Privacy Policy

## Privacy Policy

**Last updated: July 17, 2025**

### 1. Data Controller

**Growshop Online**
Address: Porzellangasse 33,1090 Vienna, Austria
Email: sales@deingrowshoponline.com

 Phone: +4369911161161
**Data Protection Officer (DPO)**:  Growshoponline.com,

Email: sales@growshoponline.com

This privacy policy applies to all processing of personal data in connection with our online shop in Europe and the EEA countries.

### 2. What data do we process & purpose

| Data category | Purpose | Legal basis |
| Name, address, email, phone number | Contract execution, shipping & customer service | Art. 6 (1) lit. b GDPR |
| Payment data (to external PSPs) | Payment processing | Art. 6 (1) lit. b GDPR |
| IP address, browser data | technical function, security, statistics | Art. 6 (1) lit. f GDPR ([reddit.com][1], [VitalAbo Online Shop Europe][2], [PATLITE Europe - Online Shop][3]) |
| Newsletter data (email, name) | Marketing (only with consent) | Art. 6 (1) lit. a GDPR |
| Cookie consent / tracking | individual consent for analysis tools | Art. 6 (1) lit. c & f GDPR |

#### Technical Data & Server Logs

During page access, general technical data (e.g., operating system, referrer, time) and IP addresses are automatically collected. They serve to improve website usability, optimization, and IT security and are based on legitimate interests (Art. 61f GDPR).

### 3. Disclosure & Third-Country Transfers

* **Service providers in the EU/EEA** (payment providers, shipping, hosting): Data is only disclosed for the purpose of concluding a contract, subject to a data processing agreement (Art. 28 GDPR).
* **Transfer to third countries outside the EU/EEA** only with an existing adequacy decision or standard contractual clauses – or with the user's express consent, in any case for information purposes in accordance with Art. 491a GDPR ([VitalAbo Online Shop Europe][2]).

### 4. Storage Period

* **Contract data** (e.g., name, address, payment details): until the end of the statutory retention periods (e.g., 10 years for accounting).
* **Newsletter addresses**: until **revocation of consent**, subsequently deleted or if a blacklist is used in accordance with Art. 6 (1) (f) GDPR.
* **Server logs, technical data**: anonymized or deleted as soon as they are no longer required for the purpose, unless there are statutory retention obligations.

### 5. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

* **Information** (Art. 15)
* **Correction** of inaccurate data (Art. 16)
* **Erasure** (Art. 17)
* **Restriction of Processing** (Art. 18)
* **Objection** in the case of legitimate interest or direct marketing (Art. 21)
* **Data Portability** (Art. 20)
* **Revocation** of consent granted (Art. 7)

Please send inquiries in writing or via email to: **[sales@growshoponline.com](mailto: sales@growshoponline.com)**. We will respond within one month (Art. 12 GDPR).

### 6. Cookies & Tracking Technologies

* We use **technically necessary cookies** (e.g., session cookies, shopping cart) – **no opt-in required** (Art. 61b/f GDPR).
* **Analysis and marketing cookies** (e.g., Google Analytics, AdWords, Tag Manager): only **after active consent** via cookie banner, before loading activating scripts. A cookie consent tool enables granular opt-in and revocation at any time ([shop.maisoncommon.com][4], [reddit.com][5]).

### 7. Profiling / Marketing

* Users with explicit consent may be profiled for personalized marketing or retargeting.
* **Profiling only occurs with consent**, is transparent, and can be revoked at any time (Art. 22 GDPR).

### 8. Technical & Organizational Security