Datenschutzrichtlinie

Last update: 23/03/2026

Privacy Policy

1) Introduction and contact details of the data controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information on how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.

1.2 The data controller for this website within the meaning of the General Data Protection Regulation (GDPR) is Beyond Nutrition GmbH, 21 rue de Savelborn, 7660 Medernach, Luxembourg, Tel.: +352-26873931, Email: info@beyond-nutrition.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When using our website for information purposes only – i.e. if you do not register or otherwise provide us with information – we only collect data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you: Processing takes place in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete indications of unlawful use.

The website you visited
Date and time of access
Amount of data sent in bytes
Source/link from which you accessed the page
Browser used
Operating system used
IP address used (where applicable: in anonymised form)

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock symbol in your browser address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

We use the system of the following provider for the hosting of our website and the display of page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

In the case of data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Shopify

We use a content delivery network provided by the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data may also be transferred to: This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) of the GDPR. We have entered into a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

Where data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

For data transfers to the USA, the data recipient has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

4) Cookies

To make visiting our website an enjoyable experience and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called ‘session cookies’), whilst others remain on your device for longer and enable page settings to be saved (so-called ‘persistent cookies’). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

Where personal data is also processed by individual cookies we use, such processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of a contract, in accordance with Article 6(1)(a) of the GDPR where consent has been given, or in accordance with Article 6(1)(f) of the GDPR 1(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.

You can configure your browser so so that you are informed when cookies are set and can decide individually whether to accept them, or you can prevent the acceptance of cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact

5.1 Our own review reminder

Exclusively on the basis of your explicit consent in accordance with Art. 6(1)(a) GDPR, we use your email address to send you a one-off reminder to submit a review of your order. You may withdraw your consent at any time by sending a message to the data controller.

5.2 ShopVote

For review reminders, we use the services of the following provider: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

Solely on the basis of your explicit consent in accordance with Article 6(1)(a) of the GDPR, we transmit your email address and, where applicable, further customer data to the provider, so that they can contact you with a review reminder via email.

You may withdraw your consent at any time with future effect by contacting us or the provider.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

5.3 WhatsApp Business

You have the option of contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business version” of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (such as an order placed), we will store and use the mobile phone number you use on WhatsApp and – if provided – your first name and surname in accordance with Article 6(1)(b) b) of the GDPR to process and respond to your enquiry. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) so that we can assign your enquiry to a specific transaction.

If you use our WhatsApp contact for general enquiries (such as regarding our range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp, as well as your first and last names (if provided), in accordance with Article 6(1)(f) of the GDPR, based on our legitimate interest in providing the requested information efficiently and promptly.

Your data will only ever be used to respond to your enquiry via WhatsApp. It will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server belonging to the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book contains only the WhatsApp contact details of those users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented, upon first use of the app on their device by accepting the WhatsApp Terms of Service, to the transfer of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6(1)(a) GDPR. The transmission of data relating to users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the purpose and scope of data collection, as well as the further processing and use of data by WhatsApp, and your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have entered into a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.

In the context of the processing described above, data may be transferred to servers operated by Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework which, on the basis of an adequacy decision by the European Commission, ensures compliance with European data protection standards.

5.4 When you contact us (e.g. via the contact form or by email), we process – solely for the purpose of handling and responding to your enquiry and only to the extent necessary for this purpose – personal data is processed.

The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that no statutory retention obligations prevent this.

6) Data processing when opening a customer account

In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required for opening an account in the input fields of the relevant form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. Following deletion of your customer account, your data will be deleted provided that all contracts concluded in connection with it have been fully processed, there are no statutory retention periods preventing this, and we no longer have a legitimate interest in continuing to store the data.

