Skip to content
Natural support for cholesterol and blood sugar balance ❤️
The juice that everyone wants 🍷
Free shipping for all orders over €40 📦

Privacy Policy

Privacy Policy

Status: 28 July 2025

This Privacy Policy informs you pursuant to Art. 13 et seqq. GDPR, § 165 Telecommunications Act 2021 (TKG) and other applicable regulations about the nature, scope and purposes of the processing of personal data within our online offering (hereinafter “Website”) and the associated external presences (e.g. social media profiles).


1. Data Controller

BerBerSan GmbH
Pfarrgasse 677, 8970 Schladming, Austria
E‑Mail: info@berbersan.at

(“we”, “us”)

No data protection officer is mandatory under current law. For privacy inquiries, please contact the Managing Director.


2. Definitions

The terms used (e.g. “personal data”, “processing”, “controller”) correspond to the definitions in Art. 4 GDPR.


3. Purposes of Processing, Legal Bases and Data Categories

We process personal data only to the extent necessary. Legal bases include Art. 6 (1) lit. a GDPR (consent), lit. b (contract/contract negotiation), lit. c (legal obligation) and lit. f GDPR (legitimate interest).

3.1 Website Visit / Server Log Files

  • Data: IP address, date/time, requested URL, referrer URL, browser type/version, operating system, provider.

  • Purpose: Technical operation, security (attack prevention), stability, error analysis.

  • Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure operation).

  • Retention: Log files are automatically deleted regularly (max. 30 days), unless security-related analysis is required.

3.2 Cookies and Similar Technologies

We use cookies and similar technologies (e.g. Local Storage, pixels).

  • Necessary Cookies (e.g. cart, login): Art. 6 (1) lit. b GDPR & § 165 (3) TKG.

  • Functional & Performance Cookies (e.g. preferences): Art. 6 (1) lit. a GDPR.

  • Analytics & Marketing Cookies (e.g. Google Analytics, Google Ads, Meta Pixel): Art. 6 (1) lit. a GDPR.

You can withdraw your consent at any time for the future or change your settings by emailing us.

A list of the cookies used can be found in section 11.

3.3 Consent Management Tool (CMP)

  • Data: Consent status, timestamp, device/browser data, anonymous ID.

  • Purpose: Documenting consents, managing cookie preferences.

  • Legal basis: Art. 6 (1) lit. c GDPR (documentation requirement), lit. f GDPR (legitimate interest in legally compliant consent collection).

3.4 Contact Requests (Form, E‑Mail, Phone)

  • Data: Name, email address, message content, optionally phone number.

  • Purpose: Handling your request.

  • Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) or lit. a GDPR (consent for voluntary info).

  • