Data protection

Name and Contact Details of the Data Controller

The entity responsible for data processing on this website is:

Wolfswater GmbH
Bodmanstr. 4
87439 Kempten
Deutschland
E-Mail: shop@wolfswater.com

Wolfswater GmbH is not required to appoint a Data Protection Officer. For questions regarding data protection, please contact the above-mentioned contact details.

2. Data Collection on the Website

When visiting this website, Wolfswater GmbH itself does not collect any personal data. However, the hosting provider HostEurope automatically stores server log files to ensure the secure operation of the website. These log files may contain the following information:

Visitor's IP address,
Date and time of access,
Type and version of the browser,
Operating system,
Referrer URL (the previously visited page).

Wolfswater GmbH has no direct access to this data and cannot influence its collection. The log files are used exclusively by HostEurope for technical security purposes and are handled according to their privacy policy. For more information on data usage by HostEurope, please refer to their privacy policy: https://www.hosteurope.de/en/terms-and-conditions/privacy/.

3. Collection and Processing of Personal Data During the Ordering Process

As part of the order processing, the following personal data is collected and processed via the payment service provider Stripe:

Email address,
Name,
Billing address,
Shipping address,
Payment information (e.g., credit card details).

Why Stripe receives personal data:
Stripe requires this data to process payments, prevent fraud, and comply with legal obligations such as tax requirements.

How Stripe uses the data:
Stripe uses the data for secure payment processing, verification of payment transactions, fraud detection, and compliance with legal requirements.

How long Stripe stores the data:
Stripe retains personal data as long as necessary to fulfill contractual or legal obligations. The storage duration depends on the applicable legal retention periods (e.g., tax requirements).

Legal basis for processing:
Processing is based on Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interest in secure payment processing and fraud prevention). Stripe acts as an independent controller under Article 4(7) GDPR.

For more information on data processing by Stripe, please refer to Stripe's privacy policy: https://stripe.com/de/privacy.

4. Transfer of Data to Third Parties

In the course of order processing, we work with the following third-party providers to ensure secure payment and shipping. Personal data is transferred to them only to the extent necessary to fulfill the contract:

Stripe (Payment Processing): Stripe processes payment data, including your email address, name, billing address, shipping address, and payment information. Stripe acts as an independent controller under GDPR. For more information, refer to Stripe's privacy policy: https://stripe.com/de/privacy.
Make (Automation): Data entered into Stripe is further processed via the automation tool Make and transferred to Google Drive.
Google Drive (Data Storage): Order data is stored on Google Drive to enable the management and processing of your order. Google complies with European data protection regulations and ensures data protection through Standard Contractual Clauses.
Lexoffice (Invoice Processing): To issue invoices in compliance with the law, your data is processed and stored in Lexoffice. Lexoffice ensures GDPR-compliant data handling.
DPD, Hermes or DHL (Shipping): For shipping, we transfer the shipping address and email address to DPD, Hermes or DHL, which sends delivery status updates via email.

These third-party providers are obligated to comply with European data protection regulations and to use your data only for the purpose of fulfilling their contractual obligations.

5. Email Communication

After completing an order, you will receive an email confirming your order and including the T&Cs and invoice as attachments. After shipment, you will also receive emails from our shipping provider DPD regarding the delivery status.

6. No Use of Cookies

This website does not use cookies.

7. Rights of Data Subjects

You have the following rights:

Under Article 15 GDPR, to request information about the personal data we process about you,
Under Article 16 GDPR, to request the correction of inaccurate or incomplete personal data stored by us,
Under Article 17 GDPR, to request the deletion of your personal data, provided there are no legal retention obligations,
Under Article 18 GDPR, to request the restriction of processing your personal data,
Under Article 20 GDPR, to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer to another controller,
Under Article 21 GDPR, to object to the processing of your data.

To exercise your rights, you can contact us at any time via email.

8. Right to Lodge a Complaint with a Supervisory Authority

Under Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is unlawful.

9. Data Transfers to Third Countries

In the course of order processing, some personal data may be transferred to systems operated on servers outside the European Union, particularly by Stripe and Google Drive.

In these cases, we ensure that appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, are in place to protect your data. Google and Stripe commit to adhering to these Standard Contractual Clauses to ensure a high level of data protection.

10. Retention Period

We retain personal data collected during order processing only as long as necessary to fulfill statutory retention periods (e.g., 10 years for tax documents). Afterward, the data is deleted in accordance with legal requirements.

11. Automated Decision-Making and Profiling

No automated decision-making or profiling takes place.