Privacy Policy / Data Protection Notice
The Green Pearl Boutique
Effective date: 27 May 2026
Last updated: 27 May 2026
This Privacy Policy explains how The Green Pearl Boutique collects, uses, stores, discloses and protects personal data in connection with this website, the online shop, customer accounts, orders, payments, delivery, customer service, newsletters, analytics, advertising and related e-commerce services.
This document is intended to provide transparent information in accordance with Articles 12, 13 and, where applicable, 14 of the General Data Protection Regulation — Regulation (EU) 2016/679 — “GDPR”.
This Privacy Policy should be read together with our Impressum / Legal Notice, Terms and Conditions, Shipping Policy, Returns and Refund Policy and Cookie Policy, where available.
1. Controller and Contact Details
The controller responsible for the processing of personal data within the meaning of Article 4(7) GDPR is:
The Green Pearl Boutique
Friedrich-Olbricht-Damm [insert house number]
Charlottenburg-Nord, Charlottenburg-Wilmersdorf
13627 Berlin
Germany
Email: support@thegreenpearllifestyle.com
Alternative email: thegreenpearllifestyle@gmail.com
Website: https://www.thegreenpearlboutique.com
Telephone: +49 177 9720704
VAT Identification Number: Not applicable
Business Register Number: Not applicable
Owner / Legal Representative: [insert full legal name, if applicable]
This information is also relevant to the provider-information obligations under § 5 Digitale-Dienste-Gesetz — DDG.
If a Data Protection Officer has been appointed, the details are:
Data Protection Officer: [insert if applicable]
Email: [insert if applicable]
If no Data Protection Officer is legally required or appointed, this section may state:
No Data Protection Officer has been appointed because there is currently no statutory obligation to appoint one. Data protection enquiries may be sent to the contact details above.
2. Applicable Law
We process personal data in accordance with applicable data protection and e-commerce laws, in particular:
Regulation (EU) 2016/679 — General Data Protection Regulation — GDPR;
Bundesdatenschutzgesetz — BDSG;
Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz — TDDDG;
Digitale-Dienste-Gesetz — DDG;
Handelsgesetzbuch — HGB;
Abgabenordnung — AO;
Bürgerliches Gesetzbuch — BGB;
Einführungsgesetz zum Bürgerlichen Gesetzbuche — EGBGB;
Gesetz gegen den unlauteren Wettbewerb — UWG, where electronic marketing is concerned.
Where the website is accessed from outside Germany or outside the European Economic Area, additional local data-protection laws may apply depending on the visitor’s location. However, this Privacy Policy is primarily drafted for a Germany-based controller operating an international e-commerce website.
3. Definitions
For the purposes of this Privacy Policy:
Personal data means any information relating to an identified or identifiable natural person.
Processing means any operation performed on personal data, including collection, recording, storage, organisation, use, disclosure, transmission, restriction, erasure or destruction.
Controller means the person or business that determines the purposes and means of processing personal data.
Processor means a service provider that processes personal data on behalf of the controller.
Recipient means a natural or legal person, authority, agency or other body to whom personal data is disclosed.
Consent means a freely given, specific, informed and unambiguous indication of the data subject’s wishes.
Cookies and similar technologies include cookies, pixels, tags, local storage, software development kits, tracking scripts and similar technologies that store or access information on a user’s device.
4. General Principles of Processing
We process personal data only where permitted by law and in accordance with the principles set out in Article 5 GDPR.
In particular, personal data is processed lawfully, fairly and transparently. Data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes. We aim to process only data that is adequate, relevant and limited to what is necessary. We take reasonable steps to keep personal data accurate and up to date. Personal data is retained only for as long as necessary, unless statutory retention obligations require longer storage. We also implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
5. Scope of this Privacy Policy
This Privacy Policy applies to personal data processed when you:
visit or browse our website;
use the online shop;
place an order;
create or use a customer account;
use the shopping cart or checkout;
make a payment;
request delivery, returns or refunds;
contact us by email, telephone, contact form or other communication channel;
subscribe to a newsletter or marketing communication;
interact with our social media, advertising or analytics tools;
use functions provided by the Wix platform or third-party integrations.
This Privacy Policy also applies where personal data is processed through technical systems necessary for operating the website and online shop.
6. Categories of Personal Data We May Process
Depending on your interaction with the website, we may process the following categories of personal data:
Identification data: name, customer number, account ID, order ID and similar identifiers.
