Welcome to the GFP Online Shop. Your personal contact is: Susanne Hottendorff

Data protection - Good Feeling Products

Data Protection

1. Overview of Data Collection and Processing

We want to provide you with an overview of how we collect and process personal data when you use our website.

1.1. Who is Responsible and Who Can I Contact?

The entity responsible for data processing is:

Good Feeling Products SL
Calle Velazquez 2-2°,
07002 Palma, Spain
Phone: +34 871 – 18 75 11
Email: info@gfpsl.com

You can contact info@gfpsl.com for any questions regarding this privacy policy and your rights.

2. How Do We Process Your Data for Informational Use of Our Website?

2.1. Server Log Files

When you use our website informatively, meaning you don’t transmit information to us otherwise, we collect data (possibly personal) that your browser transmits to our server. This includes:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Specific page requested
  • Access status/HTTP status code
  • Transmitted data volume
  • Referring website
  • Browser
  • Operating system
  • Language and version of the browser

These data are stored in server log files for security reasons for up to 3 days and then deleted. If data needs to be retained for evidence, it will not be deleted until the incident is completely resolved.

The legal basis for processing these data is Article 6(1)(f) GDPR. We have a legitimate interest in processing server log files to ensure website security and investigate misuse.

2.2. Cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. These are small text files that are stored by your browser on your hard drive and transmit specific information.

Details on which cookies we use, for what purpose, and how long they last can be found here:

𝑐𝑜𝑜𝑘𝑖𝑒𝑑𝑒𝑐𝑙𝑎𝑟𝑎𝑡𝑖𝑜𝑛

Necessary cookies are based on Article 6(1)(f) GDPR. We have a legitimate interest in storing these cookies for technical error-free and user-friendly service design.

Non-essential cookies are only used with your consent. In this case, the legal basis is Article 6(1)(a) GDPR.

2.3. Contact via Email or Contact Form

If you contact us via email or contact form, the data you provide (your email address, name, phone number, and message content) will be stored to respond to your inquiries. Data related to this context will be deleted when storage is no longer required or limited if there are legal retention obligations.

The legal basis for this data processing is Article 6(1)(b) GDPR for contract initiation and our legitimate interest in responding to your inquiry per Article 6(1)(f) GDPR for other inquiries.

2.4. Newsletter

You can subscribe to our newsletter through our website. Usually, we only need an email address from you. Other data is optional.

We use ZipLingo for newsletter distribution, provided by ZipLingo, which acts as a data processor for us. You can find more information about ZipLingo’s privacy policy here: https://www.ziplingo.com/privacy.

ZipLingo also enables performance measurement. This means the newsletter contains a web beacon (a small pixel) that is retrieved when the newsletter is opened. Information about the browser, system, IP address, and retrieval time is collected. This data is used to analyze reading behavior. This performance measurement helps us determine whether and when you opened the newsletter and which links were clicked. The data is only analyzed in aggregate to understand general reading habits and interests of our newsletter subscribers.

Your personal data will be transferred to ZipLingo in the USA. The USA does not have an EU Commission adequacy decision confirming an appropriate level of data protection. By transferring your data, US authorities may access and further process it. Data transfer is based on your consent according to Article 49(1)(a) GDPR.

Your newsletter subscription data will be stored until you unsubscribe and deleted afterward.

Data processing is based on your consent according to Article 6(1)(a) GDPR, which you can revoke at any time via the “unsubscribe” link in the newsletter.

2.5 Google Analytics

This website uses Google Analytics, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to analyze website usage by you and other users.

The service uses cookies (see “Cookies” above) and creates evaluations of website usage and activity using the information collected through the cookies. The purpose of this processing is to measure reach and evaluate user actions. Information collected through the cookies, which might be linked to you, is deleted 14 months after collection. IP anonymization (also known as “IP masking” or “anonymizeIP”) is used, which means your IP address is shortened to prevent personal identification.

For more information, visit https://support.google.com/analytics/answer/6004245?hl=en.

The information collected through the cookies is usually transmitted to and stored on a Google server in the United States of America (USA). The USA does not have an EU Commission adequacy decision confirming an appropriate level of data protection. By transferring your data, US authorities may access and further process it.

The legal basis for this processing and the transfer of your personal data to the USA is your consent according to Article 6(1)(a) and Article 49(1)(a) GDPR.

If you have not given us consent when visiting this website, Google Analytics will not be used for you. If you have given us your consent, you can revoke it at any time, for instance, by adjusting your privacy settings for this website using the following link: [LINK]. A cookie will be set to prevent further data collection when you visit our website.

