Disclaimer & Privacy
What data do we collect?
When you visit our website or shop, we collect
- Your browser type (Firefox, Safari, Chrome, Bing etc.),
- The pages of our website and/or shop that you visit,
- Your operating system (Windows, OS, Android etc.),
- Your anonymised IP address.
This data is stored and used without any relation to you as a person.
When you register with our online shop, we save your personal data such as your title, full name, contact details (telephone, email address), billing and delivery addresses and order details.
To ensure the safety of your personal data, e.g. when you log into your account and during the ordering process, we use SSL encryption. While your data is being transferred to our web servers, your data will be made unrecognisable to third parties, who will not be able to restore it.
We do not save any payment data regarding credit cards, PayPal accounts or other payment services or systems. If you provide us with a written SEPA direct debit authorisation, then we will save the account provided by you in writing.
Data collection in our online shop takes place using cookies and direct entry by you.
What happens to my data?
Your personal data will only be used for certain purposes, such as
- To process your orders or provide services,
- To ensure security in ordering and payment processes (credibility checks when making purchases on account, fraud prevention),
- To advertise (using newsletters, retargeting) our products,
- To fulfil statutory requirements,
Data is only processed in regard to individual cases.
The controllers in the sense of data protection law, in particular the EU’s General Data Protection Regulation (GDPR), are:
Michael Brink and Jörg Ziegler
GREENBOX GmbH & Co. KG
D - 28217 Bremen
Your Data Subject Rights
You can use the contact details provided to exercise the following rights:
- Get information about your data saved by us and its processing,
- Correct incorrect personal data,
- Delete data about you stored by us,
- Limit data processing insofar as we cannot delete your data due to legal obligations,
- Object to our processing of your data and
- Data transferability insofar as you approved the data processing or entered into a contract with us.
If you have granted us any consent, you can revoke this at any time with effect for the future.
You can complain to the responsible supervisory authority at any time. Your responsible supervisory authority depends on which state you live or work in or where your rights were allegedly violated. You can find a list of supervisory authorities (for non-public fields) with addresses here: Data protection agent addresses.
Purpose of Data Processing by the Controller and Third Parties
- You have granted your express permission,
- The processing is necessary to complete a contract with you,
- The processing is necessary to fulfil a legal obligation,
The processing is necessary to uphold legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in your data not being passed on.
Collection of General Information upon Visiting our Website
When you access our website, general information will automatically be collected using a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is only information that cannot be used to trace back to you.
This information is technically necessary to correctly provide you with the content requested by you and is needed to use the internet. It will be processed especially for the following purposes:
- Ensuring a proper connection with the website,
- Ensuring the smooth use of our website,
- Evaluating system security and stability as well as
- Further administrative purposes.
The processing of your personal data is based on our legitimate interest in data processing for the stated purposes. We do not use your data to trace back to you. Data recipients only include the controllers and any subcontractors.
Anonymous information of this type may be statistically evaluated by us in order to optimise our internet presence and the technology behind it.
Registering on Our Website
Data transmission DPD for the purpose of package notification
As part of the shipping process, we transmit on the basis of the EU General Data Protection Regulation Article 6(1f) your data (name, address, if necessary email address and / or cell phone number, as well as other, shipment-related data) to our shipping partner DPD Deutschland GmbH. You can object to the transmission of additional information such as email or cell phone number at DPD email@example.com or with each package information via a link at any time.
In order to protect the security of your data during transfers, we use an encryption process (e.g. SSL) that complies with the current state of the art.
When users leave comments on our website, these are saved along with data regarding the time of their creation and the user name chosen by the website visitor. This is for our safety, as we may be prosecuted for unlawful content on our website, even if this is created by users.
Cookies cannot be used to start programmes or transfer viruses to a computer. Using the information contained in the cookies, we can make it easier for you to navigate our website and ensure that it is displayed properly.
The data collected by us will not be passed onto third parties or linked to personal data without your consent.
Based on your express consent, we will regularly send you our newsletter and/or similar information via email to the email address provided by you.
In order to receive the newsletter, it is sufficient to provide your email address. The information you provide when signing up to our newsletter will only be used for this purpose. Subscribers may also be informed via email of circumstances relevant for the service or registration (such as changes to newsletter subscription or technical matters).
