Privacy policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data means all data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Schwarzwaldwässerle GmbH, Auf der oberen Au 43a, 77797 Ohlsbach, Germany, Tel.: 01754836328, Email: info@schwarzwaldwaesserle.de. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for purely informational purposes – that is, when you do not register or otherwise provide us with information – we only collect the data that your browser transmits to the web server (so-called “server log files”). When you access our website, we collect the following data which is technically necessary to display the website to you:

The website you visited
The date and time of access
The amount of data transmitted in bytes
The source/referrer from which you arrived at the page
The browser used
The operating system used
The IP address used (possibly in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. No transmission to third parties or use for any other purposes is made. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (for example, orders or inquiries addressed to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the padlock icon in your browser’s address bar.

3) Hosting & Content Delivery Network (CDN)

3.1 Shopify

For hosting our website and displaying the page content, we use the system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data is also transmitted to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider which ensures the protection of our visitors’ data and prohibits any unauthorized transmission to third parties.

In the event of a data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a Content Delivery Network from the following provider:
Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA.

This service allows us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website, in accordance with Article 6(1)(f) of the GDPR. We have concluded a data processing agreement with the provider which ensures the protection of our visitors’ data and prohibits any unauthorized transmission to third parties.

For data transfers to the United States, the provider has joined the EU‑US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, guarantees compliance with the European level of data protection.

4) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow the storage of site preferences (so-called “persistent cookies”). In the latter case, you can check the storage duration in the cookie settings overview of your web browser.

Insofar as individual cookies that we use also process personal data, the processing is carried out in accordance with Article 6(1)(b) of the GDPR either for the performance of the contract, or (in the case of consent) in accordance with Article 6(1)(a), or in accordance with Article 6(1)(f) to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as effective and user-friendly navigation.

You can configure your browser to be informed about the setting of cookies and to decide individually on their acceptance, or to block cookies either in specific cases or in general.

Please note that if you refuse to accept cookies, the functionality of our website may be limited.

5) Contact

5.1 Loox

For review reminders, we use the services of the following provider:
Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel.

Exclusively on the basis of your explicit consent in accordance with Article 6(1)(a) of the GDPR, we transmit your email address and, if applicable, other customer data to the provider so that they may contact you via email with a review reminder.

You can withdraw your consent at any time, with effect for the future, either with us or directly with the provider.

We have concluded a data processing agreement with the provider which ensures the protection of our visitors’ data and prohibits any unauthorized transmission to third parties.

In the event of a data transfer to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 When you contact us (for example, via a contact form or email), personal data is processed – solely for the purpose of processing and responding to your inquiry and only to the extent strictly necessary. The legal basis for processing these data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) of the GDPR. If your contact relates to the conclusion of a contract, an additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once the circumstances indicate that the matter in question has been conclusively resolved and provided that no legal retention obligations exist.

6) Data Processing for Order Fulfillment

6.1 To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data we collect is transmitted, in accordance with Article 6(1)(b) of the GDPR, to the contracted shipping company and the contracted credit institution.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided during the order (name, address, email address) in order to inform you personally, via an appropriate communication method (for example, by mail or email) and within the legally prescribed period, about upcoming updates in accordance with Article 6(1)(c) of the GDPR. Your contact data is used strictly and exclusively for communications regarding updates owed by us and is processed only to the extent necessary for that particular information.

For the processing of your order, we also cooperate with the service provider(s) listed below, who assist us in part or in full with the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

6.2 Use of Payment Service Providers

- Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function on your device running iOS, watchOS, or macOS, by debiting a payment card stored in “Apple Pay”. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code previously set by you and verify using the “Face ID” or “Touch ID” function on your device.

For payment processing purposes, the information you provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts these data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay for the transaction. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number along with a transaction-specific, dynamic security code to the originating website to confirm the successful payment.

If personal data is processed during the transfers described, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and an indication of whether the transaction was successfully completed. Through anonymization, any reference to an individual is completely excluded. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorization device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the use of Apple Pay on your Mac in your iPhone settings by going to “Wallet & Apple Pay” and turning off “Allow Payments on Mac”.

For more information on data protection with Apple Pay, please visit: https://support.apple.com/de-de/HT203027

- Google Pay

If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing is carried out via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with NFC, by debiting a payment card stored in Google Pay or via a verified payment system (e.g., PayPal). To authorize a payment via Google Pay for an amount exceeding €25, it is necessary to unlock your mobile device beforehand using the verification method you have set up (e.g., facial recognition, password, fingerprint, or pattern).

For payment processing purposes, the information you provided during the ordering process, along with information about your order, is transmitted to Google. Google then transmits the payment information stored in Google Pay in the form of a transaction number, assigned only once, to the originating website, which is used to verify that a payment has been made. This transaction number contains no information about the actual payment data stored in Google Pay, but is created and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the transfers described, such processing is carried out exclusively for the purpose of payment processing in accordance with Article 6(1)(b) of the GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased provided by the merchant, any photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, where applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) of the GDPR on the basis of the legitimate interest in correct invoicing, verification of transaction data, and the optimization and maintenance of the Google Pay service.

Google further reserves the right to merge the processed transaction data with other information collected and stored when using other Google services.

The terms of use for Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

For further information on data protection with Google Pay, please visit:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- Klarna

On this website, one or more online payment methods from the following provider are available:
Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you select a payment method from the provider in which you make a prepayment (for example, credit card payment), your payment data provided during the ordering process (including your name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Article 6(1)(b) of the GDPR. The transmission of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for that purpose.

