“`html

Privacy Policy

This Privacy Policy explains how German Drugstore collects, uses, and protects personal data when you visit our website and/or purchase products.

1. Data Controller

The controller responsible for data processing on this website is:

German Drugstore
Krossener Str. 15
10245 Berlin
Germany
Email: info@german-drugstore.com

2. Data We Collect

Depending on your interaction with our website, we may process the following categories of personal data:

  • Identity and contact data (e.g., name, email address, phone number)
  • Billing and shipping information
  • Order and transaction data (e.g., items purchased, amounts, timestamps)
  • Payment-related data (processed via our payment provider)
  • Technical data (e.g., IP address, device type, browser information, access logs)
  • Website usage data (analytics data, where consent is given)

3. Purposes of Processing

We process personal data for the following purposes:

  • Operating and securing the website
  • Creating and managing customer orders
  • Payment processing
  • Shipping, delivery, and returns handling
  • Customer service and communication
  • Compliance with legal obligations (e.g., tax and retention requirements)
  • Website analytics and performance optimization (only with consent where required)

4. Legal Bases (GDPR)

We process personal data on the following legal bases under Art. 6 GDPR:

  • Art. 6(1)(b) GDPR – performance of a contract (order processing, delivery, returns)
  • Art. 6(1)(c) GDPR – compliance with legal obligations (e.g., tax law retention)
  • Art. 6(1)(f) GDPR – legitimate interests (website security, fraud prevention, service stability)
  • Art. 6(1)(a) GDPR – consent (e.g., analytics cookies/technologies where required)

5. Payment Processing (PayPal)

Payments are processed via PayPal. If you choose PayPal as a payment method, necessary data will be transmitted to PayPal to process the payment and for fraud prevention.

Provider:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

Legal basis: Art. 6(1)(b) GDPR (contract performance) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in secure payment processing and fraud prevention).

6. Shipping Providers (DHL, FedEx)

To deliver orders, we share necessary shipping data with our logistics partners. This may include name, address, and—where required for delivery—email address and phone number.

  • DHL Paket GmbH (Germany)
  • FedEx (United States)

Legal basis: Art. 6(1)(b) GDPR (contract performance).

7. Web Hosting (Rocket.net)

Our website is hosted by Rocket.net. The hosting provider processes technical data (e.g., IP address and access logs) to deliver the website, ensure stability, and maintain security.

Provider:
Rocket.net, LLC
United States

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation).

8. Website Analytics (Google Analytics 4)

This website uses Google Analytics 4 (GA4) to understand how visitors interact with our website and to improve performance and user experience.

Provider:
Google Ireland Ltd.
Gordon House, Barrow Street
Dublin 4, Ireland

GA4 uses cookies and similar technologies to collect usage information (e.g., pages visited, interactions, device and browser information, approximate location). IP anonymization is enabled where possible.

The data retention period for user-level data in Google Analytics is set to 14 months.

Legal basis: Art. 6(1)(a) GDPR (consent). Google Analytics is activated only if you consent via our cookie settings. You can withdraw consent at any time by adjusting your cookie preferences.

9. Cookies & Consent Management

We use cookies and similar technologies to operate the website and, where applicable, to analyze usage. Where required by law, we will ask for your consent before setting non-essential cookies.
You can manage or withdraw your consent at any time via your cookie settings.

10. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA) or process data in countries outside the EEA (e.g., United States). In such cases, personal data may be transferred internationally.

Where required, we use appropriate safeguards to protect personal data, such as the European Commission’s Standard Contractual Clauses (SCCs), and implement additional measures where appropriate.

11. Data Retention

We store personal data only as long as necessary for the purposes described above or as required by law (e.g., statutory retention obligations). When data is no longer needed, it will be deleted or anonymized.

12. Your Rights (GDPR)

Under the GDPR, you have the following rights, subject to legal requirements:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR), where processing is based on consent

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For Berlin, the competent authority is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Germany

14. Contact

For privacy-related requests, please contact:
info@german-drugstore.com

Last updated: March 2026

“`