As of May 25, 2018, the EU General Data Protection Regulation (GDPR) applies directly in all member states of the European Union.
The data protection declaration of the Weedo Lifestyle & Media GmbH uses terms which are given by the European Directive and Regulation Maker when issuing the Data Protection Regulation (DSGVO).
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consent means any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Responsible for the data processing is
Weedo Lifestyle & Media GmbH
Managing director: Philipp Ferrer
What data do we collect on our website?
You can generally move anonymously on our website. During your visit, usage data is stored, such as your IP address, the website from which you found us, the web pages you visit on our site, and the date and duration of your visit. All this data is evaluated anonymously and exclusively for statistical purposes. The evaluation is also carried out with the help of cookies (see the section. We do not create personal user profiles.
We may collect additional data in order to provide you with our online offers, content and function, this concerns inventory data (e.g. delivery/invoice address), contact data (e.g. e-mail) and content data (e.g. comments).
What do we process your data for and on what legal basis?
We process your personal data in compliance with the EU General Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG), and all other applicable laws. Depending on how you use our online content, there are different legal bases for this.
Art. 6 I lit. a DSGVO serves as our legal basis for processing operations in which we obtain consent for a specific processing purpose. Consent given can be revoked at any time.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the provision of another service or consideration, the processing is based on Article 6 I lit. b DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or content.
If we are subject to a legal obligation by which a processing of personal data becomes necessary, such as for compliance with tax obligations, the processing is based on Art. 6 I lit. c DSGVO.
Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
How long do we store your data?
We store your personal data that arises during the use of our website for as long as this is necessary for the above-mentioned purposes. In addition, we are subject to various legal obligations to provide proof and to retain data, which are regulated, among other things, in the German Commercial Code, in tax laws and in the German Fiscal Code. Accordingly, the storage periods are generally up to ten years.
Who receives personal data?
We only pass on your personal data to third parties if this is necessary for the fulfillment of a contract, if you have given your consent for this or if we are obliged to do so by law or on the basis of a court or official order.
If we cooperate with external service providers in the context of data processing, this is usually done on the basis of so-called commissioned processing, in which we remain responsible for data processing. We check each of these service providers in advance for the measures they have taken with regard to data protection and data security, thus ensuring that the contractual regulations for the protection of personal data provided for by law are complied with.
Will data be transferred to a third country or to an international organization?
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place.
To what extent is there automated decision-making in individual cases?
We do not use automated decision-making, nor do we engage in profiling.
Your data protection rights
You have the right to information according to Art. 15 DSGVO, the right to correction according to Art. 16 DSGVO, the right to deletion according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO and the right to data portability from Art. 20 DSGVO. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
Right of revocation
You have the right to revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018.
Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
Right of appeal
You have the option of submitting a complaint to the data protection officer named above or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA).
What are cookies and what are they used for?
Cookies are text files that are stored in the cache of your Internet browser (e.g. Internet Explorer or Firefox) when you visit a website. Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognize your browser on your next visit. This has the advantage for you that your computer does not have to be logged in again when you repeatedly visit an encrypted page. Cookies do not store any personal data. We only use them for statistical evaluations in order to control the success of our Internet presence. The evaluation is anonymous. After 30 days at the latest, the cookies are deleted.
In your browser, you can set how cookies are handled: For example, you can specify that storage is only accepted if you agree to it beforehand. If you only want to accept the cookies of our website, but not the cookies of our service providers and partners, you can specify this in your browser via the setting "Block third-party cookies".
What are analysis tools and what are they used for?
The tracking measures we use are carried out on the basis of Art. 6 (1) p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to statistically and anonymously record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
This website uses Google Analytics (with IP anonymization function), a web analytics service provided by Google Inc ("Google"). Weedo uses this service to understand how users use the website. Google Analytics is operated by:
Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
For this purpose, Google Analytics uses so-called "cookies" (text files), which are stored on your computer and which enable an analysis of your use of the website. These cookies do not contain any personal data, but if you provide personal data when visiting the website and do not delete the cookie from your browser after providing this data, the provider collects the non-personal data stored in the cookie (such as the number of visits) and stores it anonymously. You can prevent the storage of cookies by selecting the appropriate settings on your browser software. You can also prevent the collection of data generated by the cookie and related to your use of the website to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the link http://tools.google.com/dlpage/gaoptout?hl=de.
We generally use the addition "anonymizeIp" for the analysis via Google Analytics. By means of this add-on, the IP address of the person concerned is shortened and anonymized by Google if the access to our offer takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
This website uses Hotjar, an analytics software provided by Hotjar Ltd ("Hotjar").
Hotjar is operated by:
Hotjar Ltd, St Julian's Business Centre 3, Elia Zammit Street, St Julian's STJ , 1000, Malta.
With Hotjar it is possible to measure and analyze the usage behavior (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the "tracking code" and "cookie" about your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The following information is collected by the tracking code: Device dependent data.
The following information may be recorded by your device and browser: Your device's IP address (collected and stored in an anonymized format), screen size of your device, device type and browser information, Geographic location (country only), preferred language to display our website, user interactions such as mouse events (movement, position and clicks) and keystrokes, log data;
The following data is automatically created by our servers when Hotjar is used: Referring domain, pages visited, geographical location (country only), preferred language to display our website, date and time when the website was accessed;
Hotjar will use this information to evaluate your use of our website, generate usage reports, and provide other services related to website usage and internet evaluation of the website. Hotjar also uses third-party services, such as Google Analytics and Optimizely, to provide services. These third-party companies may store information that your browser sends as part of your website visit, such as cookies or IP requests. For more information about how Google Analytics and Optimizely store and use data, please see their respective privacy statements.