If you select a payment method in which the provider makes a prepayment (for example, invoice purchase, installment payment, or direct debit), you will also be required during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data regarding an alternative payment method).

In order to protect our legitimate interest in verifying the creditworthiness of our customers, these data are transmitted by us, in accordance with Article 6(1)(f) of the GDPR, to the provider for the purpose of a credit check. The provider checks, based on the personal data you provided as well as additional data (such as the contents of your shopping cart, the invoice amount, order history, and your payment experiences), whether the payment method you have selected can be granted with respect to the risks of non-payment and/or insolvency.

The credit report may include probability values (so-called “score” values). To the extent that score values are incorporated into the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. Among other data, but not exclusively, address data is taken into account in the calculation of the scores.

You may object to this processing of your data at any time by sending us a message or by contacting the provider directly. However, the provider may remain entitled to process your personal data if this is necessary for the contractual processing of the payment.

- PayPal

On this website, one or more online payment methods from the following provider are available:
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method from the provider in which you make a prepayment, your payment data provided during the ordering process (including your name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be transmitted to the provider in accordance with Article 6(1)(b) of the GDPR. The transmission of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for that purpose.

If you select a payment method for which we make the prepayment, you will also be required during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data regarding an alternative payment method).

To protect our legitimate interest in verifying your creditworthiness, these data are transmitted by us, in accordance with Article 6(1)(f) of the GDPR, to the provider for the purpose of a credit check. The provider checks, based on the personal data you provided as well as additional data (such as the contents of your shopping cart, the invoice amount, order history, and your payment experiences), whether the payment method you have selected can be granted with respect to the risks of non-payment and/or insolvency.

- Shopify Payments

On this website, one or more online payment methods from the following provider are available:
Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

7) Online Marketing

Goaffpro

We participate in the affiliate program of the following provider:
Oxybit Enterprises Pvt Ltd, 16, Sector 20, Part 1, HUDA, Sirsa, Haryana -125055, India.

In this context, we have placed links on our website that lead to offers on the provider’s or third parties’ websites (“Partner Sites”).

To measure the success of an affiliate link, to analyze orders generated via such a link, and to settle commission payments accordingly, the provider uses cookies and/or comparable technologies which are essentially set on the partner sites and for which we are not responsible from a data protection standpoint. In doing so, the provider regularly processes the IP address and, if applicable, further device information.

All of the processing described above – in particular, reading or storing information from the device you use – is only carried out if you have given your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent, which you have given once and for all, at any time with effect for the future by using the cookie consent management options on the partner sites.

8) Tools and Miscellaneous

Cookie Consent Tool

This website uses a “Cookie Consent Tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users upon accessing the site in the form of an interactive user interface, where consent for certain cookies and/or cookie-based applications can be given by ticking checkboxes. Through the use of this tool, all cookies/services requiring consent are only loaded if the respective user has given their consent by ticking the corresponding boxes. This ensures that such cookies are only set on the user's device in the event of consent being given.

The tool sets technically necessary cookies to store your cookie preferences. Personal data of users is generally not processed in this context.

In cases where, for the purpose of storing, associating, or logging cookie settings, personal data is nevertheless processed (for example, the IP address), such processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in having a legally compliant, user-specific, and user-friendly consent management system for cookies, and thus in ensuring a legally compliant design of our website.

Another legal basis for processing is also Article 6(1)(c) of the GDPR. As controllers, we are legally obliged to make the use of non-essential cookies dependent on obtaining the respective user’s consent.

If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our visitors’ data and prohibits any unauthorized transmission to third parties.

For more information about the operator and the configuration options of the Cookie Consent Tool, please consult the corresponding user interface directly on our website.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you the following rights in relation to the processing of your personal data by the controller (rights of access and intervention), for which the respective legal bases are referenced:

Right of access in accordance with Article 15 of the GDPR;
Right to rectification in accordance with Article 16 of the GDPR;
Right to erasure in accordance with Article 17 of the GDPR;
Right to restriction of processing in accordance with Article 18 of the GDPR;
Right to notification in accordance with Article 19 of the GDPR;
Right to data portability in accordance with Article 20 of the GDPR;
Right to withdraw your consent in accordance with Article 7(3) of the GDPR;
Right to lodge a complaint in accordance with Article 77 of the GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERWHELMING LEGITIMATE INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO SUCH PROCESSING, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS POSSIBLE IF WE CAN DEMONSTRATE COMPELLING PROTECTABLE REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the applicable legal basis, the purpose of the processing, and, where applicable, by the statutory retention period (for example, commercial and tax retention periods).

For processing personal data on the basis of explicit consent in accordance with Article 6(1)(a) of the GDPR, the affected data will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) of the GDPR, these data will be routinely deleted after the retention periods expire, provided that they are no longer necessary for the fulfillment or initiation of the contract and/or if we no longer have a legitimate interest in their further storage.

For processing personal data on the basis of Article 6(1)(f) of the GDPR, these data will be stored until you exercise your right to object in accordance with Article 21(1) of the GDPR, unless we can demonstrate compelling protectable reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing is necessary for the assertion, exercise, or defense of legal claims.

For processing personal data for the purpose of direct marketing on the basis of Article 6(1)(f) of the GDPR, these data will be stored until you exercise your right to object in accordance with Article 21(2) of the GDPR.

Unless otherwise stated in the specific information regarding particular processing situations, stored personal data will be deleted once it is no longer necessary for the purposes for which it was collected or processed.

Your cart is empty

Your cart

Subtotal