We need a valid email address for a valid registration. To check that registration was actually requested by the owner of the email address, we use a “double opt-in” process. To this end, we log the ordering of the newsletter, the sending of a confirmation email and the receipt of the requested response. Further data is not collected. Data is only used to send the newsletter and is not passed onto third parties.
If you contact us with questions of any kind by e-mail or contact form, you give us your voluntary consent for the purpose of contacting us. We use the "Freshdesk" service to process the inquiries. The provider of this service is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 (hereinafter “Freshdesk”).
When you open a support ticket via Freshdesk, the data you provide will be transmitted to Freshworks and stored on their servers in the USA. Freshworks also transmits this data to external service providers in order to be able to offer Freshdesk's services. For this purpose, Freshworks has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active).
The transmission of your data to Freshdesk takes place on the basis of Art. 6 Para. 1 lit. a GDPR (consent). You have the option of withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.
You can find more information about data usage by Freshdesk in Freshdesk's data protection declaration: https://freshdesk.de/datenschutz/dsgvo/.
Live chat function
We use the Freshchat live chat from Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo CA 94403, USA (“Freshworks”). You can use the live chat like a contact form to chat with our employees in almost real time.
Depending on the course of the conversation with our employees, personal data may arise in the chat, which you enter. The type of this data depends heavily on your request or the problem you describe to us. The processing of all this data serves to provide you with a quick and efficient contact option and thus to improve our customer service.
By using Freshchat, the data you provide will be transmitted to Freshworks and stored on their servers in the USA. Freshworks also transmits this data to external service providers in order to be able to offer Freshchat's services. For this purpose, Freshworks has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active).
Freshchat uses "cookies", text files that are stored on your computer and enable you to carry out personal real-time chats on biologischverpacken.de/en. This serves the purpose of saving you extensive explanations about the history of your request and for constant quality control of our live chat offer. Processing is therefore permitted in accordance with Art. 6 Paragraph 1 Letters b and f GDPR. If you do not wish this, you are welcome to let us know using the contact details listed below. Saved live chats will then be deleted by us immediately. If you want to object to the storage of cookies on biologischeverpacken.de/en, you can do this directly in the lower area of our website under "Cookie Settings".
The storage of the chat data also serves the purpose of guaranteeing the security of our information technology systems. This is also our legitimate interest, which is why processing is permissible according to Art. 6 Paragraph 1 Letter f GDPR.
Further information on the topic of Freshworks and data protection can be found here: https://www.freshworks.com/privacy/.
Use of Google Analytics
You can prevent the storage of cookies by altering your browser software settings; we must make you aware, however, that you may not be able to use all website functions if you do so. You can also prevent Google from collecting the data created by the cookies about your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available using the following link: browser add-on to deactivate Google Analytics.
Alternatively, or in addition to the browser add-on, you can prevent Google Analytics from tracking on our website by clicking on the following link. This will install an opt-out cookie on your device. This will prevent Google Analytics from collecting information for this website and this browser in future, for as long as the cookie remains installed on your browser.
Use of Google Optimize
Our website also uses Google Optimize. Google Optimize analyses the use of various versions of our website in order to improve the user-friendliness of our website. Google Optimize is a sub-service of Google Analytics. See ‘Use of Google Analytics’.
Use of Script Libraries (Google Webfonts)
In order to properly graphically display our content across browsers, we use script libraries and font libraries such as Google Webfonts on this website. Google Webfonts are transferred in order to avoid multiple loading in your browser cache. If your browser does not support Google Webfonts or limits access, content will be shown in standard fonts.
Accessing script libraries or font libraries automatically creates a connection to the library’s operator. It is theoretically possible for the operators of these libraries to collect data - although it is currently unclear whether this occurs or for what purpose.
Use of Adobe Typekit
Use of Google Maps
Detailed instructions on managing your data regarding Google products.
Use of IntelliAd
This website uses the web analysis service and bid management service provided by intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich. In order to design and optimise this website to suit your needs, anonymous user data is processed, pooled and saved as well as used to create user profiles. When using intelliAd tracking, local cookie storage takes place. You have the right to object to the processing of your user data. You can use the intelliAd opt-outfunction.
Embedded YouTube Videos
We embed YouTube videos onto some of our website pages. The plug-ins are operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection will be created to YouTube’s servers. YouTube will hereby be informed of which pages you have visited. If you are logged into your YouTube account, YouTube can allocate your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account in advance.
