Data Protecetion Declaration

Introduction and Controller Details
Data Collection When Visiting Our Website
Use of Cookies
Contact and Customer Account
Direct Marketing
Order Processing
Online Marketing and Analytics
Website Functionalities
Tools and Miscellaneous
Data Subject Rights
Retention Period of Personal Data

1. Introduction and Controller Details

1.1 We are delighted about your visit to our website and your interest in our offerings. This privacy policy informs you about the processing of your personal data (data that can identify you) when using our website.
1.2 The controller under the General Data Protection Regulation (GDPR) is:
Cloudwalker GmbH
Adlerstr. 48
76297 Stutensee
Germany
Tel.: +49 7244 9499100
Fax: +49 7244 9499102
Email: info@wandalas.de
Please feel free to contact us with any data protection inquiries.

2. Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes (without registering or submitting data), we collect only technically necessary data via server log files:

Visited website

Date and time of access

Data volume in bytes

Referrer (source page)

Browser and operating system

- IP address (anonymized)
  Legal basis is Art. 6(1)(f) GDPR (legitimate interest in security and stability). Data is not shared unless there’s evidence of illegal use, prompting subsequent review.

2.2 We use SSL/TLS encryption, recognizable by “https://” and the lock icon, to protect your data during transmission.

3. Use of Cookies

3.1 We use cookies—small files stored on your device—to enhance usability and functionality. Session cookies are deleted after your session ends; persistent cookies remain longer (see browser settings for retention periods).
3.2 Processing occurs based on:

Art. 6(1)(b) GDPR (contract fulfillment),

Art. 6(1)(a) GDPR (consent), or

- Art. 6(1)(f) GDPR (legitimate interest in functionality).

3.3 You can manage or disable cookies in your browser, which may limit website functionality. Details and options are available in our Cookie Consent Tool (Section 9.2).

4. Contact and Customer Account

4.1 Contact: When you reach out (e.g., via form or email), we process your data solely to address your request, based on Art. 6(1)(f) GDPR (interest in responding) or Art. 6(1)(b) GDPR (contract). Data is deleted once resolved, unless retention obligations apply.
4.2 Customer Account: For account creation, we collect necessary data (see input form) per Art. 6(1)(b) GDPR. You can delete your account anytime by contacting us; data is then removed unless legal requirements prevent this.

5. Direct Marketing

5.1 Newsletter Subscription: With your email and optional details, we send newsletters after double-opt-in confirmation (Art. 6(1)(a) GDPR). IP address and signup time are logged for proof. Unsubscribe anytime via the newsletter link or by contacting us; your data will then be deleted.
5.2 Existing Customer Marketing: We may use purchase-provided email addresses for offers on similar products (Art. 6(1)(f) GDPR, § 7(3) UWG). You can object free of charge; usage will then cease.

6. Order Processing

6.1 For contract fulfillment, we share data with shipping and payment providers (Art. 6(1)(b) GDPR). For digital product updates, we inform you per Art. 6(1)(c) GDPR.
6.2 Shipping Providers: Name, address, and optionally phone number are shared with shipping partners (Art. 6(1)(b) GDPR):

Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

GLS Germany, GLS Germany-Straße 1–7, 36286 Neuenstein, Germany

PostNord, PostNord Deutschland GmbH, Ludwig-Erhard-Ring 7, 15827 Blankenfelde-Mahlow, Germany

UPS, Görlitzer Straße 1, 41460 Neuss, Germany

- FedEx, FedEx Express Germany GmbH, Langer Kornweg 34, 65451 Kelsterbach, Germany
  With your consent (Art. 6(1)(a) GDPR), email or phone may be used for delivery notifications; this is revocable.

6.3 Payment Providers:

PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (Art. 6(1)(b) GDPR; credit checks per Art. 6(1)(f) GDPR).

Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland (Art. 6(1)(b) GDPR; credit checks per Art. 6(1)(f) GDPR).
Payment data is shared only as necessary.

7. Online Marketing and Analytics

7.1 Google AdSense: We use Google AdSense (Google Ireland Limited, Dublin) for ads. Cookies and web beacons collect data (e.g., IP address) for analysis, only with your consent (Art. 6(1)(a) GDPR). Revocable via the Cookie Consent Tool. Data may be transferred to Google LLC, USA (EU-US Data Privacy Framework). More at: https://www.google.de/policies/privacy/.
7.2 Google Analytics 4: We use Google Analytics 4 (Google Ireland Limited) for analysis. With your consent (Art. 6(1)(a) GDPR), cookies are set; IP addresses are anonymized and stored for 2 months. Revocable via the Cookie Consent Tool. Data transfer to the USA under EU-US Data Privacy Framework. Details: https://policies.google.com/privacy.

8. Website Functionalities

8.1 Google Maps: We use Google Maps (Google Ireland Limited) for location display. Data (e.g., IP address) is transferred upon access (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR) is revocable. Data transfer to USA: EU-US Data Privacy Framework.
8.2 Google reCAPTCHA: For security, we use reCAPTCHA (Google Ireland Limited), checking IP addresses and user data (Art. 6(1)(f) GDPR). Data transfer to USA: EU-US Data Privacy Framework.

9. Tools and Miscellaneous

9.1 Lexoffice: Accounting is handled via Haufe-Lexware GmbH & Co. KG, Freiburg (Art. 6(1)(f) GDPR – efficient organization).
9.2 Cookie Consent Tool: We use a tool to manage your cookie consents (Art. 6(1)(f/c) GDPR – legal compliance). Essential cookies store preferences without personal data.
9.3 Elasticsearch: Search functions are provided by Elastic, USA (Art. 6(1)(f) GDPR – optimal marketing). Data transfer to USA: Standard Contractual Clauses.

