Data Protection
Privacy Policy
green.one® – ETHERKRAFT UG (haftungsbeschränkt)
Data Controller
ETHERKRAFT UG (haftungsbeschränkt)
Trade name: green.one®
Mergenthalerallee 73–75, 65760 Eschborn, Germany
Privacy contact: [email protected]
Commercial register: HRB 138552, Amtsgericht Frankfurt am Main
VAT ID: DE365337460
1. Scope and Principles
This privacy policy applies to the website and online shop at green.one® and all associated functions (payments, shipping, customer account, newsletter, email marketing, social links), including the use of a content delivery network (Cloudflare).
The processing of personal data is carried out strictly in accordance with the GDPR, in particular the principle of storage limitation: data is retained only for as long as necessary for the stated purposes or as required by law. Thereafter, it is securely deleted or irreversibly anonymised.
2. Purposes and Legal Bases of Processing
Your data is processed for the following purposes and on the following legal bases:
| Purpose | Legal basis (GDPR) |
|---|---|
| Shop operation, contract performance (orders, payments, shipping) | Art. 6(1)(b) |
| Compliance with legal obligations (e.g. tax retention requirements) | Art. 6(1)(c) |
| Protection of legitimate interests (IT security, fraud prevention, CDN, anonymised web analytics) | Art. 6(1)(f) |
| Your explicit consent (newsletter subscription, email marketing, social media plugins) | Art. 6(1)(a) |
3. Detailed Processing Operations
Provision of the Website & CDN (Cloudflare)
To enhance the security and performance of our website, we use the content delivery network (CDN) provided by Cloudflare. On each access, technical data, including your IP address, is transmitted to Cloudflare servers. This serves our legitimate interest in secure and efficient operation (Art. 6(1)(f) GDPR).
Shop, Customer Account, Payment & Shipping Processing
To process your order, we collect your master data, contract data and contact details. If you create a customer account, your data is stored to simplify future orders. For payment and shipping, we work with external service providers (Viva.com and Volksbank Mittweida eG for payments, DHL for shipping), to whom the necessary data is transmitted.
Web Analytics with Matomo (self-hosted, fully anonymised)
Your protection is our priority. Especially in the sensitive CBD sector, we place great importance on maximum discretion. We therefore completely refrain from using external analytics tools such as Google Analytics or similar services that transfer data to the USA. Instead, we use Matomo, a privacy-friendly open-source solution operated on our own private server of ETHERKRAFT UG in Germany.
- Full IP Anonymization: Your IP address is truncated immediately after collection so that identification of individuals is excluded.
- No User Profiles: No personal user profiles are created whatsoever. Evaluation is performed exclusively in aggregated and anonymized form.
- No Data Transfer: All analytics data remains on our own server and is never shared with or sold to third parties.
- Right to Object: You may object to data collection by Matomo at any time via cookie settings or via your browser's DNT signal.
This processing is based on our legitimate interest in improving our website without compromising your privacy (Art. 6(1)(f) GDPR).
E-Mail Marketing & Newsletter with Mautic (Self-Hosted)
For our newsletter and internal e-mail marketing, we use Mautic, an open-source marketing automation platform. Mautic is hosted exclusively on ETHERKRAFT UG's private server in Germany – fully owned and solely controlled by us.
- No Disclosure to Third Parties: Your e-mail address and all data associated with the newsletter subscription are never shared with external marketing service providers (such as Mailchimp, Klaviyo, etc.).
- Double Opt-In Procedure: The subscription is only activated after explicit confirmation via a confirmation link (Art. 6(1)(a) GDPR).
- Full Control: We store and manage your subscriber data exclusively internally. No data transfer to third countries.
- Easy Unsubscription: Every e-mail contains an unsubscribe link (opt-out). Upon revocation of your consent, your data will be promptly removed from the marketing list.
If you have any questions regarding your stored data in connection with the newsletter, please contact: [email protected].
Contact Form & Direct Contact
When you contact us via our form or by e-mail, we process your information exclusively for the purpose of handling your inquiry (Art. 6(1)(b) or (f) GDPR). The data will not be used for advertising purposes unless you have given separate consent.
4. Retention and Deletion
Retention periods are determined according to the respective purpose and legal requirements. Upon fulfillment of purpose or expiration of the periods, data is routinely deleted, anonymized, or pseudonymized. Specific periods arise in particular from statutory provisions (e.g., 10 years for tax-relevant documents pursuant to § 147 AO / § 257 HGB) and technical requirements (e.g., short-term storage of security log files).
5. Your Rights as a Data Subject
Under the GDPR, you have comprehensive rights with regard to your data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”, Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent given (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) – competent authority: Hessian Commissioner for Data Protection and Freedom of Information (HBDI)
To exercise your rights, please contact us at the e-mail address provided below.
Contact for Privacy Inquiries
For all inquiries regarding your data and to exercise your rights, please contact:
E-Mail: [email protected]
This document was last updated on April 21, 2026.