We are pleased that you are visiting our website and that you are interested in the subject of data protection. So that you know when we collect which personal data and how we use this data, please note the information below.
The person responsible in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
Happy People GmbH
Building 64.08a, 3rd floor
Germany / Germany
Managing directors: Thomas Mrva, Ralf Steffan
Contact details of the data protection officer:
Building 64.08a, 3rd floor
Collection, processing and use of personal data
The legal basis for the collection, storage and processing of personal data can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Personal data is information that relates to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes in particular names, address data, telephone numbers or e-mail addresses. But information about preferences, memberships or, for example, previously visited websites can also represent personal data.
If you contact us (e.g. by e-mail or via our contact form), the data you transmit will be stored for the purpose of processing your request and for possible processing of follow-up questions. The legal basis for processing is the need to carry out pre-contractual measures in accordance with Article 6 (1) (b) GDPR. We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there are statutory storage obligations.
Use of the online shop
If you would like to order one of our products via our web shop, your personal data such as name, address, e-mail address and, if applicable, payment data must be provided in order to conclude the contract. We need this information to process your order. Mandatory information required for the processing of the contracts is marked separately, further information is voluntary. Payment data may be passed on to the respective bank or payment service provider. The legal basis for the processing is Art. 6 (1) lit. bDSGVO.
If you do not already have a customer account with us, you will be asked to create such a customer account as part of the ordering process. Your data and orders are saved there to make future purchases easier. When registering the customer account, the data you provide will be stored revocably. The deletion of your customer account is possible at any time and can be done either by sending a message to the above contact details or using a function provided for this purpose in the customer account.
Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we will restrict the processing. From this point on, only the data that is absolutely necessary to fulfill our commercial and tax obligations will be stored.
To prevent unauthorized access by third parties to your personal data, in particular payment data, the ordering process is encrypted.
Transfer to third parties
We transmit your personal data to third parties insofar as this is necessary to process orders (e.g. address data to our logistics service providers) or to process payments. The legal basis for the transmission is the need to fulfill a contract in accordance with Article 6 (1) (b) GDPR. Personal data will not be passed on to third parties for marketing or advertising purposes without your express consent.
Data transfer for age verification
According to § 10 of the Youth Protection Act, products containing nicotine and electronic cigarettes may not be given to children and young people. We are therefore obliged to ask and verify the age of a customer when they place their order for the first time. For this purpose, the date of birth is mandatory when creating a customer account. When you place your order for the first time, we carry out an age verification with the provider SCHUFA. For this purpose, your name, address and date of birth are sent to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The prerequisite is that you give your separate consent to this data transfer as part of the ordering process. legal reason
The basis for the transmission is Art. 6 (1) (a) GDPR (consent). You have the right to withdraw this consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. If you are not willing to provide your date of birth or do not agree to the transmission of the data to SCHUFA Holding AG, we cannot carry out an age verification and are therefore not allowed to carry out your order. We have concluded an agreement with SCHUFA Holding AG that ensures that your data is handled in accordance with data protection law.
Pay with PayPal
In our online shop you have the option of paying via PayPal. The payment is processed either via your PayPal account or via the credit card you have stored with PayPal or your bank account. In addition, PayPal offers buyer protection and escrow services.
If you select the PayPal payment service in the ordering process in our online shop, data will automatically be sent to PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. The transmission of personal data (first and last name, address, e-mail address, IP address, order data, delivery data) is required to carry out the payment if you decide to pay with PayPal.
Furthermore, the transmission of this data to PayPal serves our legitimate interest in fraud prevention and reducing our risk of default. The legal basis is Article 6 Paragraph 1 lit. b and f GDPR.
Payment by credit card
You also have the option of paying by credit card in our online shop. Payment is processed using our payment service provider, BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany.
Enter the credit card data required for the payment (credit card number, name of the cardholder, validity period of the credit card, security code) directly into an embedded form from our payment service provider. In the process, data is automatically transferred to BS PAYONE GmbH. The transmission is necessary for the processing of the payment and thus the execution of the contract with you. The legal basis is Article 6 (1) (b) GDPR.
You can access the data protection regulations of BS PAYONE GmbH at https://www.bspayone.com/DE/de/privacy.
Payment by invoice
You also have the option of paying on account in our online shop. Payment is processed using our payment service provider, BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany.
The purchase on account payment method requires a successful credit check by BS PAYONE GmbH. After you have clicked the button "Order with obligation to pay", a live credit check is carried out. In the process, data (name, address, date of birth) is automatically transmitted to BS PAYONE GmbH. The transmission is necessary for the processing of the payment and thus the execution of the contract with you. The legal basis is Article 6 (1) (b) GDPR.
You can access the data protection regulations of BS PAYONE GmbH at https://www.bspayone.com/DE/de/privacy.
