Privacy policy

Privacy policy

Status: 15 June 2025

Introduction

With the following privacy policy, we inform you about which personal data (hereinafter referred to as "data") for what purposes and to what extent. The declaration applies to all processing carried out by us - in particular on our websites, in mobile applications and within external online presences (summarised as "Online offer").

Table of contents

• Introduction
• Responsible
• Overview of processing
• Relevant legal bases
• Security measures
• Transmission of personal data
• Data processing in third countries
• use of cookies
• Commercial & business services
• Payment service provider
• Newsletter
• Online Marketing
• Social media presence
• Plugins & embedded content
• Deletion of data
• Changes to this declaration
• Rights of data subjects
• Definitions

Responsible

«Living Wines»
Taits U.G. (limited liability)
Konrad-Wolf-Straße 72
13055 Berlin, Germany

Executive Director: Dimitri Taits
E-Mail: [email protected]

Overview of processing

Below is an overview of the data types, purposes and data subjects.

Types of processed data

• Inventory & contract data (e.g. names, addresses, order ID, terms)
• Contact details (e-mail, telephone)
• Payment data (e.g. IBAN, Stripe token, PayPal transaction ID)
• Usage & meta/communication data (IP address, device information, log files)
• Content data (e.g. contact/evaluation forms)
• Location data (if released by the end device)

Categories of persons concerned

• Customers & interested parties
• Contractual partners & suppliers
• Communication partner
• Users of our online offer

Purposes of the processing

• Contract fulfilment, shipping & payment processing
• Newsletter & direct marketing (with opt-in)
• Web analysis & reach measurement
• Security measures & fraud prevention
• Online marketing / remarketing
• Office & organisational procedures

Relevant legal bases

• Consent (Art. 6 para. 1 a GDPR)
• Contract fulfilment / pre-contractual measures (Art. 6 para. 1 b GDPR)
• Legal obligation (Art. 6 para. 1 c GDPR)
• Legitimate interest (Art. 6 para. 1 f GDPR)

For third country transfers, we rely on the EU Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework (DPF), provided the provider is certified accordingly.

Security measures

We take technical and organisational measures in accordance with Art. 32 GDPR (including SSL/TLS encryption, access control, order processing contracts, data backups).

Transmission of personal data

Data will only be passed on if this is necessary for the fulfilment of the contract, due to a legal obligation or on the basis of our legitimate interest. Recipient categories are in particular

• Hosting & CDN: Timme Hosting (DE), Cloudflare (USA, SCC/DPF)
• Payment service providers: Stripe Payments (EU), PayPal (EU)
• Newsletter: MailPoet (Automattic USA, SCC), dispatch via SendGrid (Twilio USA, DPF)
• Shipping logistics: Sendcloud (NL), DHL, UPS
• Legal & Tax Consultancy: Thoelke Przybilla Schaffner PartG mbB (DE)

Data processing in third countries

For processing in countries outside the EEA, we ensure an appropriate level of data protection through SCC, DPF certification or equivalent guarantees.

use of cookies

We use cookies and similar technologies. Further details can be found in our cookie banner (Usercentrics Cookiebot) and the consent history available there.

Commercial & business services

We process data from customers and interested parties for contract processing, dispatch and customer service. Retention period for tax-relevant data: 10 years.

Payment service provider

• Stripe Payments Europe Ltd., Ireland - Privacy policy
• PayPal (Europe) S.à r.l., Luxembourg - Privacy policy

Newsletter

Sending via MailPoet (Automattic) & SendGrid. Double opt-in, performance measurement, blacklist procedure. Cancellation possible at any time.

Online marketing & web analytics

• Google Analytics 4 (IP anonymisation) - Google Ireland Ltd.; opt-out via Browser plugin
• Meta Pixel (Facebook & Instagram Ads) - Meta Platforms Ireland Ltd; Opt-Out via Ads settings
• Twitter Ads / X Pixel - X Corp.; opt-out via account settings

Social media presence

We operate profiles on Facebook, Instagram, LinkedIn & X. The data protection information of the respective platform applies.

Plugins & embedded content

• YouTube videos (extended data protection mode)
• Google Maps (only with consent)
• ReCaptcha v3 (Spam protection)
• Google Fonts (locally hosted)

Deletion of data

Data is deleted as soon as the purpose no longer applies and there is no obligation to retain it. Data may be blocked instead of deleted.

Changes to this declaration

We will adapt this privacy policy if changes in data processing make this necessary. Please inform yourself regularly.

Rights of data subjects

• Revocation of consents granted (Art. 7 GDPR)
• Information, rectification, erasure, restriction (Art. 15-18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to direct marketing & legitimate interests (Art. 21 GDPR)
• Complaint to a supervisory authority (Art. 77 GDPR)

Definitions

Terms such as "profiling", "consent", "SCC" etc. correspond to the definitions in the GDPR (Art. 4) and the EDPB guidelines.

Created and updated with Datenschutz-Generator.de - adapted to our setup (WooCommerce 9.8.5, MailPoet, SendGrid, Stripe, PayPal, Timme Hosting)