10. Data Subject Rights

10.1 You have the following rights:

Access (Art. 15 GDPR)

Rectification (Art. 16 GDPR)

Erasure (Art. 17 GDPR)

Restriction (Art. 18 GDPR)

Data portability (Art. 20 GDPR)

Withdrawal of consent (Art. 7(3) GDPR)

- Complaint to a supervisory authority (Art. 77 GDPR).

10.2 Right to Object: For processing based on legitimate interests (Art. 6(1)(f) GDPR), you may object for personal reasons. For direct marketing, processing stops immediately upon objection.

11. Retention Period of Personal Data

11.1 Retention depends on legal basis and purpose:

Consent (Art. 6(1)(a) GDPR): Until revoked.

Contract (Art. 6(1)(b) GDPR): Until contract end, then statutory retention periods (e.g., 10 years per HGB/AO).

- Legitimate interest (Art. 6(1)(f) GDPR): Until objection or purpose ceases, unless legal claims apply.

11.2 Absent conflicting rules, we delete data when no longer needed for its purpose.

Name

Description

Lifetime

ADD_TO_CART

(Adobe Commerce only) Used by Google Tag Manager

1 Year

GUEST-VIEW

Stores the Order ID that guest shoppers use to retrieve their order status. Guest orders view. Used in Orders and Returns widgets

1 Year

LOGIN_REDIRECT

Preserves the destination page that was loading before the customer was directed to log in

1 Year

MAGE-BANNERS-CACHE-STORAGE

(Adobe Commerce only) Stores banner content locally to improve performance

1 Year

MAGE-MESSAGES

Tracks error messages and other notifications that are shown to the user

1 Year

MAGE-TRANSLATION-STORAGE

Stores translated content when requested by the shopper

1 Year

MAGE-TRANSLATION-FILE-VERSION

Tracks the version of translations in local storage

1 Year

PRODUCT_DATA_STORAGE

Stores configuration for product data related to Recently Viewed/Compared Products

1 Year

RECENTLY_COMPARED_PRODUCT

Stores product IDs of recently compared products

1 Year

RECENTLY_COMPARED_PRODUCT_PREVIOUS

Stores product IDs of previously compared products for easy navigation

1 Year

RECENTLY_VIEWED_PRODUCT

Stores product IDs of recently viewed products for easy navigation

1 Year

RECENTLY_VIEWED_PRODUCT_PREVIOUS

Stores product IDs of recently previously viewed products for easy navigation

1 Year

REMOVE_FROM_CART

(Adobe Commerce only) Used by Google Tag Manager

1 Year

STF

Records the time messages are sent by the SendFriend

1 Year

X-MAGENTO-VARY

Configuration setting that improves performance when using Varnish static content caching

1 Year

FORM_KEY

A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery

1 Year

MAGE-CACHE-SESSID

The value of this cookie triggers the cleanup of local cache storage

1 Year

MAGE-CACHE-STORAGE

Local storage of visitor-specific content that enables ecommerce functions

1 Year

MAGE-CACHE-STORAGE-SECTION-INVALIDATION

Forces local storage of specific content sections that should be invalidated

1 Year

PERSISTENT_SHOPPING_CART

Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper

1 Year

PRIVATE_CONTENT_VERSION

Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server

1 Year

SECTION_DATA_IDS

Stores customer-specific information related to shopper-initiated actions, such as wish list display and checkout information

1 Year

STORE

Tracks the specific store view/locale selected by the shopper

1 Year

Name	Description	Lifetime
CUSTOMER_SEGMENT_IDS	Stores your Customer Segment ID	1 Year
EXTERNAL_NO_CACHE	A flag that, indicates whether caching is on or off	1 Year
FRONTEND	Your session ID on the server	1 Year
GUEST-VIEW	Allows guests to edit their orders	1 Year
LAST_CATEGORY	The last category you visited	1 Year
LAST_PRODUCT	The last product you looked at	1 Year
NEWMESSAGE	Indicates whether a new message has been received	1 Year
NO_CACHE	Indicates whether it is allowed to use cache	1 Year

Name	Description	Lifetime
MG_DNT	Allows you to restrict Adobe Commerce data collection if you have custom code to manage cookie consent on your site	1 Year
USER_ALLOWED_SAVE_COOKIE	Used for cookie restriction mode	1 Year
AUTHENTICATION_FLAG	Indicates if a shopper has signed in or signed out	1 Year
DATASERVICES_CUSTOMER_ID	Indicates if a shopper has signed in or signed out	1 Year
DATASERVICES_CUSTOMER_GROUP	Indicates a customer's group. This cookie is stored as sha1 checksum of the customer's group ID	1 Year
DATASERVICES_CART_ID	Identifies a shopper's cart actions	1 Year
DATASERVICES_PRODUCT_CONTEXT	Identifies a shopper's product interactions. This cookie contains the customer's unique quote ID in the system	1 Year

Data Protecetion Declaration

Contents

1. Introduction and Controller Details

2. Data Collection When Visiting Our Website

3. Use of Cookies

4. Contact and Customer Account

5. Direct Marketing

6. Order Processing

7. Online Marketing and Analytics

8. Website Functionalities

9. Tools and Miscellaneous

10. Data Subject Rights

11. Retention Period of Personal Data

Social Media

Service

Help

Information