Contents
- Introduction and Controller Details
- Data Collection When Visiting Our Website
- Use of Cookies
- Contact and Customer Account
- Direct Marketing
- Order Processing
- Online Marketing and Analytics
- Website Functionalities
- Tools and Miscellaneous
- Data Subject Rights
- Retention Period of Personal Data
1. Introduction and Controller Details
1.1 We are delighted about your visit to our website and your interest in our offerings. This privacy policy informs you about the processing of your personal data (data that can identify you) when using our website.
1.2 The controller under the General Data Protection Regulation (GDPR) is:
Cloudwalker GmbH
Adlerstr. 48
76297 Stutensee
Germany
Tel.: +49 7244 9499100
Fax: +49 7244 9499102
Email: info@wandalas.de
Please feel free to contact us with any data protection inquiries.
2. Data Collection When Visiting Our Website
2.1 When you use our website purely for informational purposes (without registering or submitting data), we collect only technically necessary data via server log files:
- Visited website
- Date and time of access
- Data volume in bytes
- Referrer (source page)
- Browser and operating system
-
- IP address (anonymized)
Legal basis is Art. 6(1)(f) GDPR (legitimate interest in security and stability). Data is not shared unless there’s evidence of illegal use, prompting subsequent review.
- IP address (anonymized)
2.2 We use SSL/TLS encryption, recognizable by “https://” and the lock icon, to protect your data during transmission.
3. Use of Cookies
3.1 We use cookies—small files stored on your device—to enhance usability and functionality. Session cookies are deleted after your session ends; persistent cookies remain longer (see browser settings for retention periods).
3.2 Processing occurs based on:
- Art. 6(1)(b) GDPR (contract fulfillment),
- Art. 6(1)(a) GDPR (consent), or
-
- Art. 6(1)(f) GDPR (legitimate interest in functionality).
3.3 You can manage or disable cookies in your browser, which may limit website functionality. Details and options are available in our Cookie Consent Tool (Section 9.2).
4. Contact and Customer Account
4.1 Contact: When you reach out (e.g., via form or email), we process your data solely to address your request, based on Art. 6(1)(f) GDPR (interest in responding) or Art. 6(1)(b) GDPR (contract). Data is deleted once resolved, unless retention obligations apply.
4.2 Customer Account: For account creation, we collect necessary data (see input form) per Art. 6(1)(b) GDPR. You can delete your account anytime by contacting us; data is then removed unless legal requirements prevent this.
5. Direct Marketing
5.1 Newsletter Subscription: With your email and optional details, we send newsletters after double-opt-in confirmation (Art. 6(1)(a) GDPR). IP address and signup time are logged for proof. Unsubscribe anytime via the newsletter link or by contacting us; your data will then be deleted.
5.2 Existing Customer Marketing: We may use purchase-provided email addresses for offers on similar products (Art. 6(1)(f) GDPR, § 7(3) UWG). You can object free of charge; usage will then cease.
6. Order Processing
6.1 For contract fulfillment, we share data with shipping and payment providers (Art. 6(1)(b) GDPR). For digital product updates, we inform you per Art. 6(1)(c) GDPR.
6.2 Shipping Providers: Name, address, and optionally phone number are shared with shipping partners (Art. 6(1)(b) GDPR):
- Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
- DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
- DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
- GLS Germany, GLS Germany-Straße 1–7, 36286 Neuenstein, Germany
- PostNord, PostNord Deutschland GmbH, Ludwig-Erhard-Ring 7, 15827 Blankenfelde-Mahlow, Germany
- UPS, Görlitzer Straße 1, 41460 Neuss, Germany
-
- FedEx, FedEx Express Germany GmbH, Langer Kornweg 34, 65451 Kelsterbach, Germany
With your consent (Art. 6(1)(a) GDPR), email or phone may be used for delivery notifications; this is revocable.
- FedEx, FedEx Express Germany GmbH, Langer Kornweg 34, 65451 Kelsterbach, Germany
6.3 Payment Providers:
- PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (Art. 6(1)(b) GDPR; credit checks per Art. 6(1)(f) GDPR).
- Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland (Art. 6(1)(b) GDPR; credit checks per Art. 6(1)(f) GDPR).
Payment data is shared only as necessary.
7. Online Marketing and Analytics
7.1 Google AdSense: We use Google AdSense (Google Ireland Limited, Dublin) for ads. Cookies and web beacons collect data (e.g., IP address) for analysis, only with your consent (Art. 6(1)(a) GDPR). Revocable via the Cookie Consent Tool. Data may be transferred to Google LLC, USA (EU-US Data Privacy Framework). More at: https://www.google.de/policies/privacy/.
7.2 Google Analytics 4: We use Google Analytics 4 (Google Ireland Limited) for analysis. With your consent (Art. 6(1)(a) GDPR), cookies are set; IP addresses are anonymized and stored for 2 months. Revocable via the Cookie Consent Tool. Data transfer to the USA under EU-US Data Privacy Framework. Details: https://policies.google.com/privacy.
8. Website Functionalities
8.1 Google Maps: We use Google Maps (Google Ireland Limited) for location display. Data (e.g., IP address) is transferred upon access (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR) is revocable. Data transfer to USA: EU-US Data Privacy Framework.
8.2 Google reCAPTCHA: For security, we use reCAPTCHA (Google Ireland Limited), checking IP addresses and user data (Art. 6(1)(f) GDPR). Data transfer to USA: EU-US Data Privacy Framework.
9. Tools and Miscellaneous
9.1 Lexoffice: Accounting is handled via Haufe-Lexware GmbH & Co. KG, Freiburg (Art. 6(1)(f) GDPR – efficient organization).
9.2 Cookie Consent Tool: We use a tool to manage your cookie consents (Art. 6(1)(f/c) GDPR – legal compliance). Essential cookies store preferences without personal data.
9.3 Elasticsearch: Search functions are provided by Elastic, USA (Art. 6(1)(f) GDPR – optimal marketing). Data transfer to USA: Standard Contractual Clauses.
10. Data Subject Rights
10.1 You have the following rights:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Withdrawal of consent (Art. 7(3) GDPR)
-
- Complaint to a supervisory authority (Art. 77 GDPR).
10.2 Right to Object: For processing based on legitimate interests (Art. 6(1)(f) GDPR), you may object for personal reasons. For direct marketing, processing stops immediately upon objection.
11. Retention Period of Personal Data
11.1 Retention depends on legal basis and purpose:
- Consent (Art. 6(1)(a) GDPR): Until revoked.
- Contract (Art. 6(1)(b) GDPR): Until contract end, then statutory retention periods (e.g., 10 years per HGB/AO).
-
- Legitimate interest (Art. 6(1)(f) GDPR): Until objection or purpose ceases, unless legal claims apply.
11.2 Absent conflicting rules, we delete data when no longer needed for its purpose.