Privacy policy

privacy policy

Below we inform you about the processing of your personal data when using our online service.

responsible person

The name and contact details of the person responsible can be found in the imprint.

contact person

If you have any questions about data protection, please contact the contact details provided in the imprint.

storage period

We generally delete your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.

If we have asked for your consent and you have given it, we will delete your personal data if you withdraw your consent and there is no other legal basis for the processing.

We will delete your personal data if you object to the processing and there are no overriding legitimate grounds for the processing or if you object to processing for the purposes of direct marketing or related profiling.

If deletion is not possible because processing is still necessary to fulfill a legal obligation (legal retention periods, etc.) to which we are subject or to assert, exercise or defend legal claims, we will restrict the processing of your personal data.

Further information on the storage period can also be found in the following passages.

your rights

You have the following rights with regard to your personal data:
- Right to information
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability

You have the right to object at any time to the processing of your personal data based on Article 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process your personal data in order to conduct direct advertising, you have the right to object at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. We will then no longer process your personal data for these purposes.

You have the right to withdraw your consent to the processing of your personal data at any time if you have given us such consent. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

You have the right to complain to a supervisory authority about our processing of your personal data.

provision of your personal data

The provision of your personal data is generally neither legally nor contractually required and is not necessary for the conclusion of a contract. You are generally not obliged to provide your personal data. Should this nevertheless be the case, we will inform you separately when collecting your personal data (for example, by marking the mandatory fields on input forms).

Failure to provide your personal data will generally result in us not processing your personal data for one of the purposes described below and you not being able to take advantage of an offer related to the respective processing (example: without providing your email address, you will not receive our newsletter).

web server log files

We process your personal data in order to be able to show you our online offering and to ensure the stability and security of our online offering. Information (e.g. requested element, accessed URL, operating system, date and time of the request, browser type and version used, IP address, protocol used, volume of data transferred, user agent, referrer URL, time zone difference to Greenwich Mean Time (GMT) and/or HTTP status code) is stored in so-called log files (access log, error log, etc.).

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) (a) GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) (f) GDPR. Our legitimate interest is the proper display of our online offering and the guarantee of the stability and security of our online offering.

Security

For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this in the browser line by the character string "https://" and the lock symbol.

contact

If you contact us, we will process your personal data in order to process your contact request.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 Para. 1 lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to process your contact. If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 Para. 1 lit. b GDPR.

We use external services to provide and maintain our email inboxes. These services may have access to personal data that is processed when you contact us. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services can be found below in the additional information on the services we use and under the links provided there:

Gmail
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://www.google.com/intl/de/gmail/about/
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and subject to the various EU standard contractual clauses, provided that these are offered by Google. Further information on this and Google's responsibility can be found under the following link: https://business.safety.google/gdpr/ . You can view a copy of the EU standard contractual clauses there. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Cookies & similar technologies

Cookies are used. Cookies are text information that is stored on your device. A distinction is made between session cookies, which are deleted immediately after you close your browser, and permanent cookies, which are only deleted after a certain period of time.

In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) can also be used. The following statements on cookies also apply to similar technologies. These statements also apply to further processing in connection with cookies and similar technologies (analysis & marketing, etc.). This also applies in particular to any consent you may have given for the use of cookies. This also extends to other technologies and to further processing in connection with cookies and similar technologies.

Cookies can be used to enable the use of certain functions. Cookies can also be used to measure the reach of our online offering, to design it in line with needs and interests, and thus to optimize our online offering and our marketing. Cookies can be used by us and by external services.

We use a consent tool to manage the cookies used and the related consents. Details on the cookies used (purpose, storage period, external service if applicable, etc.) and the consent tool can be found in the following passages and the consent tool we use.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies used and the related consents. Depending on the purpose of the processing, our legitimate interests can be found in the following passages.

You can prevent cookies from being saved by setting your browser accordingly. Below we provide you with links for typical browsers where you can find further information on managing cookie settings:
- Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/web-preferences/#cookies
- Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html

Further options for objection can be found under the following links: https://www.youronlinechoices.eu/ , https://youradchoices.ca/en/tools , https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1 .

If you prevent cookies from being saved, this may affect the proper functioning of our online service. If you delete all cookies, the above settings will also be lost and will need to be made again.

You can also activate the “Do-Not-Track” function of your browser to signal that you do not want to be tracked. Below we provide you with links for typical browsers where you can find further information about the “Do-Not-Track” setting:
- Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
- Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
- Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/verwenden-von-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
- Opera: https://help.opera.com/de/latest/security-and-privacy/
- Safari no longer supports the “Do-Not-Track” function since February 2019. You can prevent cross-website tracking in Safari using the following link: https://support.apple.com/de-de/guide/safari/sfri40732/12.0/mac
- Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html

You can also revoke or manage your consent regarding the cookies used in the consent tool we use.

shop

If you place an order, we will process your personal data to process and handle your order and to comply with the associated rights and obligations.