Contact data: email address, telephone number, billing address, delivery address and country of residence.
Account data: login details, account settings, saved addresses, order history, wishlist or account preferences.
Order and transaction data: products ordered, order number, order value, date of purchase, payment status, delivery status, returns, refunds, complaints and customer-service history.
Payment-related data: payment method, payment confirmation, transaction reference, fraud-check information and limited payment details necessary to process or confirm payment. Full card details are normally processed by the payment provider and not stored by us.
Delivery data: recipient name, delivery address, telephone number, email address, tracking information and delivery instructions.
Communication data: messages, enquiries, complaints, returns requests, email correspondence, contact-form submissions and customer-support information.
Newsletter and marketing data: email address, subscription status, consent records, marketing preferences, unsubscribe status and interaction data such as email opens or clicks, where technically enabled.
Technical data: IP address, browser type, browser version, device type, operating system, language settings, date and time of access, referrer URL, pages visited and server log data.
Usage data: website interactions, shop behaviour, shopping-cart activity, checkout activity, clicked links, viewed products, session information and consent preferences.
Cookie and tracking data: cookie IDs, consent records, device identifiers, advertising IDs, analytics identifiers and similar online identifiers.
Fraud-prevention and security data: risk indicators, login attempts, suspicious activity records, system logs and security events.
We do not intentionally collect special categories of personal data within the meaning of Article 9 GDPR, such as health data, biometric data, religious beliefs, trade-union membership, political opinions or sexual orientation.
7. Sources of Personal Data
We may obtain personal data from the following sources:
Directly from you, for example when you place an order, create an account, contact us, subscribe to a newsletter, complete a form or provide delivery details.
Automatically through the website, for example through server logs, cookies, consent tools, analytics tools and security systems.
From service providers, for example payment providers, shipping providers, Wix, fraud-prevention providers, customer-service tools, analytics providers or email-marketing providers.
From public or official sources, where legally permitted and necessary, for example to verify business information, comply with legal obligations, prevent fraud or establish legal claims.
8. Legal Bases for Processing
We process personal data only where at least one lawful basis under Article 6 GDPR applies.
The main legal bases are:
Article 6(1)(a) GDPR — consent.
This applies, for example, to optional newsletters, non-essential cookies, analytics, advertising, remarketing and certain marketing communications.
Article 6(1)(b) GDPR — contract or pre-contractual measures.
This applies where processing is necessary to process orders, deliver products, manage customer accounts, handle payment, provide customer service or respond to purchase-related enquiries.
Article 6(1)(c) GDPR — legal obligation.
This applies where processing is necessary to comply with statutory obligations, including tax, accounting, commercial-law, consumer-law or regulatory obligations.
Article 6(1)(f) GDPR — legitimate interests.
This applies where processing is necessary for legitimate business interests, provided that such interests are not overridden by your rights and freedoms. Legitimate interests may include website security, fraud prevention, customer support, IT maintenance, business administration, legal claims, service improvement and direct marketing to existing customers where permitted by law.
9. Website Access, Server Logs and Technical Operation
When you visit our website, technical data may be processed automatically to display the website, maintain functionality, ensure security and prevent misuse.
This may include:
IP address;
browser type and version;
device type;
operating system;
language settings;
date and time of access;
pages and files requested;
referrer URL;
system logs;
error logs;
security logs.
Purposes of processing:
website delivery, technical operation, system security, fraud prevention, troubleshooting, stability, performance monitoring and business continuity.
Legal basis: Article 6(1)(f) GDPR.
Legitimate interests: secure, stable and reliable operation of the website and online shop.
Where technologies store or access information on your device, § 25 TDDDG may also apply.
10. Online Shop, Orders and Contract Performance
When you place an order, we process the personal data necessary to conclude, perform and manage the purchase contract.
This includes:
name;
billing address;
delivery address;
email address;
telephone number, where required for delivery or customer support;
products ordered;
order value;
payment status;
delivery status;
returns, refund and complaint information.
Purposes of processing:
order acceptance, order confirmation, payment allocation, delivery, customer communication, returns, refunds, warranty handling, complaint handling and legal documentation.
Legal basis: Article 6(1)(b) GDPR.
Where statutory retention obligations apply, the additional legal basis is Article 6(1)(c) GDPR.
Commercial and tax-law retention may apply in particular under § 257 HGB and § 147 AO.
