Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website. Below, we provide information about the processing of personal data when you visit our website. Personal data is any data with which you can be personally identified.

1.2 Controller (Art. 4 No. 7 GDPR) 6N Botanicals Legal Form/Provider Name: Opoku UG (6N Botanicals UG i. Gr.) Owner: Doreen Briest-Opoku Address: Böhlerstr. 1, Gebäude 20, 40667 Meerbusch, Germany Email: info@6n-botanicals.com

2) Data Collection When Visiting Our Website

2.1 Server Log Files When visiting our website purely for informational purposes, the following data is automatically collected and stored in server log files: visited page, date/time, amount of data transferred, referrer, browser, operating system, IP address (truncated/anonymized). Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in stability and security).

2.2 SSL/TLS Encryption Our website uses TLS encryption. You can recognize this by "https://" and the lock icon in your browser.

3) Hosting & Content Delivery Network

3.1 Shopify (Hosting, Shop System) We host our website with the provider Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. A data processing agreement (Art. 28 GDPR) is in place. For Canada, there is an adequacy decision by the EU Commission.

3.2 Cloudflare (CDN & Security) Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Legal basis: Art. 6 para. 1 lit. f GDPR (performance/security). Has joined the Data Privacy Framework (EU-US DPF).

4) Cookies

We use session cookies (automatically after session) and persistent cookies (time-limited) to provide functions and improve usability. Legal bases depending on purpose:

  • Art. 6 para. 1 lit. b GDPR (contractually required),
  • Art. 6 para. 1 lit. a GDPR (consent, e.g., marketing/analysis),
  • Art. 6 para. 1 lit. f GDPR (legitimate interest in a functional website). You can control cookies in your browser; some functions may be limited without cookies.

5) Contacting Us

5.1 Contact via Form/Email When you contact us, your data will be processed exclusively to handle your request (Art. 6 para. 1 lit. f GDPR; if related to a contract, lit. b). Deletion after purpose fulfillment, provided no retention obligations prevent it. Contact email: info@6n-botanicals.com

5.2 Zendesk (Ticket System) Provider: Zendesk International Ltd., 55 Charlemont Place, Dublin D02 F985, Ireland. Name, email, and content data are processed. Legal basis: Art. 6 para. 1 lit. f GDPR (efficient support). DPA is in place.

5.3 WhatsApp Business Provider: WhatsApp Ireland Limited, Dublin 2, Ireland. Usage only when you actively initiate contact. Legal basis: Art. 6 para. 1 lit. b (if related to an order) or lit. f (general inquiry). Note: Address book access by WhatsApp; we only store contacts who write to us via WhatsApp. EU-US DPF for Meta/USA.

6) Customer Account

When you open a customer account, we process the data you enter (Art. 6 para. 1 lit. b GDPR). Deletion is possible at any time, provided no retention obligations exist.

7) Use of Customer Data for Direct Marketing

7.1 Email Newsletter (Double Opt-In) Mandatory information: Email. Legal basis: Art. 6 para. 1 lit. a GDPR. Revocation possible at any time.

7.2 Newsletter to Existing Customers (§ 7 para. 3 UWG) Advertising for similar products via email; objection possible at any time. Legal basis: Art. 6 para. 1 lit. f GDPR.

7.3 Klaviyo (Newsletter Sending & Tracking) Provider: Klaviyo, Inc., Boston, USA. DPA, EU-US DPF. Optional open/click tracking only with consent (Art. 6 para. 1 lit. a GDPR).

7.4 WhatsApp Newsletter Registration via message "Start". Legal basis: Art. 6 para. 1 lit. a GDPR. Unsubscription via "Stop".

8) Data Processing for Order Fulfillment

8.1 Shipping & Payment
 For contract fulfillment, we transmit data to shipping service providers/payment service providers (Art. 6 para. 1 lit. b GDPR).
Update obligations for digital elements: Art. 6 para. 1 lit. c GDPR.

8.2 Payment Services (depending on selection in the shop):

  • PayPal (Europe), Luxembourg – Art. 6 para. 1 lit. b/f GDPR; credit check if applicable.
  • Shopify Payments / Stripe, Ireland – Art. 6 para. 1 lit. b GDPR.
  • Klarna (invoice/instalments) – Credit check (Art. 6 para. 1 lit. f), information on credit agencies see Klarna notes.
  • Apple Pay / Sofort / EPS / TWINT – only if offered.
    (Please delete unused services.)

9) Web Analysis

9.1 Google Analytics 4
 Provider: Google Ireland Limited, Dublin. Cookies only with consent (Art. 6 para. 1 lit. a). IP anonymization active, storage period usually 2 months.
Optional Google Signals/User IDs only with consent. DPA, EU-US DPF.

9.2 Google Tag Manager
 Manages tags, does not store user profiles itself. Used only with consent (Art. 6 para. 1 lit. a). EU-US DPF.

9.3 Microsoft Clarity
 Heatmaps/session data pseudonymized, only with consent (Art. 6 para. 1 lit. a). EU-US DPF.

9.4 Shopify Analytics
 Analysis via Shopify, only with consent (Art. 6 para. 1 lit. a). Canada: Adequacy decision.

10) Retargeting/Remarketing & Conversion Tracking

10.1 Meta Pixel (Facebook/Instagram)
 Audience creation & conversion measurement only with consent (Art. 6 para. 1 lit. a). DPA; EU-US DPF.

10.2 Google Ads Remarketing
 Interest-based advertising only with consent (Art. 6 para. 1 lit. a). EU-US DPF.

(If you do not use tracking/ads, remove sections 9–10.)

11) Page Functionalities

11.1 Instagram Feed via Mintt Studio
 Widget loads content from Instagram (Meta). Cookies/transmission only with consent (Art. 6 para. 1 lit. a).

11.2 Instagram Plugins (2-Click/Shariff)
 Activation only after consent (Art. 6 para. 1 lit. a). EU-US DPF.

12) Cookie Consent Tool

We use a consent tool that logs consents and only loads services requiring consent if you agree.
Legal bases: Art. 6 para. 1 lit. c (obligation to obtain consent), lit. f (documented consent management).

13) Rights of the Data Subjects

You have the following rights (Art. 15–21 GDPR): Right of access, rectification, erasure, restriction of processing, data portability, withdrawal of given consents, complaint to a supervisory authority.

Right to object (Art. 21 GDPR):
 You can object at any time to processing based on Art. 6 para. 1 lit. f GDPR for reasons arising from your particular situation.
You can object to direct marketing at any time; in this case, we will no longer process your data for this purpose.

14) Storage Duration

The storage duration depends on the legal basis and purpose:

  • In case of consent, until revocation (Art. 6 para. 1 lit. a).
  • In case of a contract/initiation, until completion plus statutory periods (Art. 6 para. 1 lit. b).
  • In case of legitimate interest, until objection, unless compelling reasons exist (Art. 6 para. 1 lit. f).
  • Otherwise, we delete data when the purpose ceases and no obligations prevent it.