Privacy Policy

Information on Data Protection

GDPR GERMAN | GDPR ENGLISH

Data Controller

Alexandra Burger
Holzheimer-Str. 8
73037 Göppingen
Tel: +49 7161 / 2906740
shop@woolandforest.de

Privacy Statement

1) Introduction and Controller Contact Details

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified. 1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Alexandra Burger, Alexandra Burger Wool and Forest, Alfons-Feifel-Str. 59, 73037 Göppingen, Germany, Tel.: +49 15773808036, Email: woolandforest@gmail.com. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for purely informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our visited website

• Date and time at the time of access

• Amount of data sent in bytes

• Source/reference from which you reached the page

• Browser used

• Operating system used

• IP address used (if applicable: in anonymized form) Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for other purposes. However, we reserve the right to check the server log files subsequently if there are specific indications of unlawful use. 2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Cloudflare For hosting our website and displaying the page content, we use the system of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 3.2 Shopify For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider. For data transmission to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser ("session cookies"), while others remain on your device for longer and enable the saving of page settings ("persistent cookies"). In the latter case, you can check the storage duration in your web browser's cookie settings. If personal data is also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 (1) (b) GDPR for the performance of the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent granted, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website. You can set your browser to inform you about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or generally. Please note that the functionality of our website may be limited if cookies are not accepted.

5) Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and answering your request and only to the extent necessary. The legal basis is our legitimate interest in answering your request according to Art. 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis is Art. 6 (1) (b) GDPR. Your data will be deleted when it is clear from the circumstances that the matter in question has been conclusively clarified, provided there are no statutory retention requirements to the contrary.

6) Data Processing Upon Opening a Customer Account

According to Art. 6 (1) (b) GDPR, personal data continues to be collected and processed to the required extent if you provide it to us when opening a customer account. The data required for account opening can be seen from the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by a message to the address of the controller mentioned above. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed and no statutory retention periods prevent this.

7) Use of Customer Data for Direct Marketing

Availability Notification via Email For temporarily unavailable items, you can register to receive email availability notifications. We will send you a one-time message regarding the availability of the item you have selected. The only mandatory information for sending this notification is your email address. Providing further data is voluntary and may be used to address you personally. We use the "double opt-in" procedure for mail dispatch, ensuring you only receive a notification after confirming your consent via a link sent to your email. By activating the confirmation link, you grant us your consent for the use of your personal data according to Art. 6 (1) (a) GDPR. You can unsubscribe from these notifications at any time by sending a message to the controller mentioned above.

8) Data Processing for Order Fulfillment

8.1 As far as necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR. 8.2 Disclosure of personal data to shipping service providers: We work with the following providers: Deutsche Post AG, DHL Paket GmbH, DHL Express Germany GmbH, DHL Express (Austria) GmbH, Hermes Logistik Gruppe Deutschland GmbH, Österreichische Post Aktiengesellschaft, and United Parcel Service Deutschland Inc. & Co. OHG. We pass on your email address and/or phone number to the provider for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent during the ordering process (Art. 6 (1) (a) GDPR). Otherwise, we only pass on the recipient's name and delivery address for delivery purposes (Art. 6 (1) (b) GDPR). 8.3 Use of Payment Service Providers: We work with: Apple Pay, Google Pay, PayPal, Shopify Payments, Stripe, and SumUp. Processing is based on Art. 6 (1) (b) GDPR (payment processing) and, in some cases (such as credit checks), Art. 6 (1) (f) GDPR (safeguarding legitimate interests). 8.4 Sanction List Screening: We reserve the right to compare the personal data provided by you with sanction lists of the European Union. This processing takes place in accordance with Art. 6 (1) (c) GDPR due to our legal obligation to prevent business relationships with sanctioned persons. 8.5 Electronic Cancellation Function: We use a solution from 401layers UG to provide the electronic cancellation function. This is based on Art. 6 (1) (f) GDPR for a user-friendly process and Art. 6 (1) (c) GDPR regarding legal obligations.

9) Web Analysis Services

Shopify Analytics: This website uses the web analysis service of Shopify International Limited. It uses cookies/tracking pixels to collect pseudonymized visitor data (IP address, browser info). All processing described is only carried out if you have given your express consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time via the "Cookie Consent Tool" on the website.

10) Site Functionalities

10.1 Google Maps: Uses the Google Maps API (Google Ireland Limited). Information about your use of our website (including IP address) is transmitted to Google. This is based on Art. 6 (1) (f) GDPR (or Art. 6 (1) (a) GDPR with consent). 10.2 Google Web Fonts: Used for uniform display of fonts. Connection to Google servers is established. Processing occurs only with your explicit consent (Art. 6 (1) (a) GDPR).

11) Tools and Other

11.1 sevDesk: Used for accounting. We have concluded a data processing agreement. Processing is based on our legal obligation to keep proper accounts according to Art. 6 (1) (c) GDPR. 11.2 Cookie-Consent-Tool: Used to obtain effective user consent. Processing occurs according to Art. 6 (1) (f) GDPR and Art. 6 (1) (c) GDPR to ensure compliant consent management.

12) Rights of the Data Subject

12.1 You have the following rights: Right of access (Art. 15), Right to rectification (Art. 16), Right to erasure (Art. 17), Right to restriction of processing (Art. 18), Right to be informed (Art. 19), Right to data portability (Art. 20), Right to withdraw consent (Art. 7 (3)), and Right to lodge a complaint (Art. 77). 12.2 RIGHT TO OBJECT: IF WE PROCESS YOUR DATA BASED ON OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME. IF YOU OBJECT TO DIRECT MARKETING, WE WILL STOP PROCESSING YOUR DATA FOR THOSE PURPOSES IMMEDIATELY.

13) Storage Duration of Personal Data

The duration of storage depends on the respective legal basis, the purpose of processing, and statutory retention periods (e.g., tax law). Once these periods expire, the data is routinely deleted.

Last updated: 08.06.2026, 10:27:42

List of Cookies

(Tables omitted for brevity in translation, but they classify cookies into "Essential" and "Marketing & Analytics".)

Essential Cookies
Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.