Privacy policy

Information according to § 5 TMG



Alexandra Burger
Alexandra Burger Wool & Forest
Alfons-Feifel-Str. 59
73037 Göppingen
Germany

VAT ID: DE342703517
LUCID-ID: DE3596015628427
tax-no.: 63143/06573
Gewerbeschein-Nr.: 202100000158

IBAN DE 50 6103 0000 0228 70
BIC MARBDE6G

Tel.: 0157738036
E-Mail: shop@woolandforest.de

Privacy policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is all data with which you can be personally identified.

1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Alexandra Burger, Alexandra Burger Wool and Forest, Alfons-Feifel-Str. 59, 73037 Göppingen, Deutschland, Tel.: 015773808036, E-Mail: woolandforest@gmail.com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.


2) Data collection when visiting our website
2.1 If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the site server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting y Red de Entrega de Contenidos
3.1 Shopify
For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have entered into a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
3.2 Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA
This service allows us to deliver large media files such as graphics, page content, or scripts more quickly through a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
4) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Partially, these cookies are automatically deleted after closing the browser (so-called "session cookies"), while some cookies remain on your device for a longer period and allow the saving of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You can configure your browser to be informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for specific cases or generally.
Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting
In the context of contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary for this purpose.
The legal basis for processing this data is our legitimate interest in addressing your concern in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a contract, then an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided that there are no legal retention obligations to the contrary.
6) Data processing when opening a customer account
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the necessary extent when you provide it to us when opening a customer account. Which data is required for opening an account can be found in the input mask of the corresponding form on our website.
Deleting your customer account is possible at any time and can be done by sending a message to the aforementioned address of the responsible party. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded in this context have been fully settled, no legal retention periods are opposed, and we have no legitimate interest in further storage.
7) Data processing for order processing
7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided when placing the order (name, address, email address) to personally inform you about upcoming updates within the legally stipulated period via an appropriate communication channel (such as by post or email) in accordance with our legal obligation to provide information pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who assist us in whole or in part with the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

7.2 Transfer of personal data to shipping service providers
- Deutsche Post
As a transport service provider, we use the following provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
We provide your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent during the ordering process. Otherwise, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The transfer is only carried out to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future towards the above-mentioned responsible party or towards the provider. - DHL
As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
We provide your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent during the ordering process. Otherwise, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The transfer is only carried out to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future towards the above-mentioned responsible party or towards the provider. - DHL Express
As a transport service provider, we use the following provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany
We provide your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent during the ordering process. Otherwise, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The transfer is only carried out to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future towards the above-mentioned responsible party or towards the provider. - DHL Express Austria
As a transport service provider, we use the following provider: DHL Express (Austria) GmbH, Am Europlatz 2 (Building G), 1120 Vienna
We provide your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent during the ordering process. Otherwise, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The transfer is only carried out to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the above-mentioned responsible party or the provider. - Austrian Post
As a transport service provider, we use the following provider: Austrian Post AG, Rochusplatz 1, 1030 Vienna, Austria
We provide your email address and/or phone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your explicit consent during the ordering process. Otherwise, we will only provide the recipient's name and delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The transfer is only carried out to the extent necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or the delivery announcement is not possible.
The consent can be revoked at any time with effect for the future towards the above-mentioned responsible party or towards the provider. - UPS
As a transport service provider, we use the following provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 4146

7.3 Use of Payment Service Providers (Payment Services)
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out through the "Apple Pay" function on your device running iOS, watchOS, or macOS by charging a payment card stored in "Apple Pay." Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. For the approval of a payment, the entry of a code previously set by you and verification using the "Face ID" or "Touch ID" function of your device is therefore required.
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment's success.
If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and an indication of whether the transaction was successfully completed. Through anonymization, any personal reference is completely excluded. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on the iPhone or Apple Watch to complete a purchase you made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027 - Paypal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
When selecting a payment method from the provider that requires you to pay in advance, your payment data provided during the ordering process (including name, address, bank and credit card information, currency, and transaction number) as well as information about the content of your order will be forwarded to them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is carried out exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
When selecting a payment method where we advance the payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data for an alternative payment method) during the ordering process.
To protect our legitimate interest in assessing your creditworthiness in such cases, this data will be forwarded to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. The provider checks, based on the personal data you have provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment method you have selected can be granted in terms of payment and/or default risk.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. In the calculation of the score values, address data is included among other things, but not exclusively.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contract-compliant payment processing. - Shopify Payments
On this website, one or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
When selecting a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared with them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is carried out exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. - Stripe
On this website, one or more online payment methods from the following provider are available: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
When selecting a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared with them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is carried out exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
When selecting a payment method where the provider takes the lead (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly data for an alternative payment method) during the ordering process.