11. Customer Account
If you create a customer account, we process data necessary to create, manage, secure and administer the account.
This may include:
name;
email address;
password or authentication credentials;
saved addresses;
order history;
account settings;
login records;
security information.
Purposes of processing:
account creation, login, account management, order overview, simplified checkout, account security and customer support.
Legal basis: Article 6(1)(b) GDPR.
For fraud prevention, security and misuse prevention, the legal basis may also be Article 6(1)(f) GDPR.
You may request deletion of your customer account unless statutory retention obligations or legal claims require continued storage of certain data.
12. Shopping Cart and Checkout
When you add products to the shopping cart or proceed to checkout, data may be processed to provide the shopping-cart function, calculate prices, taxes and shipping costs, reserve session information, prevent checkout errors and complete the order.
This may include:
cart contents;
session ID;
product selections;
discount codes;
shipping country;
checkout status;
technical device data.
Legal basis: Article 6(1)(b) GDPR where processing is necessary for purchase preparation or completion.
For technical security and functionality, the legal basis may be Article 6(1)(f) GDPR.
Strictly necessary cookies or similar technologies used for shopping cart and checkout functions may fall under § 25(2) TDDDG.
13. Payment Processing
Payments may be processed by external payment service providers integrated into the website or checkout environment.
Depending on the payment method selected, the relevant provider may process:
name;
billing details;
payment method;
transaction amount;
currency;
transaction ID;
payment status;
fraud-prevention data;
limited card or account information.
We generally receive only the payment information necessary to confirm, allocate, refund or manage the transaction. Full payment-card details are usually processed directly by the payment provider.
Legal basis: Article 6(1)(b) GDPR.
For accounting, tax, fraud prevention or legal obligations, Article 6(1)(c) GDPR or Article 6(1)(f) GDPR may also apply.
Payment providers used:
[Insert actual providers only, for example: Wix Payments, PayPal, Stripe, Klarna, Visa, Mastercard, Apple Pay, Google Pay.]
Do not list providers that are not actually active on the website.
Payment providers may act as independent controllers for their own regulated payment-processing activities. Their own privacy notices may apply.
14. Shipping, Delivery and Fulfilment
To fulfil orders, we may disclose the necessary delivery information to shipping, courier, postal, logistics or fulfilment partners.
This may include:
recipient name;
delivery address;
telephone number;
email address;
order number;
tracking number;
delivery instructions;
customs information, where international shipping applies.
Purposes of processing:
delivery, tracking, shipping updates, customs clearance, returns, lost-parcel investigations and customer support.
Legal basis: Article 6(1)(b) GDPR.
For statutory or customs obligations, Article 6(1)(c) GDPR may apply.
Shipping providers used:
[Insert actual providers only, for example: DHL, Deutsche Post, UPS, DPD, Hermes, FedEx.]
For international shipments, personal data may be disclosed to customs authorities, import/export service providers or local delivery partners where necessary.
15. Returns, Refunds, Complaints and Warranty Matters
If you request a return, refund, exchange, cancellation, warranty service or complaint handling, we process the data necessary to assess and process your request.
This may include:
order number;
name and contact details;
reason for return or complaint;
product details;
photos or evidence submitted by you;
payment refund information;
shipping and tracking information.
Legal basis: Article 6(1)(b) GDPR where processing relates to contract performance or statutory consumer rights.
Where processing is necessary for legal obligations or legal claims, Article 6(1)(c) GDPR or Article 6(1)(f) GDPR may apply.
16. Customer Service and Communication
If you contact us by email, telephone, contact form, social media message or another communication channel, we process the data you provide in order to handle your enquiry.
This may include:
name;
email address;
telephone number;
order number;
message content;
attachments;
communication history.
Purposes of processing:
responding to enquiries, customer support, order support, complaints handling, returns support, fraud prevention, business administration and legal documentation.
Legal basis: Article 6(1)(b) GDPR where the enquiry relates to a purchase, contract or pre-contractual request.
For general business enquiries, the legal basis is Article 6(1)(f) GDPR.
17. Contact Forms
If the website contains a contact form, the information entered into the form will be processed for the purpose of handling the request.
This may include:
name;
email address;
telephone number;
subject;
message;
IP address;
time of submission;
technical form-security data.
Legal basis: Article 6(1)(b) GDPR for contract-related enquiries.
For general enquiries and form security, Article 6(1)(f) GDPR applies.
Form-security measures may be used to protect the website against spam, misuse and automated attacks.
18. Newsletter and Email Marketing
If you subscribe to our newsletter or marketing emails, we process your data to send product news, promotions, boutique updates, offers and related communications.
This may include:
email address;
name, where provided;
subscription date;
consent record;
IP address at sign-up, where recorded;
unsubscribe status;
email open and click behaviour, where technically enabled.
Legal basis: Article 6(1)(a) GDPR.
Where legally required, we may use a double opt-in process. This means that after registration you receive an email asking you to confirm your subscription.
You may withdraw consent at any time with effect for the future by using the unsubscribe link in the email or by contacting us.
Electronic marketing may also be subject to § 7 UWG.
Newsletter provider used:
[Insert actual provider only, for example: Wix Email Marketing, Mailchimp, Klaviyo, Brevo or another provider.]
19. Existing-Customer Marketing
Where legally permitted, we may send marketing communications to existing customers about similar products or services.
Legal basis: Article 6(1)(f) GDPR.
Legitimate interest: customer retention and direct marketing.
Where required, this is subject to the conditions of § 7 UWG.
You may object to direct marketing at any time.
20. Cookies and Similar Technologies
Our website uses cookies and similar technologies. These technologies may store information on your device or access information already stored on your device.
Under § 25 TDDDG, storing information on or accessing information from a user’s terminal equipment generally requires consent unless the technology is strictly necessary to provide a digital service expressly requested by the user.
Where cookies or similar technologies also involve personal data, the GDPR applies in addition.
21. Categories of Cookies
21.1 Strictly Necessary Cookies
These cookies are required for the website and online shop to function properly.
They may be used for:
security;
shopping cart;
checkout;
payment processing;
customer login;
fraud prevention;
load balancing;
cookie-consent management;
website stability.
Legal basis under GDPR: Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.
Legal basis under TDDDG: § 25(2) TDDDG.
21.2 Preference Cookies
Preference cookies may remember settings such as language, region, currency or display preferences.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, unless the preference is technically necessary.
21.3 Analytics Cookies
Analytics cookies help us understand how visitors use the website, which pages are visited, how users interact with products and how the website can be improved.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG.
21.4 Marketing and Advertising Cookies
Marketing cookies, pixels and tags may be used to measure advertising performance, personalise advertisements, build audiences, track conversions and enable remarketing.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG.
21.5 Social Media and Embedded Content Cookies
Embedded content from social media platforms, video platforms or third-party apps may set cookies or process technical data when loaded or clicked.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, where consent is required.
22. Cookie Consent and Withdrawal
Where consent is required, non-essential cookies and similar technologies will only be used after you have given consent through the website’s cookie banner or consent-management tool.
You may withdraw or change your consent at any time with effect for the future through the cookie settings on the website.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
23. Analytics, Advertising and Remarketing
If enabled, we may use analytics, advertising and remarketing tools to measure website performance, improve the online shop, understand customer behaviour, measure conversions and display relevant advertising.
These tools may process:
IP address;
device identifiers;
browser information;
cookie IDs;
pages viewed;
products viewed;
cart activity;
purchase events;
conversion data;
advertising interaction data.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, where consent is required.
Tools used:
[Insert actual tools only, for example: Google Analytics, Google Ads, Google Merchant Center, Meta Pixel, TikTok Pixel, Pinterest Tag, Wix Analytics.]
Do not list tools that are not active on the website.
24. Google Services and Google Merchant-Related Processing
If Google services are used, including Google Merchant Center, Google Ads, Google Analytics, Google Tag Manager or Google conversion tracking, personal data may be processed for advertising, analytics, product-feed management, conversion measurement, fraud prevention, policy compliance and campaign optimisation.
Depending on the service, Google may process data as a processor, joint controller or independent controller.
Data processed may include:
IP address;
cookie identifiers;
device data;
browser data;
website interactions;
product views;
cart activity;
purchase or conversion events;
advertising identifiers.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, where consent is required.
Where processing is strictly necessary for security, fraud prevention or service operation, Article 6(1)(f) GDPR may apply.
If Google services are active, the website should clearly explain which Google tools are used and ensure that the cookie banner correctly blocks non-essential Google tracking until consent is obtained.
25. Social Media Pages and Links
We may maintain profiles or pages on social media platforms. If you interact with us through social media, the relevant platform may process your personal data under its own responsibility.