2.6 Google Ads

This website uses the Google Ads service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), for marketing purposes.

Generally, neither we nor Google know your actual identity. We regularly only have access to aggregated information about the success of our advertisements and conversions, such as whether an online marketing measure led to a contract with us via our website. We use AdServer cookies, which measure certain parameters on our website to assess success. If you access our website via a Google ad, a Google Ads cookie is placed on your computer to recognize your web browser for success measurement.

The information collected through the cookies is usually transmitted to and stored on a Google server in the USA. The USA does not have an EU Commission adequacy decision confirming an appropriate level of data protection. By transferring your data, US authorities may access and further process it.

The legal basis for this processing and the transfer of your personal data to the USA is your consent according to Article 6(1)(a) and Article 49(1)(a) GDPR.

For more information on how Google uses data, the settings, and your options to object, visit https://policies.google.com/privacy?hl=en (Privacy Policy) and https://services.google.com/sitestatus/en.html (Google Website Statistics).

2.7 Facebook Pixel

Within our online offering, we use the following feature from the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”):

We use Facebook Pixel to define the visitors of our online offer as a target group for displaying ads on Facebook (“Facebook Ads”). Therefore, we use Facebook Pixel to ensure that the Facebook ads we display only reach Facebook users interested in our online offer or who have specific characteristics (e.g., interests in certain topics or products determined based on the visited websites) that we transmit to Facebook (“Custom Audiences”). With the help of Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were redirected to our website after clicking on a Facebook ad (“Conversion”).

Your data is also transmitted to Facebook in the United States of America (“USA”) for these purposes. The European Union has not determined that the USA has an adequate level of data protection. By transferring your data, US authorities may access and further process it.

The legal basis for the processing and the transfer to the USA is your consent according to Article 6(1)(a) GDPR. If you did not give us consent when visiting this website, these Facebook features will not be used for you. If you gave us your consent, you could revoke it at any time by adjusting your privacy settings for this website using the following link: [LINK]. A cookie will be set to prevent further data collection when you visit our website.

Facebook’s data usage policy can be found here: https://www.facebook.com/policy. Specific information and details about Facebook Pixel and its functionality can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616. Besides the options to withdraw consent described above, you can also configure usage-based advertising directly on the page set up by Facebook: https://www.facebook.com/settings?tab=ads. These settings apply across all devices, such as desktop computers or mobile devices.

2.8 Vimeo

To play advertising videos on our website, we embed videos from the platform Vimeo Inc., 555 West 18th Street, New York, New York 10011 (“Vimeo”).

When you access a webpage equipped with such a plugin, a connection to the Vimeo servers is not automatically established, only after you click on the respective video. This transmits user information such as the country, duration of the video, and confirmation that the video is viewed to Vimeo. If you are logged into Vimeo as a member, Vimeo assigns this information to your personal user account. You can prevent this association by logging out of your Vimeo account before using our website and deleting the corresponding Vimeo cookies.

We do not process data. Vimeo is responsible for the data processing. Further information on this data processing by Vimeo can be found at https://vimeo.com/privacy.

3. How and Why Do We Process Your Data as an Interested Party and Customer?

3.1 Customer Account

You have the option to create a customer account on our website. If creating a customer account is necessary, you’ll be informed about the required details. Typically, this includes first and last names, title, email address, and your address.

Through the customer account, you can use our services, particularly to purchase our products in our online shop, have them delivered to the delivery address saved in your customer account, and have the invoice sent to the billing address you provided. The purpose of processing the data associated with your customer account is to initiate and fulfill the contract. If you are our contractual partner, the legal basis is the fulfillment of the contract according to Article 6(1)(b) GDPR. If the contract is with your employer or client, the legal basis is our legitimate interest in fulfilling the contract with our business partners according to Article 6(1)(f) GDPR.

When creating a customer account, you have the option to provide your birthdate to receive a birthday greeting from us and possibly a small surprise (e.g., a voucher). We’ll request your consent during the registration process. The legal basis for this data processing is your consent according to Article 6(1)(a) GDPR.

During registration, subsequent logins, and usage of the customer account, we store your IP address and access times to verify the registration and prevent account misuse. The legal basis for this data processing is our legitimate interest according to Article 6(1)(f) GDPR.

