Data protection

1. Person responsible

Mittelweser Heilquellen GmbH
On the Kampe 3a
31582 Nienburg/Weser
Telephone: 05021 - 60 39 0
Email: info@quellmed-shop.de

2. Hosting & Platform

Our online store is powered by Shopify :

Shopify Inc. , 151 O'Connor Street, Ottawa, Ontario K2P 2L8, Canada

Shopify processes personal data under the EU Standard Contractual Clauses. Further information: https://www.shopify.com/legal/privacy

3. Data collected

3. Data collected

When you visit our website or place an order, we – or our service provider Shopify – collect the following personal data:

First and Last Name

Billing and delivery address

Email address and telephone number (if provided)

Payment information (e.g., via Shopify Payments or third-party providers)

Order details (purchased products, quantity, price)

IP address (automatically transmitted when using the website)

This data is required to process your order, respond to your inquiries and provide our service.

4. Purposes of processing

Contract processing & order processingShipping & returns
Customer Service & Communication
Marketing & Retargeting
Security & Abuse Prevention

5. Tools and services used

a) Cookie Consent Tool (Cookiebot)

To obtain and manage your consent, we use Cookiebot from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

https://www.cookiebot.com/de/privacy-policy/

b) Google Analytics (with consent)

We use Google Analytics 4 , a web analysis service provided by Google Ireland Ltd., Gordon House, Dublin 4.

https://policies.google.com/privacy

c) Meta/Facebook Pixel (with consent)

We use the Facebook Pixel (Meta Platforms Ireland Ltd.) for personalized advertising:

https://www.facebook.com/privacy/policy

d) Payment service providers (e.g. PayPal, Klarna)

For payment processing, we pass on data to the following service providers:

The privacy information of these providers can be found on their websites.

6. Legal basis

Art. 6 (1) (b) GDPR (performance of contract)

Art. 6 (1) (a) GDPR (consent for tracking)

Art. 6 (1) (f) GDPR (legitimate interest)

7. Storage period

Data will only be stored for as long as is necessary for the respective purposes or as required by law (e.g. 10 years for invoice data according to Section 147 AO).

8. Your rights

You have the right to:

Information (Art. 15 GDPR)
Correction (Art. 16 GDPR)

Deletion (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Complaint to a supervisory authority (e.g. the State Commissioner for Data Protection of Lower Saxony)

9. Data security

We use the latest encryption measures (TLS/SSL), firewalls, access restrictions and regular security audits.

10. Update

We reserve the right to update this privacy policy in response to changes in legal regulations or technical developments. Last updated: May 2025.