7) Use of customer data for direct marketing

7. 1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will send you regular updates on our offers. The only mandatory information required to receive the newsletter is your email address. Providing further details is voluntary and is used to address you personally. We use the so-called double opt-in procedure, which ensures that you only receive the newsletter once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you grant us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the controller named at the beginning. Once you have unsubscribed, your email address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

7.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services from our range that are similar to those you have already purchased. For this purpose, we are not required to obtain separate consent from you in accordance with Section 7(3) of the German Unfair Competition Act (UWG). Data processing in this regard is carried out solely on the basis of our legitimate interest in personalised direct marketing in accordance with Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect by notifying the controller named at the beginning. You will only incur transmission costs in accordance with standard rates. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

7.3 Klaviyo

Our email newsletters and other promotional email communications are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly email marketing, we pass on the data you provided during registration to this provider in accordance with Article 6(1)(f) of the GDPR to this provider so that they can handle the dispatch of emails on our behalf.

Subject to your express consent in accordance with Article 6(1)(a) of the GDPR, the provider also carries out a statistical evaluation of the success of email campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.

You may withdraw your consent to email tracking at any time with future effect.

We have entered into a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

7.4 Shopify Email

Our email newsletters are sent via this provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when subscribing to the newsletter to this provider in accordance with Article 6(1)(f) of the GDPR, so that they can handle the dispatch of the newsletter on our behalf.

Subject to your express consent in accordance with Article 6(1)(a) of the GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the newsletter content. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is collected and analysed, but not merged with other data sets.

You may withdraw your consent to newsletter tracking at any time with future effect.

We have concluded a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.

In the event of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7.5 WhatsApp newsletter

If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. The only mandatory information required to receive the newsletter is your mobile phone number.

To receive the newsletter, add the mobile phone number we have provided to the contacts on your mobile device and send us the message “Start” via WhatsApp. By sending this WhatsApp message, you give us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR for the purpose of sending the newsletter. We will then add you to our newsletter mailing list.

The data we collect when you subscribe to the newsletter is processed exclusively for the purpose of sending you promotional communications via the newsletter. You can unsubscribe from the newsletter at any time by sending us the message “Stop” via WhatsApp. Once you have unsubscribed, your mobile number will be deleted immediately from our newsletter mailing list, unless you have expressly consented to the further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

We therefore use a mobile device for sending our WhatsApp newsletter, in whose address book only the WhatsApp contact details of our newsletter recipients are stored. This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transfer of their WhatsApp telephone number from the address books of their chat contacts in accordance with Article 6(1)(a) a GDPR. The transfer of data relating to users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

Please refer to WhatsApp’s privacy policy for information on the purpose and scope of data collection, the further processing and use of data by WhatsApp, as well as your rights in this regard and the settings available to protect your privacy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have entered into a data processing agreement with WhatsApp which protects the data of our newsletter recipients and prohibits disclosure to third parties.

In the context of the processing operations mentioned above, data may be transferred to servers operated by Meta Platforms Inc. in the USA.

7.6 - Klaviyo

Our WhatsApp newsletters are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we transfer your telephone number linked to your WhatsApp account and, where applicable, your first and last name in accordance with Art. 6(1)(f) f GDPR to this provider so that it can handle the dispatch of the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6(1)(a) GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the WhatsApp messages sent, which can measure open rates and specific interactions with the newsletter’s content. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is also collected and analysed, but not merged with other data sets.

You may withdraw your consent to newsletter tracking at any time with future effect.

We have entered into a data processing agreement with the provider which protects the data of our website visitors and prohibits disclosure to third parties.

7.7 Email notifications regarding product availability

For items that are temporarily unavailable, you can sign up to receive email notifications regarding product availability. We will send you a one-off email message regarding the availability of the item you have selected. The only mandatory information required to send this notification is your email address. The provision of further data is voluntary and may be used to address you personally. For email dispatch, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6(1)(a) of the GDPR. In doing so, we store your IP address as recorded by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data we collect when you register for our email notification service regarding product availability is used strictly for the specified purpose.

You may unsubscribe from the availability notifications at any time by sending a message to the data controller named at the beginning of this notice. Once you have unsubscribed, your email address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this notice.

7.8 Shopping basket reminders by email

If you abandon your purchase with us before completing the order, you have the option of receiving a one-off email reminder of the contents of your virtual shopping basket.