The cookies that Hotjar uses have different "lifetimes"; some remain valid for up to 365 days, and some remain valid only during the current visit.
You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.
We use the online advertising program "Google AdWords" and, as part of Google AdWords, conversion tracking. Google Conversion Tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer or terminal. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If you visit certain web pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked across AdWords customers' websites. The information obtained using conversion tracking is used to create conversion statistics for AdWords customers. Here, AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.
You can prevent the tracking by preventing the installation of cookies through a corresponding setting of your browser software (deactivation option). Furthermore, the option to object to interest-based advertising by Google. To do this, you must call up the link www.google.de/settings/ads from each of the Internet browsers you use and make the desired settings there. Further information and the applicable data protection provisions of Google can be accessed here.
Social networks ("social plugins")
At some points on our website, you have the option of accessing and/or sharing content via social networks. In doing so, we use social plugins ("plugins") of several social networks (including Facebook, YouTube, Instagram and similar) on our website. A corresponding logo identifies the plugins.
If you call up a web page of our website that contains such a plugin and you click on this plugin, your browser establishes a direct connection with server systems of the relevant social network. The content of the plugin is then transmitted directly to your browser and integrated by it into the website. A communication takes place between the plugin, your browser and the social network.
Order processing in the online store and customer account
We process the data of our customers in the context of ordering processes in our online store to enable product selection as well as order processing and payment.
The processing is carried out for the purpose of providing contractual services in the context of operating an online store, including order processing. In doing so, we set session cookies for storing the shopping cart contents and your delivery address for future orders.
We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. Optionally, a user account can be created, where you can, among other things, view your order history. The mandatory information required for this is requested as part of the registration process.
If users have cancelled their user account, their data with regard to the user account will be deleted, unless we are subject to certain retention obligations for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c DSGVO.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after they have placed an order.
This serves to protect our legitimate interests in an optimal marketing of our offer, which are overriding in the context of a balancing of interests according to Art. 6 para. 1 p. 1 lit. f DSGVO. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the site.
Further personal data is only transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order, or have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.
Amazon affiliate program
Forum registration function
Users can create a forum account and fill it in voluntarily. The mandatory information required for this is requested during registration. The data requested will be used for the purpose of providing the member area and the forum account. If users have cancelled their user account, their data with regard to the user account will be deleted, unless we are subject to certain retention obligations for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c DSGVO. In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use.
E-mail newsletter with Mailchimp
If you register for our newsletter, we use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter.
After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement."
When contacting us (e.g. via contact form, email, telephone or via social media), your information will be processed and, if necessary, archived for the purpose of processing and handling the request in accordance with Art. 6 (1) lit. b) DSGVO.
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
Comments and contributions
If you leave comments or other contributions, then we record your IP address. This is done for our security, in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
This website includes content from third-party providers, such as fonts, videos and images. In order to provide this content, these third-party providers may collect the IP address of the user. A list of the integrated services and third-party providers can be found below:
What do we do for data security?
We use the SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the status bar of your browser.
We also use technical and organizational measures to protect your data against manipulation, loss, destruction or unauthorized access.
Links to other websites
We want to set only current and safe links to other websites on our website, but sometimes we do not notice immediately if linked contents change. If you notice that links on our website refer to Internet pages whose content violates applicable law, please inform us via the e-mail address firstname.lastname@example.org. We will then immediately remove these links from our website.
Description and scope of data processing
For the use of payment systems on our Internet store portal, we use GiroSolution GmbH as a payment service provider. By means of an interface to their system "GiroCheckout", GiroSolution GmbH ensures the system-side connection of our store portal to the following payment procedures for us:
e) credit cards
g) direct debit
i) Sofort bank transfer
Depending on the payment method, the following data is first passed on or retrieved to GiroSolution GmbH via GiroCheckout and then to the respective payment system and their service providers for the processing of payments:
a) Name and first name
c) e-mail address
d) Information on the age of majority for giropay ID - age verification (the date of birth is not forwarded)
e) Information on the confirmation of the account details for giropay ID - account verification (IBAN and the BIC as well as the first and last name of the associated account holder)
Further information can be found in the GiroSolution GmbH terms and conditions (www.girosolution.de).
Legal basis for the data processing
The legal basis for data processing and for the transfer of data to the above-mentioned third parties is Art. 6 (1) lit. b DSGVO. In addition, Art. 6 para. 1 lit. f DSGVO is the legal basis for data processing.
Purpose of data processing
The transmission of the data and the processing of the same is necessary in order to carry out the payment of the transaction made by you on our Shopportal with the payment method selected by you and thus to be able to complete the transaction.
The connection of many different payment methods is complex and cost-intensive. Therefore, we use a service provider for the technical connection, in which our legitimate interest in the above data processing by GiroSolution GmbH according to Art. 6 para. 1 lit. f DSGVO is justified.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the above-mentioned data, this is the case when the contract has been settled and there are no longer any claims for return, i.e. after expiry of the statutory warranty or guarantee periods granted. Subject to legal retention periods beyond this point, the data will then be deleted.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
We offer the option of processing the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). In this context, we share the following data with PayPal to the extent necessary for the performance of the contract (Art. 6 para. 1 lit b. DSGVO).
The processing of the data provided under this section is not required by law or contract. We cannot process a payment through PayPal without the submission of your personal data. [You have the option to choose another payment method].
PayPal conducts a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or a check is pending.
You can find more information about objection and removal options vis-à-vis PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Your data will be stored until the payment processing is completed. This also includes the period required for the processing of refunds, claims management and fraud prevention. [A statutory retention period of [X] years applies to us in accordance with [§ 147 AO / § 257 HGB] for the following documents: [ ]].
Klarna Privacy Notice: