PRIVACY POLICY


This privacy policy informs you about how we process personal data when you visit our website, shop in our online store, contact us, or use our services.

 

1. Data Controller
The data controller is:
WOODLAND PERSPECTIVES LIMITED
ΗΕ 493372
Lordou Vyronos 61-63,
6th floor, Flat/Office 602,
6023 Larnaca,
Cyprus
VAT: CY60365565O
Phone: +357 240 00 233
Email: info@hanfgefluester.de

 

2. Legal Basis for Processing
We process personal data based on the General Data Protection Regulation (GDPR). Depending on the purpose of processing, the following legal bases are particularly relevant:
  • Art. 6 (1) lit. a GDPR, if you have given us your consent, for example, for newsletters, SMS marketing, or certain cookies and tracking technologies.
  • Art. 6 (1) lit. b GDPR, if processing is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, for example, for orders, customer inquiries, or subscriptions.
  • Art. 6 (1) lit. c GDPR, if we are legally obliged to process or store data, for example, for tax or commercial law reasons.
  • Art. 6 (1) lit. f GDPR, if we have a legitimate interest in processing, for example, for the security of our website, for processing inquiries, for direct marketing to existing customers, or for improving our offerings.

 

3. What Data We Process
When you visit our website or use our online store, the following personal data may be processed:
  • Contact and customer data, for example, name, email address, phone number, billing address, and shipping address.
  • Order data, for example, products ordered, order number, payment status, shipping status, return information, and invoice data.
  • Payment data, insofar as these are necessary for payment processing. Complete payment data such as credit card numbers are usually processed directly by the respective payment service provider.
  • Communication data, for example, messages to our customer service, emails, chat messages, WhatsApp messages, SMS, or phone notes.
  • Technical data, for example, IP address, browser type, operating system, device information, referrer URL, date and time of access, as well as cookie and tracking information.
  • Marketing and usage data, for example, newsletter registrations, consents, click and open rates, abandoned carts, website usage, and interactions with advertisements.

 

4. Visiting Our Website, Server Data, and Technical Provision
When you visit our website, technical data necessary to provide the website securely and functionally are automatically processed. This may include, in particular, IP address, browser information, device information, date and time of access, and pages viewed.
Processing is carried out for the provision of the website, to ensure system security, for error analysis, and for the technical optimization of our online store. The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure, stable, and user-friendly provision of our website.

 

5. Shopify as Shop System and Hosting Provider
We operate our online store using Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Shopify processes personal data necessary for the operation of our online store, the display of the website, order processing, checkout, payment and shipping processing, and technical security.
This may include, in particular, contact and customer data, order data, payment status, delivery data, technical data, and usage data.
The hosting location for our shop data is the European Union according to our Shopify settings.
Further information can be found in Shopify's privacy policy: https://www.shopify.com/de/legal/datenschutz

 

6. Shopify Customer Privacy, Cookie Banner, and Consent Management
We use Shopify Customer Privacy's privacy and cookie features to provide you with a cookie banner and manage your privacy settings.
Through the cookie banner, you can give or deny certain consents. This applies in particular to cookies and similar technologies that are not strictly necessary for the operation of the website, for example, analysis or marketing technologies.
To manage your consents, technical information such as your IP address, consent status, timestamp, region, browser information, and device information may be processed.
The legal basis for storing and documenting your consent is Art. 6 (1) lit. c GDPR. Insofar as processing is based on your consent, the legal basis is Art. 6 (1) lit. a GDPR.

 

7. Shopify Network Intelligence
We use Shopify Network Intelligence. Customer data may be securely used together with other Shopify data to improve products, ad personalization, fraud detection, security, and the personalization of our store.
According to Shopify, no other merchant can view your data. Processing is based on our legitimate interests in a secure, optimized, and user-friendly online store and, where necessary, on your consent.
Further information can be found in Shopify's terms of service and privacy notices.

 

8. Orders and Contract Processing
When you place an order in our online store, we process the data necessary to accept, process, and deliver your order.
This includes, in particular, name, email address, billing address, shipping address, phone number, order number, ordered products, payment status, shipping information, and communication data.
We use this data for contract fulfillment, payment processing, shipping processing, invoicing, returns processing, customer communication, and to fulfill legal obligations.
The legal basis is Art. 6 (1) lit. b GDPR. Insofar as there are legal retention obligations, the legal basis is Art. 6 (1) lit. c GDPR.

 

9. Payment Processing
For payments in our online store, we use various payment service providers. The specific payment methods available will be displayed to you at checkout.
We offer payments via PayPal, Klarna, credit card payments via Mollie, and possibly bank transfer/advance payment.
If you select a payment method, the data required for payment processing will be transmitted to the respective payment service provider. This may include, in particular, name, billing address, email address, order amount, payment information, order number, and technical information.
For payments via PayPal, we use the payment service PayPal. If you select PayPal as the payment method, the data required for payment processing will be transmitted to PayPal.
For payments via Klarna, for example, Pay Later or other Klarna payment methods offered at checkout, we use the payment service Klarna. If you select Klarna as the payment method, the data required for payment processing will be transmitted to Klarna. Which specific Klarna payment methods are available will be displayed to you at checkout.
For credit card payments and possibly other payment methods offered at checkout such as Apple Pay, we use Mollie.
For bank transfer/advance payment, we process the data necessary to allocate your payment, in particular, name, payment amount, purpose of use, and order number.
The legal basis is Art. 6 (1) lit. b GDPR. Insofar as we are legally obliged to retain payment and accounting data, the legal basis is Art. 6 (1) lit. c GDPR.

 

10. Shipping, Fulfillment, and Returns
To deliver your order and process returns, we transmit the necessary data to fulfillment and shipping service providers.
This may include, in particular, name, shipping address, email address, phone number, order information, package information, tracking numbers, and return information.
We particularly use byrd for fulfillment, warehousing, shipping processing, and returns. In addition, shipping service providers such as DHL, DPD, Austrian Post, and, depending on the delivery country, other local shipping service providers may be used.
The legal basis is Art. 6 (1) lit. b GDPR, insofar as processing is necessary for the delivery of your order. Furthermore, processing may be based on Art. 6 (1) lit. f GDPR, insofar as it is necessary for efficient shipping and returns processing.

 

11. Invoices, Accounting, and Tax Advisors
For invoicing, accounting, and fulfilling tax obligations, we use easybill and possibly other accounting processes.
This may include, in particular, name, address, email address, order data, invoice data, payment status, tax data, and accounting data.
We may also transmit billing and tax-relevant data to our tax advisor, insofar as this is necessary for fulfilling legal obligations or for proper accounting.
The legal basis is Art. 6 (1) lit. b GDPR for contract fulfillment and Art. 6 (1) lit. c GDPR for legal retention and accounting obligations.

 

12. Transaction Emails, Order Information, and Invoice Dispatch
We send you transaction-related messages, such as order confirmations, shipping confirmations, payment information, invoices, return information, or important notices regarding your order.
Shopify, Klaviyo, and easybill may be used for this, depending on the process. Which systems are specifically involved depends on the respective operation.
The legal basis is Art. 6 (1) lit. b GDPR, insofar as the messages are necessary for contract fulfillment. Insofar as legal obligations are concerned, the legal basis is Art. 6 (1) lit. c GDPR.

 

13. Customer Service, Contact, and Zendesk
If you contact us, we process your information to handle your request. This applies in particular to inquiries by email, contact form, phone, WhatsApp, SMS, or via a website chat, if these communication channels are offered.
We use Zendesk for processing customer inquiries and support tickets. This may involve processing, in particular, name, email address, phone number, order number, message content, attachments, communication history, ticket status, and technical information.
If you contact us via WhatsApp, SMS, or phone, we process the contact details and content you provide to handle your request. Insofar as these communication channels are provided by providers such as WhatsApp Business or Klaviyo SMS, data may also be processed by these providers.
If you contact us via a chat integrated on the website, we process your information to handle your request. The respective provider used will be named in this privacy policy as soon as the chat is actively integrated.
For internal email communication and processing inquiries, we may use Google Workspace.
The legal basis is Art. 6 (1) lit. b GDPR, insofar as your request is related to a contract or pre-contractual measures. Otherwise, the legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the efficient processing of inquiries and customer communication.

 

14. Customer Account
If you create a customer account, we process the data required for this, for example, name, email address, login data, address data, order history, and account settings.
Processing is carried out for the provision and management of your customer account. The legal basis is Art. 6 (1) lit. b GDPR.

