Privacy Policy

Version: 09/2025

1. Controller

BGN Marketing GmbH

Geltinger Straße 33, 82515 Wolfratshausen, Germany

Managing Director: Jasmin Pusch

Commercial Register: HRB 256192, Local Court of Munich

VAT ID: DE329399693

Phone: +49 (0)8171 9060640

E-mail: info@bgn-marketing.de

Website: www.aloe-canarias.de

Data Protection Officer : Jasmin Pusch

2. Principles of Data Processing

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), only to the extent necessary for:

  • providing our website and services,
  • fulfilling contracts,
  • complying with legal obligations,
  • protecting legitimate interests, or
  • based on your consent.

Legal bases (Art. 6 (1) GDPR):

  • a) Consent,
  • b) Contract performance / pre-contractual measures,
  • c) Legal obligation,
  • f) Legitimate interest (e.g., secure and efficient website operation, prevention of misuse/fraud, marketing to existing customers).

3. Hosting and Server Log Files

When you access our website, our hosting provider automatically processes: IP address, date/time, requested content, HTTP status code, transferred data volume, referrer URL, browser and operating system, and provider.

Purpose / Legal basis: IT security and website functionality (Art. 6 (1) f GDPR).

Storage: Log data are usually deleted shortly after, unless longer storage is required for security or evidence.

Recipient: Hosting provider as data processor (processing agreement in place).

4. Cookies and Consent

We use necessary cookies (e.g., for shopping cart, login) and – if you consent – analytical and marketing cookies.

Legal basis:

  • Necessary cookies: Art. 6 (1) f GDPR in conjunction with § 25 (2) TTDSG (German law).
  • Analytics/marketing cookies: Art. 6 (1) a GDPR in conjunction with § 25 (1) TTDSG.

Withdrawal: You may change or withdraw consent at any time via the cookie banner.

5. Orders, Customer Accounts and Payments

When you place an order or create an account, we process identification, communication, contract and payment data.

Purpose / Legal basis: Contract performance (Art. 6 (1) b GDPR), legal obligations (Art. 6 (1) c GDPR).

Recipients: Shipping providers, payment providers, accounting/tax consultants, IT/shop service providers (data processors).

Storage: According to statutory retention periods (usually 6–10 years).

Payment methods (example: PayPal)

If you choose PayPal, the necessary personal data are transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg for payment processing.

Legal basis: Art. 6 (1) b GDPR (contract performance), and Art. 6 (1) f GDPR (fraud prevention).

6. Contact (E-mail or Form)

If you contact us, we process the data you provide for handling your request.

Legal basis: Art. 6 (1) b GDPR (contract-related requests) or Art. 6 (1) f GDPR (general requests).

Storage: Until the request is completed and subsequently in line with legal retention periods.

7. Newsletter & WhatsApp Updates (optional)

With your consent, we send you information about offers and news. For this purpose, we use the double opt-in procedure and log the registration (IP address, time).

Legal basis: Art. 6 (1) a GDPR, § 7 UWG (German law).

Withdrawal: You may unsubscribe at any time via the unsubscribe link or by contacting us.

Service provider: www.rapidmail.de

8. Registration / User Accounts

When registering, we additionally store time, IP and login data to prevent misuse.

Legal basis: Art. 6 (1) b and f GDPR.

Deletion/changes: Possible via the account or upon request (unless retention obligations apply).

9. Web Analytics & Marketing (if used)

With your consent, we may use analytics and marketing tools (e.g., Google Analytics/Ads, Meta Pixel, Pinterest Tag).

Legal basis: Consent (Art. 6 (1) a GDPR in conjunction with § 25 (1) TTDSG); for purely technical measurements, legitimate interest (Art. 6 (1) f GDPR).

Recipients / Third countries: EU/EEA or, if in the USA, with safeguards (EU Standard Contractual Clauses + additional measures).

Withdrawal: Consent can be withdrawn at any time via the cookie banner.

10. Social Media & Plugins

We maintain profiles on social networks (e.g., Instagram, Facebook, Pinterest, TikTok). Their providers’ terms and privacy policies apply when you visit them.

Integrated plugins (e.g., like/share buttons) may transmit data (IP, browser, page visited) to providers. We use “two-click solutions” or load such plugins only with consent.

Legal basis: Consent (Art. 6 (1) a GDPR) or legitimate interest (Art. 6 (1) f GDPR).

Examples of providers:

  • Meta Platforms Ireland Ltd. (Facebook/Instagram), 4 Grand Canal Square, Dublin, Ireland.
  • Pinterest Europe Ltd., Palmerston House, 2nd Floor, Dublin, Ireland.
  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, Ireland.

11. Data Sharing & Processing

We only share personal data if this is necessary for contract fulfillment, based on your consent, legal obligations, or legitimate interests.

All processors are bound by data processing agreements (Art. 28 GDPR).

12. International Transfers

Where data are transferred outside the EU/EEA (e.g., to the USA), we ensure an adequate level of protection via EU Standard Contractual Clauses, adequacy decisions, or other safeguards.

13. Storage Period

Personal data are stored as long as required for the purposes outlined, or as required by statutory retention periods. Afterwards, data are deleted or anonymised.

14. Your Rights (Art. 15–21 GDPR)

  • Right of access (information about your data),
  • Right to rectification,
  • Right to erasure (“right to be forgotten”),
  • Right to restriction of processing,
  • Right to data portability,
  • Right to object (e.g., to processing based on Art. 6 (1) e/f GDPR, including direct marketing and profiling),
  • Right to withdraw consent with effect for the future.

To exercise your rights, please contact us: info@bgn-marketing.de.

15. Right to Lodge a Complaint

You may lodge a complaint with a supervisory authority, e.g. the Bavarian Data Protection Authority (BayLDA).

16. Obligation to Provide Data

Certain data are necessary for contract conclusion and marked accordingly. Without these, orders cannot be processed.

17. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

18. Updates

We may update this privacy policy from time to time (e.g., when introducing new services or due to legal changes). The version published on our website applies.