Privacy Policy

Information on the processing of personal data in accordance with the General Data Protection Regulation (GDPR).

This is a courtesy translation. The legally binding version is the German one.

1. Controller

Controller responsible for data processing on this website:
Terra Di Gaia GmbH, Ludwig-Jost-Allee 6, 65929 Frankfurt am Main, email: jessica@terradigaia.com. For full details see the Imprint.

2. Hosting

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When the website is accessed, the host automatically records server log files (IP address, date/time, page accessed, browser type). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure, stable provision). A data processing agreement is in place with Vercel; any transfer to the USA takes place on the basis of the EU Standard Contractual Clauses.

3. Payment processing via Stripe

For payment processing in the shop we use Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland). When you place an order, the data required for payment (name, address, email, payment data) is transmitted to and processed by Stripe. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Payment data such as card numbers is processed exclusively by Stripe — we neither receive nor store it. Stripe’s privacy policy applies additionally: stripe.com/de/privacy.

4. Contacting us

If you contact us via the contact form or by email, we process your details (name, email, message) to handle your enquiry. The legal basis is Art. 6(1)(b) or (f) GDPR. The data is deleted once the enquiry has been conclusively dealt with and no statutory retention periods stand in the way.

5. Newsletter

For sending the newsletter we use the double opt-in procedure: after subscribing you receive an email asking you to confirm your subscription. The legal basis is your consent under Art. 6(1)(a) GDPR. You can unsubscribe from the newsletter at any time via the unsubscribe link in every email or by sending us a message.

6. Local storage (localStorage)

For the functioning of the shopping cart as well as for your language and display settings, we store data that is technically necessary in your browser’s localStorage. This data does not leave your device and is not transmitted to us. The legal basis is Art. 6(1)(f) GDPR. We set tracking cookies only with your consent (see section 7).

7. Web analytics

This website uses — only with your explicit consent — Google Analytics 4, a web analytics service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies that enable an analysis of your use of the website; the IP address is anonymised. Any data transfer to Google LLC in the USA takes place on the basis of the EU Standard Contractual Clauses. The legal basis is your consent under Art. 6(1)(a) GDPR, which you give via the cookie notice on your first visit. Without consent, Google Analytics is not loaded and no cookies are set. You can withdraw your consent at any time with effect for the future (e.g. by clearing your browser’s local storage). In addition, we use Vercel Web Analytics and Speed Insights (Vercel Inc.) — these work cookieless, without personal profiles, on the basis of Art. 6(1)(f) GDPR.

8. Your rights

You have the right at any time to:

• information about the data stored about you (Art. 15 GDPR)
• rectification of incorrect data (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• objection to processing (Art. 21 GDPR)
• withdrawal of consent given (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority.

Note: This privacy policy is a template. Before going live, the fields marked in red must be completed and the text reviewed by a qualified person (lawyer / data protection officer).