 

15. Newsletter, Email Marketing, and Klaviyo
If you subscribe to our newsletter, we process your email address and any other voluntary information to send you newsletters, offers, product information, and marketing communications.
Registration can take place via forms, pop-ups, or during checkout. A discount code or another benefit may also be offered for registration.
We use Klaviyo for newsletters, email marketing, marketing automation, and abandoned cart emails.
Klaviyo may process, in particular, email address, name, order information, product interests, open rates, click rates, unsubscribe status, shopping cart contents, and technical information.
The sending of newsletters and marketing communications is generally based on your consent according to Art. 6 (1) lit. a GDPR.
You can revoke your consent at any time with effect for the future, for example, via the unsubscribe link in every email or by sending a message to info@hanfgefluester.de.

 

16. Existing Customer Advertising
If you are already a customer with us, we may use your email address to send you advertisements for our own similar products or services, provided you have not objected to this.
You can object to the use of your email address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. The objection is possible, for example, via the unsubscribe link in every email or by email to info@hanfgefluester.de.
The legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in direct marketing to existing customers.

 

17. SMS Marketing
Insofar as we offer SMS marketing and you give your consent for it, we process your phone number, consent data, communication data, and possibly order or usage data to send you SMS with information, offers, or reminders.
For SMS marketing, we may use services such as Klaviyo SMS.
The legal basis is your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future.

 

18. Abandoned Cart Emails
If you place products in the shopping cart or start a checkout process but do not complete the purchase, we may send you reminders about your shopping cart, provided there is a legal basis for this.
This can be done based on your consent or, for existing customers, based on legitimate interests, as far as legally permissible.
Shopify and Klaviyo can be used for this function.

 

19. Subscriptions and Seal Subscriptions
If you conclude a subscription or a recurring order, we process the data required for this to manage and execute the subscription.
This may include, in particular, name, email address, delivery address, billing address, product data, delivery interval, payment status, cancellation status, and communication data.
We use Seal Subscriptions to manage subscriptions.
The legal basis is Art. 6 para. 1 lit. b GDPR.

 

20. Reviews and Trustpilot
After a purchase, we may ask you for a review of our shop or our products. For this, we use Trustpilot.
In particular, name, email address, order number, product information, and review data may be processed.
The processing is carried out to obtain and manage customer reviews and to improve our products and services.
The legal basis may be Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in quality assurance, customer communication, and the transparent presentation of customer experiences. Insofar as consent is required, processing is based on Art. 6 para. 1 lit. a GDPR.

 

21. Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics helps us understand how visitors use our website. This may involve the processing of usage data, device information, browser information, IP address, page views, duration of visit, click behavior, and technical information.
Processing only takes place if you have given your consent via our cookie banner. The legal basis is Art. 6 para. 1 lit. a GDPR.
You can withdraw your consent at any time with effect for the future via the cookie settings.
Further information can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

 

22. Google Tag Manager
We use Google Tag Manager to manage and trigger certain services and tracking technologies on our website.
According to our understanding, Google Tag Manager itself does not create its own user profiles and does not store its own marketing cookies, but it can trigger other tags that in turn process data.
Insofar as services are integrated via Google Tag Manager that require consent, these will only be activated after your consent.
The legal basis is Art. 6 para. 1 lit. f GDPR for the technical management of tags and Art. 6 para. 1 lit. a GDPR insofar as services requiring consent are triggered.

 

23. Google Ads and Google Remarketing
We use Google Ads and Google Remarketing to display advertisements for our products, measure the success of advertising campaigns, and re-engage users who have already visited our website.
This may involve the processing of cookie IDs, device information, IP address, usage data, page views, clicks, conversions, and interactions with advertisements.
Processing only takes place if you have given your consent via our cookie banner. The legal basis is Art. 6 para. 1 lit. a GDPR.
Integration can take place directly via our website, via Shopify, via Google Tag Manager, via Google & YouTube, or via integrated apps or Shopify Customer Events.
Further information can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

 

24. Google & YouTube App / Shopify Customer Events
We use the Google & YouTube App or corresponding Shopify Customer Events/App Pixels to connect Google services with our shop.
Depending on the settings, product data, shop data, event data, conversion data, order data, technical data, and usage data may be processed.
Processing takes place, if necessary, only after your consent via the cookie banner. The legal basis is Art. 6 para. 1 lit. a GDPR. If processing is technically necessary or serves the administration of the shop, Art. 6 para. 1 lit. f GDPR may be applicable.