Social media platforms may collect information about your profile, interactions, messages, device, IP address and usage behaviour.
Legal basis for our processing: Article 6(1)(f) GDPR for communication, customer interaction and business visibility.
Where consent is required for tracking or advertising, Article 6(1)(a) GDPR applies.
Please review the privacy information of the respective platform.
26. Embedded Content and External Media
Our website may include embedded content such as videos, images, social media feeds, maps, reviews, product widgets or third-party apps.
Embedded content may allow the third-party provider to process technical data, including IP address, browser information and interaction data.
Where such content is not technically necessary, it should only load after consent where legally required.
Legal basis: Article 6(1)(a) GDPR and § 25(1) TDDDG, where consent is required.
Embedded tools used:
[Insert actual providers only, for example: YouTube, Vimeo, Instagram, Google Maps, review widgets, chat apps.]
27. Wix Platform, Hosting and Technical Infrastructure
This website is built and operated using the Wix platform. Wix and related Wix entities may process personal data in connection with hosting, website security, content delivery, forms, shop functions, customer accounts, checkout, payments, email tools, analytics, consent tools, backups and technical support.
Depending on the specific service, Wix may act as a processor under Article 28 GDPR or as an independent controller for certain processing activities.
Legal basis: Article 6(1)(f) GDPR.
Legitimate interests: secure, reliable and efficient website operation, shop functionality, technical maintenance, scalability and business continuity.
Where Wix processes personal data on our behalf, processing is governed by a data-processing arrangement within the meaning of Article 28 GDPR.
Wix may process or store personal data outside Germany or the European Economic Area. Where this occurs, appropriate safeguards under Chapter V GDPR apply, including adequacy decisions, Standard Contractual Clauses and supplementary safeguards where required.
28. Service Providers and Processors
We may use external service providers to operate the website and provide our e-commerce services.
These may include:
Wix and website-platform providers;
hosting and infrastructure providers;
payment providers;
shipping and logistics providers;
email and newsletter providers;
customer-service tools;
IT support providers;
security and fraud-prevention providers;
analytics and advertising providers;
accountants, tax advisers and legal advisers.
Where service providers process personal data on our behalf, they are engaged under data-processing agreements where required by Article 28 GDPR.
29. Recipients of Personal Data
Personal data may be disclosed to the following categories of recipients where necessary and lawful:
website platform and hosting providers;
payment service providers;
shipping, courier and logistics providers;
IT, security, maintenance and backup providers;
newsletter and customer-communication providers;
analytics and advertising providers, where enabled and legally permitted;
fraud-prevention and compliance providers;
professional advisers, including accountants, tax advisers, auditors and lawyers;
banks and financial institutions;
public authorities, tax authorities, customs authorities, courts and law-enforcement bodies, where legally required.
We do not sell personal data.
30. International Data Transfers
Some service providers may process, store or access personal data outside Germany, the European Union or the European Economic Area.
Where personal data is transferred to a third country, we take appropriate measures in accordance with Articles 44 to 49 GDPR.
These safeguards may include:
an adequacy decision by the European Commission;
Standard Contractual Clauses approved by the European Commission;
supplementary technical and organisational safeguards;
contractual commitments from service providers;
transfer-impact assessments, where required;
statutory derogations under Article 49 GDPR in exceptional cases.
International transfers may occur in particular where providers such as Wix, Google, payment providers, email providers, analytics providers or social media platforms operate globally.
31. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, unless longer storage is required or permitted by law.
The retention period depends on the type of data and the purpose of processing.
Examples:
Order, invoice, payment and accounting data may be retained in accordance with German commercial and tax-law retention obligations, including § 257 HGB and § 147 AO.
Customer-service correspondence is retained for as long as necessary to handle the enquiry and for any relevant limitation periods.
Customer-account data is retained for as long as the customer account exists, unless earlier deletion is required or continued storage is legally necessary.
Newsletter data is retained until consent is withdrawn or the subscription is terminated.
Consent records may be retained as evidence of lawful consent.
Technical logs are retained for a limited period unless longer retention is necessary for security, fraud prevention, troubleshooting or legal claims.
Legal-claim data may be retained for the duration of applicable limitation periods.
When personal data is no longer required, it is deleted, anonymised or restricted, unless legal retention obligations prevent deletion.
32. Data Security
We implement appropriate technical and organisational measures within the meaning of Article 32 GDPR to protect personal data.