The only mandatory information required to send this reminder is your email address. The provision of further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6( 1(a) of the GDPR for the purpose of sending a shopping basket reminder. In doing so, we store your IP address as provided by your Internet Service Provider (ISP) , as well as the date and time of registration, in order to be able to trace any potential misuse of your email address at a later date. The data collected by us during registration for our email notification service is used strictly for the specified purpose.

You can unsubscribe from the shopping basket reminders at any time by sending a message to the controller named at the beginning. Once you have unsubscribed, your email address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to the further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

7. 9 Advertising by post

On the basis of our legitimate interest in personalised direct marketing, we reserve the right to store your first name and surname, your postal address and – insofar as we have received this additional information from you within the framework of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business designation in accordance with Article 6(1)(f) of the GDPR, and to use them to send you interesting offers and information about our products by post.

You may object to the storage and use of your data for this purpose at any time.

8) Data processing for order fulfilment

8.1 Insofar as necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the contracted transport company and the contracted credit institution in accordance with Article 6(1)(b) of the GDPR.

Where we are obliged to provide you with updates for goods containing digital elements or for digital products on the basis of a relevant contract, we process the contact details you provided when placing your order in order to inform you personally within the scope of our statutory information obligations pursuant to Article 6(1)(c) of the GDPR. Your contact details will be used strictly for the specific purpose of communicating updates for which we are responsible and will be processed by us for this purpose only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who assist us, either wholly or in part, in the performance of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

8.2 Use of payment service providers (payment services)

- Apple Pay

If you choose the “Apple Pay” payment method provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing takes place via the “Apple Pay” function on your iOS, watchOS or macOS device by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. To authorise a payment, you must therefore enter a code you have previously set and verify your identity using the “Face ID” or “Touch ID” on your device.

For the purpose of payment processing, the information you provide during the ordering process, together with details of your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay to complete the transaction. The encryption ensures that only the website through which the purchase was made can access the payment data. Once the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.

Where personal data is processed in the context of the transmissions described, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.

Apple retains anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you have made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that could be used to identify you personally. You can disable the option to use Apple Pay on your Mac in your iPhone’s settings. Go to “Wallet & Apple Pay” and turn off “Allow Payments on Mac”.

Further information on data protection for Apple Pay can be found at the following web address: https://support.apple.com/de-de/HT203027

- Google Pay

If you choose the “Google Pay” payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing takes place via the “Google Pay” application on your mobile device (running Android 4.4 (“KitKat”) or later and equipped with NFC functionality) by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay exceeding €25, you must first unlock your mobile device using the relevant verification method (such as facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provide during the ordering process, together with details of your order, is passed on to Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a one-off transaction number, which is used to verify that payment has been made. This transaction number contains no information regarding the actual payment details of the payment method stored in Google Pay , but is generated and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for the processing of the payment transaction. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored with Google Pay.

Where personal data is processed in connection with the transfers described, processing takes place exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.

Google reserves the right to collect, store and analyse certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and, where applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR on the basis of a legitimate interest in proper accounting, the verification of transaction data, and the optimisation and maintenance of the Google Pay service.

Google also reserves the right to combine the transaction data processed with further information collected and stored by Google when using other Google services.

The Google Pay Terms of Service can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0& ldt=googlepaytos&ldl=de

Further information on data protection with Google Pay can be found at the following web address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from this provider that requires you to pay in advance, your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the contents of your order will be passed on to the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal data (first name and surname, street, house number, postcode, town, date of birth, email address, telephone number, and, where applicable, details of an alternative payment method).

In order to safeguard our legitimate interest in verifying your creditworthiness in such cases, we will forward this data to the provider in accordance with Article 6(1)(f) f GDPR for the purpose of a credit check. The provider checks, on the basis of the personal data you have provided as well as further data (such as shopping basket, invoice amount, order history, payment history), whether the payment option you have selected can be granted in view of payment and/or default risks.

The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical method. The calculation of the score values includes, among other things but not exclusively, address data.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data where this is necessary for the contractual processing of payments.

- Shopify Payments

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from the provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information regarding the content of your order in accordance with Article 6(1)(b) of the GDPR. In this case, your data is disclosed exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

8.3 Electronic cancellation option for continuing contracts with consumers

Consumers who have entered into contracts on this website for continuing contracts subject to a fee (such as subscription contracts) have the option to terminate these via an electronic button in accordance with the applicable notice periods.

Clicking the button leads to a confirmation page where the consumer can provide further details regarding the termination, clearly identify themselves and subsequently submit their notice of termination electronically.

The collection of personal data and its transmission to us is carried out in accordance with Article 6(1)(b) of the GDPR and only to the extent necessary for the proper processing of the cancellation. Also on the basis of Article 6(1)(b) b GDPR, the personal data provided is used to confirm receipt of the notice of termination and the date of termination electronically in text form. A further legal basis for the processing is Article 6(1)(c) GDPR. We are legally obliged to provide an electronic option for termination in the case of consumer contracts concluded via electronic commerce concerning continuing obligations subject to a fee .

9) Online marketing

Our own affiliate programme

In connection with the product presentations on our website, we operate our own affiliate programme, under which we provide interested third-party website operators with partner links to place on their websites, which lead to our offers. Cookies are used for the affiliate programme; these are generally set on the partner site after clicking on a corresponding affiliate link, and we are not responsible for them under data protection law in this respect. Cookies are small text files stored on your device to enable the tracking of the origin of transactions (e.g. ‘sales leads’) generated via such links. This enables us, amongst other things, to recognise that you have clicked on the partner link and been redirected to our website. This information is required for payment processing between us and the affiliate partners. Where the information also contains personal data, the processing described is carried out on the basis of our legitimate financial interest in the processing of commission payments in accordance with Article 6(1)(f) of the GDPR.

If you wish to block the analysis of user behaviour via cookies, you can configure your browser so that you are informed when cookies are set and can decide individually whether to accept them, or you can exclude the acceptance of cookies in specific cases or generally.

10) Web analytics services

10.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, when you visit the website, Google (Universal) Analytics sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google. The data collected through the use of Google (Universal) Analytics is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR.

Without your consent, Google (Universal) Analytics during your visit to the site. You may withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information regarding Google (Universal) Analytics can be found at https://business. safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics

Google (Universal) Analytics uses the special ‘demographic characteristics’ feature and can use this to generate statistics that provide insights into the age, gender and interests of website visitors. This is achieved by analysing advertising and information from third-party providers. This enables target groups to be identified for marketing activities. However, the data collected cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals

As an extension to Google (Universal) Analytics, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) 1(a) of the GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the ‘Personalised ads’ feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google (Universal) Analytics, the ‘UserIDs’ feature may be used on this website. If you have consented to the use of Google (Universal) Analytics in accordance with Article 6(1)(a) of the GDPR, have set up an account on this website and log in to this account on various devices, your activities, including conversions, can be analysed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework (EU-US Data Privacy Framework), which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

10.2 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, although Google truncates the last few digits to prevent direct personal identification.

The information is transmitted to Google’s servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the information collected on our behalf to analyse your use of the website, compile reports on website activity for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, takes place only if you have given us your express consent in accordance with Article 6(1)(a) of the GDPR.

Without your consent, Google Analytics 4 will not be used during your visit to the site. You may withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service via the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/ privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites

Demographic characteristics

Google Analytics 4 uses the special ‘demographic characteristics’ feature and can use this to generate statistics that provide insights into the age, gender and interests of website visitors. This is achieved by analysing advertising and information from third-party providers. This enables target groups to be identified for marketing activities. However, the data collected cannot be attributed to any specific individual and is deleted after being stored for a period of two months.

Google Signals

As an extension to Google Analytics 4, Google Signals may be used on this website to generate cross-device reports. If you have enabled personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Article 6(1)(a) of the GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the ‘Personalised ads’ feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension to Google Analytics 4, the ‘UserIDs’ feature may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Article 6(1)(a) of the GDPR, have set up an account on this website and log in to this account on various devices, your activities, including conversions, can be analysed across devices.

11) Retargeting/Remarketing and Conversion Tracking

11.1 Meta Pixel

Within our online offering, we use the “Meta Pixel” service provided by the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”)

If a user clicks on an advertisement placed by us on Facebook and/or Instagram,

‘Meta Pixel’ adds a parameter to the URL of our linked page. This URL parameter is then, following the redirection, stored in the user’s browser via a cookie set by our linked page itself.

This enables Meta, on the one hand, to identify visitors to our online offering as a target group for the display of advertisements (so-called ‘Ads’). Accordingly, we use the service to display the Facebook and/or Instagram ads we have placed only to those users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites visited), which we transmit to Meta (so-called “Custom Audiences”).

Furthermore, the “Meta Pixel” allows us to track whether users were redirected to our website after clicking on an advertisement and what actions they take there (so-called “conversion tracking”).

The data collected is anonymous to us; therefore, it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, meaning a link to the respective user profile is possible and Meta may use the data for its own advertising purposes.

All processing described above, in particular the setting of cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) a GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, data may also be transferred to servers operated by Meta Platforms Inc. in the USA.

11.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google places a cookie in your device’s browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Any further data processing only takes place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalise the adverts you see on the web. If, in this case, you are logged into Google whilst visiting our website, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. To this end, your personal data will be temporarily linked by Google with Google Analytics data to form audiences. As part of the use of Google Ads Remarketing, personal data may also be transferred to the

servers of Google LLC in the USA.

All processing described above, in particular the setting of cookies to read information on the device used, will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You may withdraw your consent at any time with future effect. To exercise your right to withdraw consent, please deactivate this service using the “Cookie Consent Tool” provided on the website .

Details on the processing initiated by Google and Google’s handling of website data can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.3 Google Ads Conversion Tracking

This website uses the online advertising programme ‘Google Ads’ and, as part of Google Ads, the conversion tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).

We use Google Ads to draw attention to our attractive offers on external websites using advertising (so-called Google AdWords) on external websites to draw attention to our attractive offers. We can determine, based on the data from the advertising campaigns, how successful the individual advertising measures are. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to ensure a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google Ads advertisement. Cookies are small text files that are stored on your device. These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the advert and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their advert and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

When using Google Ads, personal data may also be transferred to the servers of Google LLC in the USA.

Details regarding the processing triggered by Google Ads conversion tracking and Google’s handling of website data can be found here: https://policies.google.com/technologies/partner-sites

All processing described above, in particular the setting of cookies to read information on the device used, will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link:

https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de

In order to target users whose data we have received in the context of business or business-like relationships with even more relevant advertising, we use a customer matching function within Google Ads. To this end, we transmit one or more files containing aggregated customer data (primarily email addresses and telephone numbers) electronically to Google. Google does not gain access to plain text data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to associate it with existing Google accounts set up by the data subjects. This enables the display of personalised advertising across all Google services linked to the respective Google account.

Customer data is only transmitted to Google if you have given us your express consent in accordance with Art. 6(1)(a) of the GDPR. You may withdraw this consent at any time with future effect. Further information on Google’s data protection measures regarding the customer matching function can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google’s privacy policy can be viewed here: https://business. safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.4 Google Marketing Platform

This website uses the online marketing tool Google Marketing Platform provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“GMP”).

GMP uses cookies to display ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Using a cookie ID, Google tracks which ads are displayed in which browser and can thus prevent them from being shown multiple times. Furthermore, GMP can use cookie IDs to track so-called conversions related to ad requests. This is the case, for example, when a user sees a GMP advert and later, whilst using the same browser, visits the advertiser’s website and makes a purchase via that website. According to Google, GMP cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server.

We have no influence over the scope and further use of the data collected by Google through the use of this tool and therefore inform you as follows, based on our current knowledge: Through the integration of GMP, Google receives the information that you have visited the relevant part of our website or clicked on one of our adverts. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address. In the context of using GMP, personal data may also be transferred to the servers of Google LLC in the USA.

All processing described above, in particular the setting of cookies for reading information on the , will only be carried out if you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

You can find the privacy policy for GMP by Google here: https://business. safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

11.5 TikTok Pixel

This website uses the conversion tracking technology of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

If you have arrived at our website via an advertisement on the provider’s domain, the success of the advertisement can be tracked using cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests).

To this end, the tracking technology reads certain device and browser information, including, where applicable, your IP address, in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, visits to product pages). This enables us to compile statistics on usage behaviour on our website following a redirect from an advertisement, which we use to optimise our offering.

All processing described above, in particular the setting of cookies to read information from the device used, is only carried out if you have given us your express consent to do so in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

12) Website features

12.1 Integration of the Instagram feed via Mintt Studio

On our website, we use the services of Mintt Studio, Rua Parque da República 116, 4430-164 Vila Nova de Gaia, Portugal, to display preview images from our Instagram profile. This involves the use of cookies, i.e. small text files that are stored locally in your internet browser’s cache.

When visitors access our website, the widget establishes a connection to servers operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Instagram’). As a result, Instagram receives certain browser information, including your IP address. In individual cases, data may also be transferred to servers operated by Meta Platforms Inc., based in the USA.

All processing operations described above, in particular the setting of cookies to read information from the device used, are only carried out if you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

12.2 YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers at the latest when the video is played, in order to load the content. In doing so, certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behaviour, compile playback statistics and prevent abusive behaviour.

If you are logged into a user account with the provider whilst visiting the site, your data assigned directly to your account when you click on a video. If you do not wish for this information to be linked to your account, you must log out before clicking the play button.

All the aforementioned processing operations, in particular the setting of cookies to read information from the device used, only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw the consent you have given at any time with future effect by deactivating this service via the ‘Cookie Consent Tool’ provided on the website.

12.3 ShopVote graphics

Graphic elements from the following provider are integrated into our website to display external customer reviews and/or an externally awarded quality mark: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

When you visit a page on our website that contains such graphic elements, your browser establishes a direct connection to the provider’s servers in order to load the elements correctly. In doing so, certain browser information, including your IP address, is transmitted to the provider.

Where personal data is also processed in this context, this is done in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in the optimal marketing of our services and the appealing design of our website.

12.4 Google Web Fonts

This site uses so-called web fonts from the following provider to ensure consistent font display: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you visit a page, your browser loads the required web fonts into its cache to display text and fonts correctly and establishes a direct connection to the provider’s servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data when establishing a connection with the font provider will only take place if you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

12.5 - Google reCAPTCHA

On this website, we use the CAPTCHA service provided by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA.

For the visual design of the CAPTCHA window, the provider uses “Google Fonts” , i.e. fonts downloaded from the internet by Google. No further information beyond that already transmitted to Google via the ReCAPTCHA functionality is processed in this context.

The service checks whether an input is made by a natural person or abusively via machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access attempts. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the end device used, identification data regarding the browser and operating system type used, as well as the date and duration of the visit, and transmits this to the provider’s servers for analysis. Cookies may be used for this purpose; these are small text files stored in the browser of the end device.

Where the processing described above is based on cookies, these will only be set if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam in accordance with Article 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

12.6 Weglot

This website uses the translation service of the following provider via an API integration: Weglot SAS, 7 cité Paradis, 75010 Paris, France

To ensure that the translation into your chosen language is displayed automatically, the browser you are using connects to the provider’s servers. The provider uses so-called “cookies” , which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website (including the truncated IP address) is usually transmitted to a server of the provider and stored there.

All processing described above, in particular the setting of cookies to read information on the device used, is only carried out if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

12.7 Google Customer Reviews (formerly the Google Certified Retailer Programme)

We work with Google as part of the “Google Customer Reviews” programme. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This programme enables us to collect customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to take part in an email survey from Google.

If you give your consent in accordance with Article 6(1)(a) of the GDPR, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate your shopping experience on our website. The review you submit will then be aggregated with our other reviews and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your review will also be used for Google Merchant Reviews. When using Google Customer Reviews, personal data may also be transferred to the servers of Google LLC in the USA.

You may withdraw your consent at any time by sending a message to the data controller or to Google.

Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/

13) Tools and Miscellaneous

13.1 - Zoho

For our accounting, we use the cloud-based accounting software service provided by the following provider: Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf

Data is also transferred to: Zoho Corp., USA

The provider processes incoming and outgoing invoices and, where applicable, our company’s bank transactions in order to automatically record invoices, match them to transactions and, through a semi-automated process, generate financial accounts.

Where personal data is also processed in this context, such processing is carried out on the basis of our legitimate interest in the efficient organisation and documentation of our business processes in accordance with Article 6( 1(f) of the GDPR.

13.2 Cookie Consent Tool

This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users when they visit the page in the form of an interactive user interface, on which consent for specific cookies and/or cookie-based applications can be granted by ticking the relevant boxes. Through the use of this tool, all cookies and services requiring consent services are only loaded if the respective user grants the relevant consent by ticking the boxes. This ensures that such cookies are only set on the user’s respective device if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

Should the processing of personal data (such as the IP address), this is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

A further legal basis for the processing is Article 6(1) 1(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the user’s consent.

Where necessary, we have entered into a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further information on the operator and the settings options for the cookie consent tool can be found directly in the relevant user interface on our website.

14) Rights of the data subject

14. 1 Under applicable data protection law, you have the following data subject rights (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data; please refer to the legal basis cited for the respective conditions for exercising these rights:14.2 RIGHT TO OBJECT

Right of access pursuant to Article 15 of the GDPR;
Right to rectification pursuant to Article 16 of the GDPR;
Right to erasure pursuant to Article 17 of the GDPR;
Right to restriction of processing pursuant to Article 18 of the GDPR;
Right to be informed pursuant to Article 19 of the GDPR;
Right to data portability pursuant to Article 20 of the GDPR;
Right to withdraw consent pursuant to Article 7(3) of the GDPR;
Right to lodge a complaint pursuant to Article 77 of the GDPR.

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. WE RESERVE THE RIGHT TO CONTINUE PROCESSING, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH PURPOSES . YOU MAY EXERCISE THIS RIGHT OF OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.

15) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – where applicable – additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).

Where personal data is processed on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR, the data concerned will be stored until you withdraw your consent.

Where statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, such data is routinely deleted upon expiry of the retention periods, provided they are no longer required for the performance of a contract or for entering into a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data is stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

When processing personal data for the purposes of direct marketing on the basis of Article 6(1)(f) f GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information in this policy regarding specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.

16) Use of the POST Luxembourg (Inflow) shipping service

We use the services of POST Luxembourg and/or Inflow SA to fulfil orders. The delivery address provided during the ordering process is transferred to the POST Luxembourg system and stored there. This is necessary to print the shipping labels and also to provide the parcel tracking service of POST Luxembourg. The delivery addresses are stored in the POST Luxembourg system for possible reuse.

For more information, please use the following link: https://www.post.lu/en/particuliers/infos-aide/protection-des-donnees

17) National Data Protection Commission Luxembourg (CNPD):

For more information, please visit the National Data Protection Commission's website at https://cnpd.public.lu/de.html

Customers may consult the additional information provided by the CNPD:

https://cnpd.public.lu/en/dossiers-thematiques/Reglement-general-sur-la-protection-des-donnees.html

18) Contacting us

You can contact us at any time. Please use the contact form on our website or via direct email to info@beyond-nutrition.com. We do our best to keep our data policy up-to-date.

Datenschutzrichtlinie

Last update: 23/03/2026

Privacy Policy

1) Introduction and contact details of the data controller

2) Data collection when visiting our website

3) Hosting & Content Delivery Network

4) Cookies

5) Contact

6) Data processing when opening a customer account

7) Use of customer data for direct marketing

8) Data processing for order fulfilment

9) Online marketing

10) Web analytics services

11) Retargeting/Remarketing and Conversion Tracking

12) Website features

13) Tools and Miscellaneous

14) Rights of the data subject

15) Duration of storage of personal data

16) Use of the POST Luxembourg (Inflow) shipping service

17) National Data Protection Commission Luxembourg (CNPD):

18) Contacting us

WERDE MITGLIED DER GEMEINSCHAFT