If you create a customer account, we process your personal data to provide the customer account and the associated functions (forgot password function, etc.), to enhance your shopping experience and to make the ordering process easier for you for future orders.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 Para. 1 lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the processing and handling of your order. If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 Para. 1 lit. b GDPR.

Recipients of your personal data may be third parties (fulfillment service providers, IT service providers, shipping or transport service providers, banks, tax consultants, lawyers, authorities, etc.) insofar as this is necessary for the processing and handling of your order and the associated rights and obligations.

We use external services to process payments. We transmit your personal data to these services insofar as this is necessary for the processing of payments. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services can be found in the additional information on the services we use at the end of this passage and under the links provided there.

American Express
Provider: American Express Europe SA, Germany.
Website: https://www.americanexpress.com/de-de/
Further information & data protection: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html?inav=de_legalfooter_dataprivacy

Apple Pay
provider: Depending on your home country, Apple services are offered by Apple Distribution International Ltd., Ireland, or another company (available at https://www.apple.com/de/legal/internet-services/itunes/de/terms.html ).
Website: https://www.apple.com/de/apple-pay/
More information & data protection: https://www.apple.com/de/legal/privacy/
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.

Giropay
Provider: paydirekt GmbH, Germany.
Website: https://www.giropay.de
Further information & data protection: https://www.giropay.de/rechtliches/datenschutzerklaerung

Google Pay
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://pay.google.com/intl/de_de/about/
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and subject to the various EU standard contractual clauses, provided that these are offered by Google. Further information on this and Google's responsibility can be found under the following link: https://business.safety.google/gdpr/ . You can view a copy of the EU standard contractual clauses there. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Klarna
Provider: Klarna Bank AB (publ), Sweden.
Website: https://www.klarna.com/de/
Further information & data protection: https://www.klarna.com/de/datenschutz/

Mastercard
Provider: Mastercard Europe SA, Belgium.
Website: https://www.mastercard.de
Further information & data protection: https://www.mastercard.de/de-de/datenschutz.html

PayPal
provider: PayPal (Europe) S.à rl et Cie, SCA, Luxembourg.
Website: https://www.paypal.com/de/home/
Further information & data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

Stripe
Provider: Stripe Payments Europe, Ltd., Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc., United States of America.
Website: https://stripe.com/de
Further information & data protection: https://stripe.com/de/privacy
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Visa
provider: Visa Inc., United States of America.
Website: https://www.visa.de
Further information & data protection: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

newsletter

If we have asked for your consent and you have given it, we will process your email address to conduct email marketing and, if necessary, other personal data to address you personally. The legal basis for the processing is Art. 6 Paragraph 1 Letter a of GDPR. The content of the email marketing will be specifically described when your consent is obtained. In addition, the email marketing contains information about us, our goods and services.

We use the so-called double opt-in procedure to prevent possible misuse of your personal data. After collecting your email address, we will send you an email to the email address you provided, in which we ask you to confirm that you actually want email marketing. The legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the legally compliant implementation of email marketing.

We log the time you give your consent and the time you confirm it, as well as your IP address and the content of your declaration of consent, in order to be able to prove that your consent was obtained in accordance with the law. The legal basis for the processing is Art. 6 (1) (f) GDPR. Our legitimate interest is the legally compliant implementation of email marketing.

We use external services for email marketing. Further information on the services used, the scope of data processing and the technologies and procedures used in the respective services, as well as whether profiling takes place when the respective services are used, and if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the additional information on the services we use at the end of this passage and under the links provided there.

You can revoke your consent at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. To revoke your consent, you can use the link provided in the emails or contact us using the contact details provided above.

If you have withdrawn your consent, we reserve the right to process your personal data in a so-called blacklist in order to ensure that no further email marketing is carried out in connection with this personal data in the future. The legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to avoid unwanted email marketing.

We process your personal data as part of tracking or success measurements in order to measure the reach of our e-mail marketing, to design it in line with needs and interests and thus to optimise our e-mail marketing. This may also involve profiling (for the purposes of advertising, personalized information, etc.). Profiling can also take place across services and devices. If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 Para. 1 lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to optimise our e-mail marketing. Unfortunately, a separate revocation of your consent or objection with regard to tracking or success measurements is not possible. You must use the above options to revoke your consent or object to the processing of your personal data for the purposes of e-mail marketing as a whole.

Klaviyo
Provider: Klaviyo, Inc., United States of America.
Website: https://www.klaviyo.com/
Further information & data protection: https://www.klaviyo.com/legal/privacy/privacy-notice
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Existing customer marketing - advertising via email

If we have received your email address in connection with the sale of a product or service and you have not objected to this, we will process your email address to conduct email marketing for our own similar products or services and, if necessary, other personal data in order to address you personally. The legal basis for the processing is Art. 6 (1) (f) GDPR. Our legitimate interest is direct advertising.

