Skip to content
  1. Free shipping on orders over 45€
  2. star-symbol 4.7/5 on TrustpilotView

Data protection at GreenBaron

Our Privacy Policy at a Glance

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when you use our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is Chris Grafberger, HIF - Hemp is Future, Hinter dem Tannenberg 3, 92690 Pressath, Germany, Tel.: 01606314370, Email: c.grafberger@greenbaron.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data Collection When Visiting Our Website

When you use our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. No disclosure or other use of the data takes place. However, we reserve the right to review the server log files retrospectively if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop based on processing on our behalf. All data collected on our website is processed on Shopify's servers. Within the scope of the aforementioned services of Shopify, data may also be transmitted for further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. In the event of data transfer to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope notified below.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your end device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies used by us, the processing takes place either in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally.
Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

5.1 Own Review Reminder (not sent by a customer review system)
We use your email address for a one-time reminder to submit a review of your order for the review system we use, provided you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR during or after your order.
You can revoke your consent at any time by sending a message to the data controller.

5.2 When you contact us (e.g., via contact form or email), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no legal retention obligations conflict with this.

6) Data Processing when Opening a Customer Account

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will also be collected and processed to the extent necessary if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deleting your customer account, your data will be deleted, provided that all contracts concluded through it have been fully processed, no legal retention periods conflict with this, and we no longer have a legitimate interest in continued storage.

7) Use of Customer Data for Direct Marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. Your email address is the only mandatory information required for sending the newsletter. The provision of further data is voluntary and is used to be able to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter if you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this context, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us during registration for the newsletter will be used strictly for the intended purpose. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After successful unsubscription, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use, which is legally permitted and about which we inform you in this declaration.

8) Data Processing for Order Processing

8.1 Insofar as necessary for contract fulfillment for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If, based on a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when ordering (name, address, email address) to inform you personally about upcoming updates within the legally prescribed period in an appropriate communication channel (e.g., by post or email) in accordance with our legal information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of communicating about updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us fully or partially in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Disclosure of personal data to shipping service providers

- Deutsche Post
If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will pass on your email address to Deutsche Post in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent for this in the order process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we will only pass on the recipient's name and delivery address to Deutsche Post. The transfer will only take place insofar as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Deutsche Post or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future to the controller named above or to Deutsche Post.
- DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will pass on your email address to DHL in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent for this in the order process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we will only pass on the recipient's name and delivery address to DHL. The transfer will only take place insofar as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future to the controller named above or to the transport service provider DHL.

8.3 Use of payment service providers

- Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check regarding the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values. Further data protection information, including on the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

9) Web Analysis Services

Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses so-called "cookies", which are text files stored on your end device that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there; this may also involve a transfer to Google LLC. servers in the USA.
This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes direct personal reference. Through the extension, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC. server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide us with further services related to website usage and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics also enables, via a special function, the so-called "demographic characteristics", the creation of statistics with statements about the age, gender and interests of site visitors based on an evaluation of interest-based advertising and with the inclusion of third-party information. This allows the definition and differentiation of user groups of the website for the purpose of target group-optimized alignment of marketing measures. However, data records collected via the "demographic characteristics" cannot be assigned to a specific person.
Details on the processing initiated by Google Analytics and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing described above, in particular the setting of Google Analytics cookies for reading out information on the end device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, Google Analytics will not be used during your visit to the site.
You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website. We have concluded a contract for order processing with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass them on to third parties.
For the transfer of data from the EU to the USA, Google relies on so-called standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

10) Site Functionalities

10.1 - Adobe Fonts (Typekit)
This site uses so-called web fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA ("Adobe") for the uniform display of fonts. When you access a page, your browser loads the necessary web fonts into its browser cache to display text and fonts correctly.
For this purpose, the browser you use must connect to Adobe's servers. This may also involve the transfer of personal data to Adobe's servers in the USA. In this way, Adobe learns that our website has been accessed via your IP address.
The processing of personal data in connection with establishing a connection with the font provider will only take place if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.
Further information about Adobe Fonts can be found at https://fonts.adobe.com/ and in Adobe's privacy policy: https://www.adobe.com/de/privacy.html

10.2 Google Translate

This site uses the "Google Translate" translation service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") via an API integration. For the translation to be automatically displayed in your chosen national language, your browser connects to Google's servers. Google uses "cookies" for this purpose, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server and stored there, which may also involve a transfer to the servers of Google LLC. in the USA.
Further information on Google Translate and Google's privacy policy can be found at: https://www.google.com/policies/privacy/

You can revoke your consent at any time with effect for the future. To exercise your right of revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

11) Tools and Other

- DATEV
For accounting purposes, we use the cloud-based accounting software from DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg ("DATEV").
DATEV processes incoming and outgoing invoices and, if applicable, also our company's bank movements to automatically record invoices, match them with transactions, and thus create financial accounting in a semi-automated process.
If personal data is processed in this context, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in efficient organization and documentation of our business processes.
Further information on DATEV, the automated processing of data, and data protection regulations can be found at https://www.datev.de/web/de/m/ueber-datev/datenschutz/

12) Rights of the data subject

12.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller regarding the processing of your personal data, with reference to the stated legal basis for the respective exercise conditions:

  • Right of access in accordance with Art. 15 GDPR;
  • Right to rectification in accordance with Art. 16 GDPR;
  • Right to erasure in accordance with Art. 17 GDPR;
  • Right to restriction of processing in accordance with Art. 18 GDPR;
  • Right to notification in accordance with Art. 19 GDPR;
  • Right to data portability in accordance with Art. 20 GDPR;
  • Right to withdraw granted consents in accordance with Art. 7 (3) GDPR;
  • Right to lodge a complaint in accordance with Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When personal data is processed on the basis of an explicit consent according to Art. 6 (1) lit. a GDPR, this data will be stored until the data subject revokes their consent.

If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the fulfillment or initiation of the contract and/or we no longer have a legitimate interest in its continued storage.

When personal data is processed on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.

When personal data is processed for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until the data subject exercises their right to object under Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.