 

25. Meta Pixel, Facebook and Instagram Advertising
We use Meta Pixel or Meta advertising technologies from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
These technologies help us measure the effectiveness of our advertising on Facebook and Instagram, build audiences, track conversions, and re-engage users who have visited our website.
This may involve the processing of IP address, device information, browser information, cookie IDs, page views, clicks, shopping cart contents, purchase events, and other usage and event data.
Processing only takes place if you have given your consent via our cookie banner. The legal basis is Art. 6 para. 1 lit. a GDPR.
Further information can be found in Meta's privacy policy: https://www.facebook.com/privacy/policy/

 

26. Cookies and similar technologies
Our website uses cookies and similar technologies. Cookies are small files stored on your device that may contain certain information.
We use necessary cookies that are required for the operation of the website and the shop. In addition, if you have consented, we use analytics, marketing, and personalization cookies.
You can change your cookie settings at any time via our cookie banner or the privacy settings on our website.
The legal basis for necessary cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and functional operation of our website. The legal basis for cookies requiring consent is Art. 6 para. 1 lit. a GDPR.

 

27. Security and Captcha Services
Security and Captcha services may be used to protect our website, forms, and systems from misuse, spam, and automated access.
This may involve the processing of technical data such as IP address, browser information, device information, user behavior, referrer URL, and timestamp.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in protecting our website and systems from misuse, spam, and attacks.

 

28. Social Media
We maintain profiles on social networks to present our company, communicate with customers and interested parties, and provide information about our products.
When you visit or interact with our social media profiles, personal data may be processed by us and by the respective platform operators. This may include, in particular, profile information, messages, comments, likes, technical data, and usage data.
We process data that you share with us via social networks to process your request and to communicate with you. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in communicating with customers and interested parties.
We use social media profiles on LinkedIn, Facebook, Instagram, and YouTube.

 

29. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
LinkedIn's privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy

 

30. Facebook and Instagram
We maintain profiles on Facebook and Instagram. The operator is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit our profiles, Meta may process personal data, in particular technical data, usage data, and interactions with our profiles.
Meta's privacy policy can be found at: https://www.facebook.com/privacy/policy/

 

31. YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When visiting our YouTube profile, Google may process personal data, in particular technical data, usage data, and interactions with our profile.
Google's privacy policy can be found at: https://policies.google.com/privacy?hl=de

 

32. Data transfer to third countries
Some of the service providers we use may process personal data outside the European Union or the European Economic Area, particularly in the USA.
If data is transferred to third countries, this only occurs if there is a suitable legal basis, for example, an adequacy decision, standard contractual clauses, your consent, or a legal exception.
For US providers, data transfer may take place, in particular, on the basis of the EU-US Data Privacy Framework or on the basis of standard contractual clauses, provided that the respective requirements are met.

 

33. Storage duration
We store personal data only for as long as it is necessary for the respective purposes or statutory retention obligations exist.
Order, invoice, and accounting data are retained in accordance with statutory retention periods.
We store data from customer inquiries for as long as this is necessary to process the inquiry and for documentation purposes.
Marketing data is stored until you withdraw your consent or object to the processing, provided that there are no statutory retention obligations to the contrary.

 

34. Your rights
You have the following rights in accordance with the legal requirements:
  • Right to information about the personal data we process.
  • Right to rectification of inaccurate data.
  • Right to erasure of your data.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to certain processing operations.
  • Right to withdraw given consent with effect for the future.
  • Right to lodge a complaint with a competent data protection supervisory authority.
If you wish to exercise your rights, you can contact us at any time at info@hanfgefluester.de.

 

35. Objection to direct marketing
You can object to the processing of your personal data for direct marketing purposes at any time. If you object, we will no longer process your data for these purposes.
You can send your objection, for example, by email to info@hanfgefluester.de or use the unsubscribe link in our marketing emails.

 

36. Changes to this Privacy Policy
We may update this Privacy Policy from time to time if our data processing, services used, or legal requirements change.
The version published on our website at the time of your visit applies.

 

37. Contact
If you have any questions about this privacy policy or the processing of your personal data, you can contact us:
WOODLAND PERSPECTIVES LIMITED
HE 493372
Lordou Vyronos 61-63,
6th floor, Flat/Office 602,
6023 Larnaca,
Cyprus
VAT: CY60365565O
Phone: +357 240 00 233
Email: info@hanfgefluester.de