross-site travel surface

No cookies opted in to cross-site travel (SameSite=None)

A+

Beacon Tracking (sendBeacon)

No navigator.sendBeacon usage detected in inline scripts

PASS

No navigator.sendBeacon usage detected in inline scripts

A+

Cookie & Tracker Inventory

3 cookies · 3 trackers · 0 pre-consent

PASS

3 cookies · 3 trackers · 0 pre-consent

3 third-party tracker(s) detected on page

3 cookies · 3 trackers · 0 third-party No pre-consent violations

Functional 3

Cookie name	Domain	Type	Expiry	Flags	Consent

Third-party trackers (3)

Tracker	Category	Consent
Microsoft	Analytics	Requires consent
Google Tag Manager	Tag Manager	Informational
Klaviyo	Marketing	Requires consent

Regulatory Indicators

2 regulatory indicator(s) detected

INFO

2 regulatory indicator(s) detected

This is a technical scan, not a legal assessment

BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.

GDPR indicators detected (strong confidence)

Indicators suggesting GDPR may be relevant: Consent management platform detected: cookiebot.com; European language detected: de-DE; Privacy policy page found. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.

Got: 3 indicators: Consent management platform detected: cookiebot.com, European language detected: de-DE, Privacy policy pag…

CCPA indicators detected (weak confidence)

Indicators suggesting CCPA may be relevant: Text mentions: do not sell. California Consumer Privacy Act — gives California residents rights over their personal data.

Got: 1 indicators: Text mentions: do not sell

This is a technical scan, not a legal assessment.

BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.

GDPR Strong

EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.

Indicators detected

Consent management platform detected: cookiebot.com
European language detected: de-DE
Privacy policy page found

CCPA Weak

California Consumer Privacy Act — gives California residents rights over their personal data.

Indicators detected

Text mentions: do not sell

Third-Party Data Sharing

1 third-party service(s) detected

INFO

1 third-party service(s) detected

Data inventory for transparency purposes

This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.

1 third-party services across 1 categories

1 third-party services detected across 1 categories: Tag Management (1). Each of these services receives some user data from your site visitors.

Google Tag Manager (Tag Management)

Detected via script URL. Typically collects: Orchestrates other tracking scripts, Page views. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.

Got: Category: Tag Management | Data types: Orchestrates other tracking scripts, Page views

Tag Management (1)

Google Tag Manager Tag Management

Detected by: script URL

Data typically collected:

Orchestrates other tracking scriptsPage views

Privacy policy → DPA available ✓

This inventory identifies services receiving visitor data.

Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.

Readability Scores

7231 words, Flesch-Kincaid grade 11.2

INFO

Readability Analysis (Flesch-Kincaid)

Grade Level

11.2

Grade 11 (high school)

Reading Ease

38

Difficult

Words

7231

Sentences

544