Compliance as a feature, not a tax.

German e-commerce law is unforgiving, and that is fine. It is the same rulebook for everyone. Meeting it well does not catch you up — it puts you ahead.

Cookieless, because it can be

Most shops collect first and ask later. CAVA does it the other way around. Analytics run on Vercel Analytics, cookieless by design — no tracking IDs, no recognition across sessions, no profile that follows anyone home. As a result, the shop needs no cookie banner asking consent for something that never happens.

Only two technically-necessary cookies are set: cava-locale, which remembers the chosen language, and sw-context-token, which links the cart and session to the Shopware backend. Both are functional, both are permitted without consent, and both do nothing beyond what they exist for. It is the kind of plainness you only notice once you know what else usually runs in the background.

Unit price and ABV — on every product

The German Price Indication Ordinance (PAngV) requires a unit price for wine: the price per litre, alongside the bottle price. It sounds like a small thing, but it is exactly where many wine shops slip — sometimes the unit price is missing, sometimes the reference quantity is wrong. On CAVA, the unit price per litre sits on every product, without exception.

Alongside it, the alcohol by volume (ABV) is shown on every product page, and the food-law allergen notice “Enthält Sulfite” — contains sulfites — is never missing from a wine. These are not ticks on a checklist. They are the details a customer actually buys on, and the first details a competitor or a warning lawyer will check.

An age check that stays out of the way

Alcohol cannot be sold to minors in Germany, and a shop has to address that seriously. CAVA puts an 18+ check in front of the purchase. The confirmation is held in the browser’s localStorage, not in a tracking cookie — the visitor confirms their age once, and the site respects that without blocking them again on the way through the catalogue.

The approach is deliberately quiet. It does its duty without turning the shop into an obstacle course. Compliance should feel correct, never annoying.

Two clicks before Google Maps

Where CAVA embeds Google Maps — to show where the wine comes from, or where the shop is — nothing loads before the customer has actively agreed. Only a clear two-click consent releases the embed. Until then, no Google script runs, no connection reaches third-party servers, no silent data transfer takes place.

This is the DSGVO-compliant way to embed a map: the customer decides whether they want the third-party content, rather than being committed to it in the background. No tracking cookies, no pre-loading — the control stays with the visitor.

Vorkasse, clearly stated

Payment is by Vorkasse — bank transfer — per the AGB. For a family wine merchant, that is the most honest option: no hidden fees, no third-party processor that knows more about the customer than the merchant does. The order ships once payment arrives, and the terms are written plainly into the AGB, not buried in some external provider’s fine print.

Why this is an advantage

Compliance is often treated as a cost centre — something you grudgingly work through so nobody sues. I see it differently. The law sets every wine shop the same requirements. When a competitor meets them half-heartedly and CAVA meets them cleanly, that is a visible difference in quality — for the customer who finds the information, and for the operator who does not have to brace for a warning letter.

A shop built correctly also feels correct. The legal details and the sense of trustworthiness are the same work. That is why I do not treat compliance as the thing that comes after building — it is part of what makes the shop good.

— Dimitrios