To protect our legitimate interest in determining the creditworthiness of our customers, this data is forwarded to the provider in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of a credit check. The provider checks, based on the personal data you have provided as well as other data (such as shopping cart, invoice amount, order history, payment experiences), whether the payment method you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. In the calculation of the score values, address data is included among other things, but not exclusively.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing. - SumUp
On this website, one or more online payment methods from the following provider are available: SumUp Limited, Block 8, Harcourt Centre, Charlotte Way, Dublin 2, Ireland D02 K580
When selecting a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provided during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order will be shared with them in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is carried out exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

8) Web analysis services
Google Tag Manager
This website uses the "Google Tag Manager," a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").
The Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and for calibrating, controlling, and conditional linking them through a unified user interface. The Google Tag Manager itself does not store information on user devices or read it. The service also does not perform independent data analyses. However, when a page is accessed, your IP address is transmitted to Google by the Google Tag Manager and may be stored there. A transmission to servers of Google LLC in the USA is also possible.
This processing is only carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, the use of Google Tag Manager will not take place during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service in the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further legal information about Google Tag Manager can be found at https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy?hl=de&gl=de

9) Page functionalities
Google Maps
This website uses an online mapping service from the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. By using this service, our location will be displayed to you and any potential journey will be made easier.
Already when accessing those subpages where the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to and stored on Google servers, and this may also involve transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for non-logged-in users) as usage profiles and analyzes them.
The collection, storage, and evaluation are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on Google's legitimate interest in displaying personalized advertising, market research, and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google in the context of using Google Maps, there is also the possibility to completely deactivate the Google Maps web service by disabling the JavaScript application in your browser. Google Maps and thus the map display on this website cannot be used then.
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future. To exercise your right of withdrawal, please follow the above-mentioned procedure for making an objection.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further information on Google's privacy policies can be found here: https://business.safety.google/intl/de/privacy/

9) Page functionalities
Google Maps
This website uses an online mapping service from the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. By using this service, our location will be displayed to you and any potential journey will be made easier.
Already when accessing those subpages where the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to and stored on Google's servers, and this may also involve transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for non-logged-in users) as usage profiles and analyzes them.
The collection, storage, and evaluation are carried out in accordance with Art. 6 para. 1 lit. f GDPR based on Google's legitimate interest in displaying personalized advertisements, market research, and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google in the context of using Google Maps, there is also the option to completely deactivate the Google Maps web service by disabling the JavaScript application in your browser. Google Maps and thus the map display on this website cannot be used then.
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please follow the aforementioned method for making an objection.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
Further information on Google's privacy policies can be found here: https://business.safety.google/intl/de/privacy/

11) Rights of the Data Subject
11.1 The applicable data protection law grants you the following rights (rights of access and intervention) against the controller regarding the processing of your personal data, with the respective conditions for exercise referring to the cited legal basis:
Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to deletion according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to information according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw given consents according to Art. 7 para. 3 GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.
11.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH FUTURE EFFECT.
EXERCISE YOUR RIGHT TO OBJECT, WE WILL TERMINATE THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING PROTECTABLE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is determined based on the respective legal basis, the purpose of processing, and – if applicable – additionally based on the respective statutory retention period (e.g., commercial and tax law retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you withdraw your consent.
If there are statutory retention periods for data processed within the framework of contractual or contract-like obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for the purpose of direct marketing based on Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

List of cookies
Essential Cookies
Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.