GDPR - Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 The controller for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is Dr. H. Thanisch, Erben Müller-Burggraef KG, Junkerland 14, 54470 Bernkastel-Kues, Germany, Tel.: +49 (0) 6531-91790-10, E-Mail: office@dr-thanisch.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be reached as follows: Frank Weber Email: f.weber@dr-thanisch.de

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock icon in your browser's address bar.

3) Hosting & Content Delivery Network

Shopify

For the hosting of our website and the display of page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized transfer to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and allow saving page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of your web browser's cookie settings.

If personal data is processed by individual cookies used by us, the processing takes place either in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting us

When you contact us (e.g., via email), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that no statutory retention obligations conflict with this.

6) Data processing when opening a customer account

In accordance with Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above-mentioned address of the controller. After your customer account has been deleted, your data will be deleted, provided that all contracts concluded through it have been fully processed, no statutory retention periods conflict with this, and we no longer have a legitimate interest in further storage.

7) Use of customer data for direct marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. Your email address is the only mandatory information required for sending the newsletter. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter if you have explicitly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration, in order to be able to trace any possible misuse of your email address at a later time. The data collected by us when registering for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration.

8) Data processing for order fulfillment

To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided when ordering to inform you personally within the scope of our legal information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the purpose of communicating about updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you, the data subject, the following rights (rights to information and intervention) with regard to the processing of your personal data by the controller, whereby reference is made to the stated legal basis for the respective exercise conditions:

  • Right of access in accordance with Art. 15 GDPR;
  • Right to rectification in accordance with Art. 16 GDPR;
  • Right to erasure in accordance with Art. 17 GDPR;
  • Right to restriction of processing in accordance with Art. 18 GDPR;
  • Right to notification in accordance with Art. 19 GDPR;
  • Right to data portability in accordance with Art. 20 GDPR;
  • Right to withdraw given consents in accordance with Art. 7 para. 3 GDPR;
  • Right to lodge a complaint in accordance with Art. 77 GDPR.

9.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data based on an explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data processed in the context of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the expiry of the retention periods, unless they are no longer necessary for the fulfilment or initiation of the contract and/or we no longer have a legitimate interest in their continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Status: 27.4.2026