These measures may include:
SSL/TLS encryption;
secure hosting;
access controls;
password protection;
role-based access restrictions;
system monitoring;
firewall and security tools;
backup procedures;
data minimisation;
processor due diligence;
confidentiality obligations;
secure payment processing;
regular review of technical settings.
No website or online service can guarantee absolute security. However, we take reasonable measures appropriate to the nature, scope, context and purposes of processing and the risks to individuals.
33. No Sale of Personal Data
We do not sell personal data to third parties.
Where advertising, analytics or social media tools are used, data may be shared with or accessed by third-party providers only where legally permitted and, where required, based on consent.
34. Your Rights under the GDPR
Subject to the statutory conditions, you have the following rights:
Right of access — Article 15 GDPR
You may request confirmation as to whether we process your personal data and obtain access to such data.
Right to rectification — Article 16 GDPR
You may request correction of inaccurate personal data and completion of incomplete data.
Right to erasure — Article 17 GDPR
You may request deletion of your personal data where the statutory conditions are met.
Right to restriction of processing — Article 18 GDPR
You may request restriction of processing in certain circumstances.
Right to data portability — Article 20 GDPR
You may request to receive personal data provided by you in a structured, commonly used and machine-readable format.
Right to object — Article 21 GDPR
You may object to processing based on Article 6(1)(e) or Article 6(1)(f) GDPR.
Right to withdraw consent — Article 7(3) GDPR
Where processing is based on consent, you may withdraw consent at any time with effect for the future.
Right to lodge a complaint — Article 77 GDPR
You may lodge a complaint with a competent data-protection supervisory authority.
To exercise your rights, please contact:
support@thegreenpearllifestyle.com
We may need to verify your identity before responding to a request.
35. Right to Object to Legitimate-Interest Processing
Where we process personal data on the basis of Article 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation.
If you object, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless processing is necessary for the establishment, exercise or defence of legal claims.
36. Right to Object to Direct Marketing
Where personal data is processed for direct marketing purposes, you have the right to object at any time.
If you object to direct marketing, we will no longer process your personal data for that purpose.
You may also unsubscribe from marketing emails by using the unsubscribe link included in the relevant email.
37. Withdrawal of Consent
Where processing is based on consent, you may withdraw your consent at any time with effect for the future.
This applies in particular to:
newsletter subscriptions;
optional analytics cookies;
advertising cookies;
remarketing tools;
social media pixels;
embedded non-essential third-party content.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
38. Obligation to Provide Data
Where personal data is necessary for the conclusion or performance of a contract, you must provide the data required to process the order.
Without the necessary data, we may be unable to:
accept or process your order;
take payment;
deliver products;
create or manage your customer account;
respond to your enquiry;
process returns or refunds;
comply with statutory obligations.
Where data is optional, this will be indicated where appropriate.
39. Automated Decision-Making and Profiling
We do not carry out automated decision-making within the meaning of Article 22 GDPR that produces legal effects concerning you or similarly significantly affects you.
Advertising, analytics, fraud-prevention or personalisation tools may involve limited profiling or segmentation. Where legally required, such processing is based on consent or another lawful basis and can be objected to or withdrawn as described in this Privacy Policy.
40. Children and Minors
Our website and products are not directed specifically at children under the age of 16.
We do not knowingly collect personal data from children. If we become aware that a child has provided personal data without appropriate consent, we will take reasonable steps to delete such data.
If you believe that a child has provided personal data to us, please contact us.
41. External Links
Our website may contain links to external websites, social media profiles, payment pages, delivery tracking pages or third-party services.
We have no control over the content, security or privacy practices of external websites. Responsibility for personal data processed on third-party websites lies with the respective provider.
Please review the privacy information of any third-party website before providing personal data.
42. Data Breaches
If a personal-data breach occurs, we will assess the risk to affected individuals and take appropriate action in accordance with Articles 33 and 34 GDPR.
Where legally required, we will notify the competent supervisory authority and, where necessary, affected individuals.
43. Supervisory Authority
You have the right to lodge a complaint with a data-protection supervisory authority.
For a controller based in Berlin, the competent authority is generally:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin
Germany
Telephone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de
You may also contact the supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
44. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time to reflect legal, technical, commercial or operational changes.
The version published on this website is the current applicable version.
Where changes are material, we may provide additional notice where appropriate.
Related Policies
Please also read: