Privacy policy

Privacy Policy

Last updated: 15 June 2025

Introduction

This privacy policy informs you about which personal data (hereinafter „data„) we process for which purposes and to what extent. This policy applies to all processing activities we carry out – in particular on our websites, in mobile applications and within external online presences (collectively „online services„).

Table of Contents

• Introduction
• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Disclosure of Personal Data
• Data Processing in Third Countries
• Use of Cookies
• Commercial & Business Services
• Payment Service Providers
• Newsletter
• Online Marketing
• Social Media Presence
• Plugins & Embedded Content
• Deletion of Data
• Changes to This Policy
• Rights of Data Subjects
• Definitions of Terms

Controller

Lebendigeweine.de
Taits U.G. (limited liability)
Konrad-Wolf-Straße 72
13055 Berlin, Germany

Managing Director: Dimitri Taits
Email: [email protected]

Overview of Processing Activities

Below is an overview of the types of data, purposes and affected persons.

Types of Data Processed

• Master & contract data (e.g. names, addresses, order IDs, contract periods)
• Contact data (email, telephone)
• Payment data (e.g. IBAN, Stripe token, PayPal transaction ID)
• Usage & meta/communication data (IP address, device information, log files)
• Content data (e.g. contact/review forms)
• Location data (if released by the device)

Categories of Affected Persons

• Customers & prospects
• Contract partners & suppliers
• Communication partners
• Users of our online services

Purposes of Processing

• Contract fulfilment, shipping & payment processing
• Newsletter & direct marketing (with opt-in)
• Web analytics & reach measurement
• Security measures & fraud prevention
• Online marketing / remarketing
• Office & organisational procedures

Applicable Legal Bases

• Consent (Art. 6 para. 1 (a) GDPR)
• Contract fulfilment / pre-contractual measures (Art. 6 para. 1 (b) GDPR)
• Legal obligation (Art. 6 para. 1 (c) GDPR)
• Legitimate interest (Art. 6 para. 1 (f) GDPR)

For third country transfers, we rely on the EU Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework (DPF), provided the provider is appropriately certified.

Security Measures

We implement technical and organisational measures in accordance with Art. 32 GDPR (including SSL/TLS encryption, access controls, data processing agreements, data backups).

Disclosure of Personal Data

Data is only disclosed when necessary for contract fulfilment, due to legal obligation or on the basis of our legitimate interest. Recipient categories include in particular:

• Hosting & CDN: Timme Hosting (DE), Cloudflare (USA, SCC/DPF)
• Payment service providers: Stripe Payments (EU), PayPal (EU)
• Newsletter: MailPoet (Automattic USA, SCC), distribution via SendGrid (Twilio USA, DPF)
• Shipping logistics: Sendcloud (NL), DHL, UPS
• Legal & tax advice: Thoelke Przybilla Schaffner PartG mbB (DE)

Data Processing in Third Countries

When processing data in countries outside the EEA, we ensure an adequate level of data protection through SCC, DPF certification or equivalent safeguards.

Use of Cookies

We use cookies and comparable technologies. Details are regulated by our cookie banner (Usercentrics Cookiebot) and the consent history available there.

Commercial & Business Services

We process data from customers and prospects for contract processing, shipping and customer service. Retention period for tax-relevant data: 10 years.

Payment Service Providers

• Stripe Payments Europe Ltd., Ireland – Privacy Policy
• PayPal (Europe) S.à r.l., Luxembourg – Privacy Policy

Newsletter

Distribution via MailPoet (Automattic) & SendGrid. Double opt-in, success measurement, blacklist procedure. Unsubscribe available at any time.

Online Marketing & Web Analytics

• Google Analytics 4 (IP anonymisation) – Google Ireland Ltd.; Opt-out via browser plugin
• Meta Pixel (Facebook & Instagram Ads) – Meta Platforms Ireland Ltd.; Opt-out via Ads Settings
• Twitter Ads / X Pixel – X Corp.; Opt-out via account settings

Social Media Presence

We operate profiles on Facebook, Instagram, LinkedIn & X. When accessing these platforms, the privacy notices of the respective platform apply.

Plugins & Embedded Content

• YouTube videos (enhanced privacy mode)
• Google Maps (only with consent)
• ReCaptcha v3 (spam protection)
• Google Fonts (locally hosted)

Data Deletion

Data is deleted once the purpose is no longer applicable and no retention obligation exists. Where deletion is not possible, data may be blocked instead.

Changes to This Notice

We will update this privacy notice if changes to data processing require it. Please check regularly for updates.

Rights of Data Subjects

• Withdrawal of given consent (Art. 7 GDPR)
• Access, rectification, erasure, restriction (Art. 15–18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to direct marketing & legitimate interests (Art. 21 GDPR)
• Complaint to a supervisory authority (Art. 77 GDPR)

Definitions of Terms

Terms such as „profiling“, „consent“, „SCC“ etc. correspond to the definitions in the GDPR (Art. 4) and EDPB guidelines.

Created and updated with Datenschutz-Generator.de – adapted to our setup (WooCommerce 9.8.5, MailPoet, SendGrid, Stripe, PayPal, Timme Hosting)