Privacy policy

Last updated: 15 December 2025

1. General information

We are pleased about your interest in our online shop lana-organic.de. The protection of your personal data is a matter of great importance to us.
With this privacy policy, we inform you about which personal data we collect, how we process such data and which rights you are entitled to.

Our online shop is operated via the platform Shopify Inc., provider:

Shopify International Limited
150 Elgin Street, Suite 800
Ottawa, Ontario, K2P 1L4
Canada

In the course of using Shopify, personal data (e.g. order information, payment data, IP address) are processed. The transfer of data to third countries is carried out on the basis of appropriate safeguards pursuant to Article 46 GDPR, in particular standard contractual clauses.

Controller responsible for data processing:

LANA Organic GmbH
Weststr. 38
52074 Aachen
Germany
Email: info@lana-organic.de

We process personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Collection and processing of personal data

Personal data are any information relating to an identified or identifiable natural person, in particular:

  • First and last name
  • Postal address
  • Telephone number
  • Email address
  • Payment information
  • IP address, device information, browser type
  • Usage data (e.g. page views, click behaviour)

Processing is carried out in particular for the following purposes:

  • Processing of orders (shipping of goods, payment processing, invoicing, returns)
  • Provision and technical optimisation of the online shop
  • Communication with customers
  • Marketing measures (e.g. newsletters)
  • Analysis and improvement of our services

Legal bases:

  • Article 6(1)(b) GDPR (performance of a contract)
  • Article 6(1)(a) GDPR (consent)
  • Article 6(1)(f) GDPR (legitimate interest)

3. Cookie consent and consent management

We use Shopify’s cookie consent tool in order to obtain and document consent for the use of cookies as well as tracking and marketing services.

Users may adjust or withdraw their settings at any time via the consent tool.

Legal basis: Article 6(1)(a) GDPR
Storage period: until consent is withdrawn

4. Newsletter via Trustoo and Mailchimp (Single Opt-in)

For subscription to our newsletter, we use an email pop-up provided by the service Trustoo. Via this pop-up, we collect your email address for the purpose of sending newsletters.

Registration takes place using the single opt-in procedure. This means:

  • By entering your email address and submitting the form, you provide your explicit consent to receive our newsletter.
  • After registration, you will receive a welcome email which is purely informational and does not require any additional confirmation.

The collected data are subsequently transmitted to our newsletter service provider Mailchimp.

Provider:
The Rocket Science Group LLC
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308
USA

As part of the registration process, we process:

  • Email address
  • Date and time of registration
  • Technical information (e.g. IP address)

These data are stored in order to be able to demonstrate the consent given.

Legal basis: Article 6(1)(a) GDPR (consent)

Mailchimp processes personal data partly in the United States. The transfer is carried out on the basis of standard contractual clauses pursuant to Article 46 GDPR.

You may withdraw your consent at any time, for example via the unsubscribe link included in every newsletter.

5. Google Analytics 4

We use Google Analytics 4, provider:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Purpose: analysis of user behaviour and optimisation of our services
Data categories: IP address (truncated), usage data, device information
Legal basis: Article 6(1)(a) GDPR
Storage period: maximum 14 months
Third-country transfer: United States, standard contractual clauses

6. Meta Pixel (Facebook & Instagram)

Provider:
Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2
Ireland

Purpose: remarketing, reach measurement, personalised advertising
Legal basis: Article 6(1)(a) GDPR
Withdrawal: via cookie settings or Meta advertising settings

7. Product reviews via Judge.me

We use the Judge.me app (provider: Judge.me Ltd., United Kingdom) on our website to collect and display product reviews. When submitting a review, personal data such as name or pseudonym, email address, review content and technical usage data may be processed. As a rule, the email address is not displayed publicly.

Processing is carried out for the purpose of displaying customer opinions and improving our services, based on Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest).

Processing of data in third countries cannot be ruled out. Judge.me undertakes to implement appropriate measures to protect personal data in accordance with the requirements of the GDPR. Further information can be found in the provider’s privacy policy.

8. Other external services

8.1 Keepoala

Provider: Keepoala GmbH
Purpose: returns management, sustainability services
Legal basis: Article 6(1)(f) GDPR

8.2 Fether – Frequently Bought Together

Provider: Fether
Purpose: product recommendations
Data: anonymised usage data
Legal basis: Article 6(1)(f) GDPR

9. Payment service providers

Payment processing

For processing orders in our online shop, we process personal data required to carry out the respective payment transaction. This includes in particular name, billing and shipping address, email address, order information, IP address and payment-related data.

Payment processing is carried out via Shopify Payments and connected external payment service providers. We do not receive complete payment details (e.g. credit card numbers or bank account details).

Depending on the selected payment method, data are transferred to the following payment service providers:

  • PayPal
    PayPal (Europe) S.à r.l. et Cie, S.C.A.
    22–24 Boulevard Royal
    L-2449 Luxembourg
  • Klarna
    Klarna Bank AB (publ)
    Sveavägen 46
    111 34 Stockholm
    Sweden
  • Apple Pay
    Apple Inc.
    One Apple Park Way
    Cupertino, CA 95014
    USA
  • Google Pay
    Google Ireland Limited
    Gordon House, Barrow Street
    Dublin 4
    Ireland
  • Credit card (Visa, Mastercard, etc.)
    Processed via Shopify Payments / Stripe
    Stripe Payments Europe Ltd.
    1 Grand Canal Street Lower
    Dublin 2
    Ireland
  • Prepayment / bank transfer
    Processing exclusively for payment allocation and accounting purposes

Data are transferred exclusively for the purpose of payment processing on the basis of
Article 6(1)(b) GDPR (performance of a contract).

In some cases, personal data may be transferred to recipients in third countries (e.g. USA). In such cases, the transfer is carried out on the basis of appropriate safeguards pursuant to Article 46 GDPR, in particular EU standard contractual clauses.

Further information on data processing can be found in the privacy policies of the respective payment service providers.

10. Rights of data subjects

You have the right at any time to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Withdrawal of granted consent

Contact: info@lana-organic.de

11. Storage period

Personal data are stored only for as long as required for the respective purpose or as required by law.

12. Transfer to third countries

Transfers of data to third countries (e.g. United States, Canada) are carried out exclusively in compliance with the GDPR, in particular on the basis of standard contractual clauses.

13. Contact

LANA Organic GmbH
Weststr. 38
52074 Aachen
Germany
info@lana-organic.de