If you cancel or delete your customer account, the associated data will also be deleted, unless further retention is legally required. The legal basis in this case is a legal obligation under Article 6(1)(c) GDPR, such as from the HGB or AO.

3.2 Reminder Function

If you’ve created a customer account and added products to the shopping cart without completing the purchase, your interaction is tracked with cookie-like technology until the purchase is completed. If you forget something in the shopping cart, you’ll receive up to three email reminders about the forgotten products in the cart from our service provider, The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, 30308, Georgia, USA, which acts as our data processor. If you complete the purchase with all products, no reminder will be sent.

This reminder function will result in your personal data being transferred to the United States of America (“USA”). The USA does not have an EU Commission adequacy decision confirming an appropriate level of data protection. By transferring your data, US authorities may access and further process it.

The processing and transfer of your personal data to the USA is based on your consent according to Article 49(1)(a) GDPR and Article 6(1)(a) GDPR.

If you haven’t given us consent when visiting this website, the reminder function won’t be used for you. If you have given us your consent, you can revoke it at any time by adjusting your privacy settings for this website using the provided link: [LINK]. A cookie will be set to prevent further data collection when you visit our website.

3.3 Payment Service Providers

If you order products in our online shop, you have various payment options. Depending on the payment method you choose, your user ID, order number, customer number, amount, address, first and last name, language, and email address will be sent to the respective payment provider during checkout. We use the following payment providers:

  • Nuvei: Nuvei is a payment processing service that handles credit cards, Google Pay, Apple Pay, and SEPA transactions. For more information about Nuvei’s privacy policy, visit https://nuvei.com/privacy-notice/.

  • PayPal: An online payment service by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (“PayPal”). For more information about PayPal’s privacy policy, visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

The data transfer is solely for the purpose of payment processing with the payment provider. This processing is based on Article 6(1)(b) GDPR.

3.4 Google Reviews

We use the services of Google Reviews to collect feedback on the products customers purchase from us. After making a purchase, you’ll receive an automated invitation to submit a review. These reviews will be published on Google Reviews and will be linked to your Google account, displaying your username.

The legal basis for this processing is our legitimate interest in gathering verified reviews of our products according to Article 6(1)(f) GDPR.

4. Who Gets Your Data?

Within our company, only those departments that require your personal data to fulfill the above-mentioned purposes have access to it. The aforementioned data may also be processed by data processors who operate and maintain our website and systems. Furthermore, data is transferred to the service providers explicitly mentioned in Sections 2 and 3, with whom we have signed a data processing agreement, provided they act as data processors for us.

5. Is Data Transferred to Countries Outside the European Union?

Unless explicitly stated in Sections 2 and 3 that your data is transferred to countries outside the European Union, no transfer of your personal data to countries outside the EU occurs.

6. What Are Your Rights?

  • Right of Access: You have the right to access the personal data we have stored about you to review and understand how we use your data.
  • Right to Rectification, Erasure, and Restriction: Under certain circumstances, you have the right to request the correction, restriction, or deletion of your personal data from us.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it directly to third parties, where technically feasible.
  • Right to Withdraw Consent: You have the right to withdraw any consent you may have given. Please note that this withdrawal does not affect the legality of data processing until the time of withdrawal. You can revoke consents given to us during your first visit to our website at any time via the following link: [LINK].
  • Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(f) GDPR. We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for processing.
  • Right to Lodge a Complaint: If you believe our data processing violates European data protection law, you can file a complaint with a supervisory authority. The authority responsible for this is, for instance, the supervisory authority of the federal state in which you reside. A list of all data protection commissioners and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You can also contact the Information and Data Protection Commissioner of Malta (https://idpc.org.mt/).

7. When Will My Personal Data Be Deleted?

Where possible, we have provided you with the specific retention period or deletion time in Sections 2 and 3. Otherwise, the retention period is determined by the following criteria: We process and store your personal data for as long as necessary to fulfill the purposes for which it was collected. If the processing of your personal data is no longer required, especially because contractual obligations or our legitimate interests have been met, we will delete it unless further processing or archiving is legally required. These legal reasons include, for example, commercial and tax retention obligations (from the Commercial Code and the Fiscal Code). The standard retention periods for data are usually between two and ten years.

8. Is There an Obligation to Provide Personal Data?

You are not legally or contractually obliged to provide personal data to us. However, without this data, we may not be able to offer all the functionalities of the website in some cases.

9. Is Automated Decision-Making or Profiling Used?

We do not carry out any automated decision-making or other profiling measures unless explicitly mentioned in Section 2.