You have the right to object to the processing of your personal data for the purpose of email marketing at any time without incurring any costs other than the transmission costs according to the basic rates. We will then no longer process your personal data for the purpose of email marketing. To object to the processing of your personal data for the purpose of email marketing, you can use the link provided for this purpose in the emails or contact us using the contact details provided above.

If you have objected to the processing of your personal data for the purpose of email marketing, we reserve the right to process your personal data in a so-called blacklist in order to ensure that no further email marketing takes place in connection with this personal data in the future. The legal basis for the processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the avoidance of unwanted email marketing.

Analysis & Marketing

We process your personal data in order to measure the reach of our online offering, to design it in line with needs and interests and thus to optimize our online offering and our marketing.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

We use external services for analysis and marketing. This may also involve profiling (for the purposes of advertising, personalized information, etc.). Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures when using the respective services, as well as whether profiling takes place when using the respective services, and if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the additional information on the services we use at the end of this passage and under the links provided there.

For more information about cookies & similar technologies, see above.

Google Analytics
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Further information & data protection: https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and subject to the various EU standard contractual clauses, provided that these are offered by Google. Further information on this and Google's responsibility can be found under the following link: https://business.safety.google/gdpr/ . You can view a copy of the EU standard contractual clauses there. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which ensures compliance with an appropriate level of data protection based on a decision of the European Commission.

social media presences

We maintain social media presences on external services in order to communicate with users there and thus optimize our online offering and our marketing.

This privacy policy also applies to the following social media presences:
https://www.instagram.com/twisted_nut_butter/

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

When using external services, profiling may also occur (for the purposes of advertising, personalized information, etc.). Profiling may also occur across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used in the respective services, as well as whether profiling takes place when the respective services are used, and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the additional information on the services we use at the end of this passage and under the links provided there.

Facebook
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.
Website: https://www.facebook.com The provider and we are joint controllers. We have concluded a corresponding agreement with the provider. You can view
this agreement at https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/controller_addendum
. Further information & data protection: https://developers.facebook.com/docs/plugins/ , https://www.facebook.com/legal/terms/information_about_page_insights_data , https://www.facebook.com/privacy/policy/ , https://de-de.facebook.com/policies/cookies/ , https://www.facebook.com/help/566994660333381?ref=dp and https://de-de.facebook.com/help/568137493302217
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Instagram
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.
Website: https://www.instagram.com
Further information & data protection: https://help.instagram.com/581066165581870 and https://help.instagram.com/519522125107875
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

social media content/plugins

We use social media content/plugins from external services to show you content and functions from external services and thus optimize our online offering and our marketing.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

Facebook
Provider: Meta Platforms Ireland Limited, Ireland. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms, Inc., United States of America.
Website: https://www.facebook.com
Further information & data protection: https://developers.facebook.com/docs/plugins/ , https://www.facebook.com/privacy/policy/ , https://de-de.facebook.com/policies/cookies/ , https://www.facebook.com/help/566994660333381?ref=dp and https://de-de.facebook.com/help/568137493302217
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

Fonts & Scripts

We use fonts and scripts from external services to display our online offering and to ensure that the fonts and scripts are always up-to-date.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the proper display of our online offer and the guarantee of up-to-date fonts and scripts.

MyFonts
Provider: Monotype Imaging Holdings Inc., United States of America.
Website: https://www.myfonts.com
Further information & data protection: https://www.myfonts.com/a/font/legal
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.

cards

We use maps from external services to show you our location and to enable you to use the additional functions of these external services in connection with the maps.

Mapbox
Provider: Mapbox, Inc., United States of America.
Website: https://www.mapbox.com/
Further information & data protection: https://www.mapbox.com/legal/privacy and https://www.mapbox.com/platform/security/
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.

rating platforms

We use rating platforms and process your personal data in order to have our services assessed and thus optimize our online offering and our marketing. For this purpose, we also integrate so-called widgets from the rating platforms, for example to show that we use a rating platform and how our services are assessed.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

If we or the rating platforms we use have asked you for your consent and you have given it, we or the rating platforms we use will process your personal data to remind you to submit a rating. The legal basis for the processing is Art. 6 Para. 1 lit. a GDPR.

Further information on the rating platforms we use, the scope of data processing and the technologies and procedures used in the use of the respective rating platforms can be found in the additional information on the rating platforms we use at the end of this passage and under the links provided there.

Google Customer Reviews
Provider: In the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/merchants/answer/7124326?hl=de
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, provided that these are offered by Google. Further information on this and Google's responsibility can be found under the following link: https://business.safety.google/gdpr/ . You can view a copy of the EU standard contractual clauses there. The provider has joined the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection based on a decision of the European Commission.

comments

If you leave comments using the functions provided (on blog entries, products, etc.), we process your personal data in order to be able to display your comments and prevent any misuse.

If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 (1) lit. a GDPR. If we have not asked you for your consent, the legal basis for the processing is Art. 6 (1) lit. f GDPR. Our legitimate interest is the proper display of your comments and the prevention of misuse.

This privacy policy was created with the configurator from getLaw.de .