Privacy Policy

1. Data Protection at a Glance

General Information

We take the protection of your personal data very seriously. This policy explains how we treat your data when you visit our website. Personal data involves any information that can be used to identify you personally.

The Controller

The party responsible for data processing on this website (the “Controller”) is:

vegconom GmbH
Fiskediek 1,
49413 Dinklage,
Germany
Phone: +49 30549090501
Email: peter.link@vegconomist.de

2. Infrastructure and Security

Hosting & Content Delivery Network (CDN)

We use Cloudflare as a Content Delivery Network (CDN). The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare ensures our website loads quickly and remains secure against attacks. Technically, the traffic between your browser and our server flows through Cloudflare’s network. This enables Cloudflare to analyze traffic data, including your IP address.

  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest in a secure and functional website).

  • Data Transfer: Cloudflare is certified under the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (such as orders or inquiries), this site uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” line in your browser address bar and the lock icon.

Server Log Files

Our hosting provider automatically collects and stores information in so-called server log files, which your browser transmits to us. These include:

  • Browser type and version

  • Operating system

  • Referrer URL

  • Hostname of the accessing computer

  • Time of the server request

  • IP address (anonymized where applicable)

This data is not merged with other data sources. We process this data based on Art. 6(1)(f) GDPR to ensure the technical stability and security of our systems.

3. Data Collection and Processing

Cookies

Our website uses cookies. These are small text files stored on your device. Some are “session cookies” (deleted after you close your browser), while others are “persistent cookies” (remain on your device to save settings).

  • Consent: Strictly necessary cookies are set based on our legitimate interest (Art. 6(1)(f) GDPR). All other cookies (e.g., for analytics) require your explicit consent (Art. 6(1)(a) GDPR), which you can manage via our Cookie Consent Tool.

Contacting Us

If you contact us (e.g., via email or contact form), we store the details you provide to process your request and for follow-up questions. This data is not passed on without your consent.

  • Legal Basis: Art. 6(1)(b) GDPR (if related to a contract) or Art. 6(1)(f) GDPR (Legitimate Interest in effective communication).

4. E-Commerce and Payments

If you make a purchase, we process your data to fulfill the contract. We transmit payment data to the respective payment service provider responsible for the transaction. The legal basis is Art. 6(1)(b) GDPR (Performance of a Contract).

We use the following payment providers:

  • Stripe: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

  • PayPal: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. (Note: PayPal may perform a credit check for certain payment methods).

  • Apple Pay: Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

  • Google Pay: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

5. Analytics and Tracking

Google Analytics 4 (GA4)

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited. GA4 allows us to analyze user behavior to improve our website.

  • IP Anonymization: Your IP address is shortened by Google within the EU/EEA before storage.

  • Google Signals: If you have enabled “Personalized Ads” in your Google account, Google may generate cross-device reports. You can disable this in your Google Account settings.

  • User IDs: We may use User IDs to track sessions across devices if you are logged in.

  • Legal Basis: The use of Google Analytics occurs exclusively on the basis of your consent (Art. 6(1)(a) GDPR).

  • Data Retention: User-level data is retained for 2 months and then deleted.

  • Data Transfer: Google is certified under the EU-US Data Privacy Framework.

6. Newsletter and Marketing

SendGrid & Shopify

We use SendGrid (a Twilio company, Denver, USA) and Shopify (Ottawa, Canada) to manage and send our newsletters.

  • Data Transfer: Data entered during newsletter registration is transferred to these providers.

  • Tracking: Our newsletters may contain tracking pixels that allow us to see if an email was opened and which links were clicked. This helps us optimize our content.

  • Legal Basis: This processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time by using the “Unsubscribe” link in the newsletter.

7. Your Rights

Under the GDPR, you have the following rights regarding your data:

  • Right to Access (Art. 15): Request information about your stored data.

  • Right to Rectification (Art. 16): Request correction of incorrect data.

  • Right to Erasure (Art. 17): Request deletion of your data (“Right to be forgotten”).

  • Right to Restriction (Art. 18): Request limitation of processing.

  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.

  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time for the future.

RIGHT TO OBJECT (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR (LEGITIMATE INTEREST), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

8. Contact for Privacy Concerns

If you have questions about this policy or your data, please contact the controller listed in Section 1.