Payment by direct transfer
In our online shop you also have the option of paying by direct bank transfer. This is a service of SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
When paying by 'Sofortüberweisung', data (IBAN, PIN and TAN of your online banking account) is automatically transferred to SOFORT GmbH. As part of the ordering process, you will be automatically forwarded to the secure payment form of SOFORT GmbH. Immediately afterwards you will receive the confirmation of the transaction. We will then receive the transfer credit directly. The transmission is necessary for the processing of the payment and thus the execution of the contract with you. The legal basis is Article 6 (1) (b) GDPR.
The data protection regulations of SOFORT GmbH can be accessed at www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
Payment by giropay
We also offer payment by giropay in our online shop. This is a service of giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany.
When paying by giropay, the payment details you provide during the ordering process are automatically transferred to giropay GmbH. As part of the ordering process, you will be automatically forwarded to the secure giropay GmbH payment form. giropay then authenticates the transaction using the authentication procedure stored at your bank. The payment amount will then be transferred from your account to our account. Neither we nor third parties have access to your account data. The transmission is necessary for the processing of the payment and thus the execution of the contract with you. The legal basis is Article 6 (1) (b) GDPR.
The data protection regulations of giropay GmbH can be accessed at https://www.giropay.de/srechtales/datenschutzerklaerung.
Server log files
Every time a user calls up our website, our hosting provider stores information in a log file. These so-called log files contain information about the date and time of the website visit, files or pages accessed, status codes, and system information such as browser, operating system and language and version of the browser interface. This data does not allow any direct conclusions to be drawn about the specific person.
In addition, IP addresses are also stored in log files. For us, these cannot easily be assigned to a specific person.
If you want to view our website, we collect the aforementioned data that is technically necessary for us to display our website to you and to ensure stability and security. The legal basis for processing is the need to safeguard our legitimate interests in accordance with Article 6 (1) (f) GDPR. The data will be deleted as soon as they are no longer required to achieve the respective purpose.
Our website uses so-called cookies. These are small files that are stored on your access device (computer, smartphone, tablet, etc.) and saved by your browser. They serve to increase the user-friendliness, effectiveness and security of our website. In addition, statistical data on website use can be collected with the help of cookies and analyzed to improve the offer. Cookies do not contain viruses and do not damage your access device.
We only store cookies that are not required for the operation of the website with your consent in accordance with Article 6 (1) (a) GDPR. You can also block the storage of cookies in your browser. Most web browsers allow some control over most cookies through the browser settings. For more information on blocking cookies, visit https://www.aboutcookies.org/. However, we would like to point out that certain functions of our website may no longer be available to you or may only be available to a limited extent after blocking.
Integration of the Trusted Shops Trustbadge / other widgets
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order.
This serves to safeguard our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible under Art. 26 GDPR. In the context of this data protection notice, we will inform you below about the essential contents of the contract in accordance with Art. 26 (2) GDPR.
The Trustbadge is provided as part of a shared responsibility by a US CDN (Content Delivery Network) provider. An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their data protection declaration.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. The IP address is anonymized immediately after collection, so that the stored data cannot be assigned to you personally. The anonymized data is used in particular for statistical purposes and for error analysis.
After completing the order, your hashed e-mail address using a one-way cryptographic function will be sent to Trusted Shops GmbH. The legal basis is Article 6 Paragraph 1 Clause 1 Letter f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. If this is the case, further processing takes place in accordance with the contractual agreement made between you and Trusted Shops. If you are not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also based on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.
As part of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH using the contact options given in the data protection information linked above if you have any questions about data protection and to assert your rights. Irrespective of this, you can always contact the responsible person of your choice. If necessary, your request will then be forwarded to the other person responsible for an answer.
Web analysis with Google (Universal) Analytics and Google Analytics 4
Our website uses Google (Universal) Analytics and Google Analytics 4, a web analytics service provided by Google Inc. (www.google.de). Google (Universal) Analytics and Google Analytics 4 use methods that enable an analysis of your use of the website, such as so-called "cookies", text files that are stored on your computer. The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link : http://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plugin, you can click this link to prevent future detection by Google Analytics on this website. An opt-out cookie is stored on your end device. If you delete your cookies, you must click the link again.
The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR.
We use the Google reCaptcha service to determine whether a person or a computer makes a specific entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website that you are visiting and on which the Captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect us from automated input (attacks).
You have the following rights towards us with regard to your personal data:
right to information,
right to rectification or erasure,
right to restriction of processing,
right to object to processing,
Right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Revocation of consent and objection to the processing of your data
We would like to point out that you can revoke any consent you have given to the processing of your data at any time. However, your revocation has no influence on data processing that has already taken place, but only applies to the future.
Insofar as we base the processing of your personal data on a balancing of interests within the meaning of Article 6 (1) (f) GDPR, you can object to the processing. A weighing of interests is carried out in particular if the processing is not necessary to fulfill a contract with you. The legal bases of the respective processing procedures can be found in this data protection declaration. If you exercise such an objection, we ask that you explain the reasons for this. In the event of a justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing.
Furthermore, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising using the contact details above.
Links to other websites
Our online offer may contain links to other websites. We have no influence on whether their operators comply with data protection regulations.