Shop 🇩🇪 German GmbH · VAT ID: DE-455266655
Shop 🇩🇪 German GmbH · VAT ID: DE-455266655
header icon
[ivory-search id="10760" title="green.one"]
header icon
Dispatched from Germany
Free shipping starts at 30 €
header icon
100% Legal EU Hemp
<0.2% THC · EU Compliant

Privacy Policy

Privacy Policy

green.one® – ETHERKRAFT UG (haftungsbeschränkt)

Legal Notice: The German version of this Privacy Policy (Datenschutzerklärung) is the sole legally binding document in accordance with the GDPR and German law. This English translation is provided for informational purposes only and is not legally binding.

Data Controller

ETHERKRAFT UG (haftungsbeschränkt)
Trading name: green.one®
Mergenthalerallee 73–75, 65760 Eschborn, Germany
Privacy Contact: [email protected]
Commercial Register: HRB 138552, District Court Frankfurt am Main
VAT ID: DE365337460

1. Scope and Principles

This Privacy Policy applies to the website and online shop operated under green.one® and all associated functions (payments, shipping, customer account, newsletter, email marketing, social links), including the use of a Content Delivery Network (Cloudflare).

Personal data is processed in strict accordance with the GDPR, and in particular the principle of storage limitation: data is retained only for as long as necessary for the stated purposes or as required by law. Thereafter it is securely deleted or irreversibly anonymised.

🔒 Our Privacy Principle: We operate all data-sensitive analytics tools and marketing systems exclusively on our own private servers located in Germany — fully under our control, with no data transfer to external third-party providers. This applies equally to web analytics (Matomo) and email marketing (Mautic).

2. Purposes and Legal Bases of Processing

We process your data for the following purposes on the legal bases indicated:

Purpose Legal Basis (GDPR)
Operating the shop, contract performance (orders, payments, shipping) Art. 6(1)(b)
Compliance with legal obligations (e.g. statutory retention for tax purposes) Art. 6(1)(c)
Legitimate interests (IT security, fraud prevention, CDN, anonymised web analytics) Art. 6(1)(f)
Your explicit consent (newsletter subscription, email marketing, social media plugins) Art. 6(1)(a)

3. Processing Activities in Detail

Website Hosting & CDN (Cloudflare)

To enhance the security and performance of our website, we use the Content Delivery Network (CDN) provided by Cloudflare. Each time you access the site, technical data including your IP address is transmitted to Cloudflare servers. This serves our legitimate interest in operating a secure and efficient website (Art. 6(1)(f) GDPR).

Shop, Customer Account, Payment & Shipping

To process your order, we handle your personal, contractual and contact data. If you create a customer account, your data is stored to simplify future orders. For payment and delivery, we work with external service providers — Viva.com for payments and DHL for shipping — to whom the necessary data is transmitted.

Note on Third-Party Providers: We have no control over data processing carried out by these external providers. Their use is, however, necessary for the performance of the contract with you (Art. 6(1)(b) GDPR).

Web Analytics with Matomo (Self-Hosted, Fully Anonymised)

Your privacy is our priority. Especially in the sensitive CBD sector, we place great importance on maximum discretion. We therefore completely refrain from using external analytics tools such as Google Analytics or similar services that transfer data to the US. Instead, we use Matomo, a privacy-friendly open-source solution operated exclusively on our own private server of ETHERKRAFT UG in Germany.

✓ Open Source 🇩🇪 Server in Germany 🔒 No Third Parties 👁 No User Profiles
  • Full IP Anonymisation: Your IP address is truncated immediately upon collection, making personal identification impossible.
  • No User Profiles: No personal user profiles are created at any time. All analysis is carried out on an aggregated and anonymised basis only.
  • No Data Transfer: All analytics data remains on our own server and is never shared with or sold to any third party.
  • Right to Object: You may opt out of data collection by Matomo at any time via your cookie settings or by activating the DNT (Do Not Track) signal in your browser.

Processing is based on our legitimate interest in improving our website without compromising your privacy (Art. 6(1)(f) GDPR).

Email Marketing & Newsletter with Mautic (Self-Hosted)

For our newsletter and internal email marketing, we use Mautic, an open-source marketing automation platform. Mautic is operated exclusively on ETHERKRAFT UG’s own private server in Germany — fully owned and under our sole control.

✓ Open Source 🇩🇪 Server in Germany 🔒 No External Email Provider ✉ Double Opt-In
  • No Third-Party Sharing: Your email address and all data associated with your newsletter subscription are never passed on to external marketing providers (such as Mailchimp, Klaviyo or similar).
  • Double Opt-In: Your subscription is only activated after explicit confirmation via a confirmation link (Art. 6(1)(a) GDPR).
  • Full Control: We store and manage all subscriber data exclusively in-house. No data transfer to third countries.
  • Easy Unsubscribe: Every email contains an unsubscribe link. Upon withdrawal of your consent, your data will be removed from our marketing list without delay.

If you have any questions about data stored in connection with the newsletter, please contact: [email protected].

Contact Form & Direct Enquiries

When you contact us via our form or by email, we process your information solely to handle your enquiry (Art. 6(1)(b) or (f) GDPR). The data will not be used for advertising purposes unless you have provided separate consent.

4. Retention and Deletion

Retention periods are determined according to purpose and legal requirements. Once the purpose has been fulfilled or the retention period has expired, data is routinely deleted, anonymised, or pseudonymised. Specific periods arise in particular from statutory provisions (e.g. 10 years for tax-relevant documents under § 147 German Fiscal Code / § 257 German Commercial Code) and technical requirements (e.g. short-term storage of security log files).

5. Your Rights as a Data Subject

Under the GDPR, you have comprehensive rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”, Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) — competent authority: The Hessian Commissioner for Data Protection and Freedom of Information (HBDI)

To exercise your rights, please contact us at the email address below.

Privacy Contact

For all enquiries regarding your data and to exercise your rights, please contact:
Email: [email protected]