If you have deactivated the storage of cookies for the Google Ad programme, you will not have to deal with any such cookies when viewing YouTube videos. However, YouTube also uses other cookies to collect non-personal user data. If you would like to prevent this, you will have to block the saving of cookies in your browser.
Our website uses Google conversion tracking. If you click on a Google ad on our website, Google Adwords will place a cookie on your computer. The conversion tracking cookie is used when a user clicks on a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie is still valid, we and Google can identify that the user has clicked on the ad and been forwarded to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookies serves to create conversion statistics for AdWords customers that have opted for conversion tracking. The customers find out the total number of users that have clicked on their ads and been forwarded to the intended page with a conversion tracking tag. They do not receive any information that can be used to personally identify users.
If you do not want to take part in the tracking, you can reject all necessary cookies - by adjusting your browser settings to either generally deactivate cookies or to block cookies from the domain ‘googleleadservices.com’.
Please note that you cannot delete the opt-out cookies for as long as you do not want to be included in the measurement data. If you delete all cookies in your browser, you have to re-install the opt-out cookie.
Use of Facebook, Google+, Twitter and Instagram Plug-Ins
Insofar as we use social plugins (‘plug-ins’) for the social networks Facebook and Google+ and the micro-blogging services Twitter and Instagram on our website, the following applies: These services are provided by Facebook Inc., Google Inc., Twitter Inc. and Instagram LLC (‘providers’).
- Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). You can find an overview of Facebook plug-ins and how they look here: Facebook for developers
- Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). You can find an overview of Google plug-ins and how they look here: Google developers
- Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103. You can find an overview of Twitter buttons and how they look here: Twitter buttons
- Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’).You can find an overview of Instagram badges and how they look here: Instagram badges
When you visit a page on our website that contains any such plug-in, your browser creates a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plug-in will be transferred directly to your browser from the relevant provider and connected to the page. By connecting to the plug-in, the provider is informed that your browser has accessed the relevant page of our website even if you do not have a profile or are currently logged out of your profile. This information (including your IP address) will be transferred from your browser directly to a server of the relevant provider in the USA and stored there. If you logged into one of the services, the provider can allocate your visit to our website to your profile on Facebook, Google+, Twitter and/or Instagram. When you interact with the plug-ins, such as by clicking ‘Like’, ‘+1’, ‘Tweet’ or the ‘Instagram’ button, the relevant information will be transferred directly to the provider’s server and stored there. The information will be published on the social network, on your Twitter/Instagram account and shown to your contacts there.
If you do not want Google, Facebook, Twitter or Instagram to allocate data collected via our website to your profile on the relevant service, you must log out of the relevant service before visiting our website. You can prevent the plug-ins from loading with add-ons (script blockers) for your browser. Please search for the relevant add-ons in your browser’s add-on/settings help section.
This website uses retargeting services from the following providers:
Retargeting technology allows visitors to our website to be targeted with personalised, interest-based advertising when they have already expressed interest in or shop and our products. The advertisement is displayed based on a cookie-based analysis of previous user behaviour, whereby no personal data is saved. When retargeting technology is used, a cookie is saved to your computer or mobile end device in order to collect anonymised data about your interests and so the advertising will be individually customised to suit the saved information. These cookies are small text files that are saved to your computer or mobile end device. This means that you will be shown advertising that will probably comply with your interests in products and information.
If you do not wish to take part in Facebook Custom Audiences, you can deactivate Custom Audiences.
Embedding the Trusted Shops Trustbadge
In order to display our Trusted Shops seal and any reviews, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge is embedded on this website.
When accessing the Trustbadge, the web server automatically saves a server log file that contains your IP address, the date and time of your visit, the amount of data transferred and the requesting provider (access data), and documents the access. Individual access data is saved for the analysis of security anomalies in a security database. The log files are automatically deleted 90 days after creation at the latest.
Further personal data is transferred to Trusted Shops GmbH if you have opted to use Trusted Shops products after placing an order or have already registered for such use. The contractual agreement made between you and Trusted Shops applies. To this end, personal data is automatically collected from the order data. Whether you have already registered for product use as a buyer shall be established using a neutral parameter, an email address hashed using a one-off cryptographic function. The email address will be converted into a hashed value that cannot be decrypted by Trusted Shops. Once a match has been established, the parameter shall be automatically deleted.
If you have any questions about data protection, please email or call us on:
GREENBOX GmbH & Co. KG
0049 (0)421 24687870
All the best,
Your Greenbox team