Privacy Policy

{“title”:””,”content”:”

\r\n

(Version: Green Dragon Shop – Germany; in compliance with GDPR / BDSG / TTDSG)

\r\n

1. Controller and Contact

\r\n

Controller: Green Dragon Shop (side business – Nebengewerbe)
Address: Dahlener Straße 151.5, 41239 Mönchengladbach, Germany
E-mail: [email protected]
Phone: +49 173 8525383
Responsible person (as per §5 TMG): Filip Krzyzak
Data Protection Officer: Not appointed.

\r\n

2. Categories of Processed Data

\r\n

We process, among others, the following personal data:

\r\n

\r\n
Name and surname,
\r\n
\r\n
Delivery and billing address,
\r\n
\r\n
E-mail address, phone number,
\r\n
\r\n
Account data (passwords encrypted),
\r\n
\r\n
Order history,
\r\n
\r\n
IP address, device and browser information,
\r\n
\r\n
Analytical data,
\r\n
\r\n
Payment data (e.g., transaction IDs with the payment provider),
\r\n
\r\n
Electronic communication data (e.g., emails, contact forms),
\r\n
\r\n
Product reviews and opinions.
\r\n

\r\n

3. Purposes and Legal Basis of Processing

\r\n

\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n

Purpose	Legal Basis (Art. 6 GDPR)
Contract performance / order processing	b
Customer account management	b
Customer support and communication	f – legitimate interest in responding effectively to inquiries
Newsletter (Double Opt-In)	a (consent)
Analytics and statistics (e.g., Google Analytics)	a or f for anonymous measurement
Marketing / remarketing (e.g., Meta Pixel)	a (consent)
Legal obligations (taxes, accounting)	c
Website security (server logs, fraud prevention)	f

\r\n

4. Recipients and Data Processors

\r\n

\r\n
Hosting and shop operation: Bluehost
\r\n
\r\n
Shop platform: WordPress / WooCommerce (Automattic Inc., USA) – based on SCC
\r\n
\r\n
Analytics and marketing: Google (Analytics), Meta (Pixel)
\r\n
\r\n
Newsletter: Brevo
\r\n
\r\n
Payments: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg; Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
\r\n
\r\n
Shipping: DHL
\r\n
\r\n
Accounting: Lexware (Haufe-Lexware GmbH & Co. KG, Freiburg, Germany)
\r\n

\r\n

Data Processing Agreements (DPA) have been concluded with all processors in accordance with Art. 28 GDPR.

\r\n

5. Data Transfers to Third Countries

\r\n

Transfers to countries outside the EU/EEA (e.g., the USA) may occur.
Legal bases:

\r\n

\r\n
Standard Contractual Clauses (SCC),
\r\n
\r\n
EU–U.S. Data Privacy Framework (where applicable and certified).
\r\n

\r\n

6. Data Retention

\r\n

\r\n
Order and invoice data: until the end of the statutory retention period (usually up to 10 years).
\r\n
\r\n
Customer account data: until deletion.
\r\n
\r\n
Newsletter data: until consent withdrawal.
\r\n
\r\n
Data processed on the basis of legitimate interest: until objection or the purpose ceases.
\r\n
\r\n
Data processed based on consent: deleted immediately after withdrawal, unless further storage is required by law.
\r\n

\r\n

7. Rights of Data Subjects

\r\n

You have the right to:

\r\n

\r\n
access your data (Art. 15 GDPR),
\r\n
\r\n
rectify your data (Art. 16 GDPR),
\r\n
\r\n
erase your data (\”right to be forgotten\”, Art. 17 GDPR),
\r\n
\r\n
restrict processing (Art. 18 GDPR),
\r\n
\r\n
data portability (Art. 20 GDPR),
\r\n
\r\n
object to processing (Art. 21 GDPR),
\r\n
\r\n
withdraw consent (Art. 7(3) GDPR).
\r\n

\r\n

To exercise your rights, please contact us at [email protected].

\r\n

You also have the right to lodge a complaint with the supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
https://www.ldi.nrw.de
or the Federal Commissioner for Data Protection and Freedom of Information (BfDI):
https://www.bfdi.bund.de

\r\n

8. Voluntary Nature of Data Provision

\r\n

Providing personal data is voluntary, but necessary for order processing, delivery, customer account management, or newsletter subscription.

\r\n

9. Cookies and Consents

\r\n

We use essential cookies as well as analytical and marketing cookies – only with your consent.
Consents are managed through a Consent Management Platform (CMP).

\r\n

Consent Management (CMP):
Our website uses Complianz GDPR/CCPA Cookie Consent (Complianz B.V., The Netherlands) to obtain, store, and document user consents for the use of cookies in compliance with GDPR and TTDSG requirements.

\r\n

You can change your cookie settings at any time via the \”Cookie Settings\” link in the footer.
The legal basis for cookie use is Art. 6(1)(a) GDPR in conjunction with §25 TTDSG.
Details can be found in our Cookie Policy.

\r\n

10. Server Logs

\r\n

Each visit to the website automatically generates technical data (so-called server logs): IP address, date and time, browser type, operating system, referring URL.
These data are used solely for technical and security purposes (e.g., detecting abuse) and are not combined with other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

\r\n

11. Social Media Plugins

\r\n

Our website may contain links or plugins to social media platforms (e.g., Facebook, Instagram).
When clicking such a link, data (e.g., IP address, browser ID) may be transmitted to the respective provider.
We have no control over further data processing by these entities.
Legal basis: your consent (Art. 6(1)(a) GDPR).

\r\n

12. Minors

\r\n

Our offer is not directed at persons under 18 years of age.
If we become aware that we have received data from a minor, such data will be deleted immediately and access will be blocked.

\r\n

13. Data Security

\r\n

We apply appropriate technical and organizational measures to protect data from loss, destruction, or unauthorized access, including:

\r\n

\r\n
encrypted connections (HTTPS/TLS),
\r\n
\r\n
access and permission management,
\r\n
\r\n
password encryption,
\r\n
\r\n
regular backups.
\r\n

\r\n

14. Contact

\r\n

For any data protection matters, please contact us:
📧 E-mail: [email protected]
📄 Contact form: [insert link if available]
📅 Last updated: October 25, 2025

“}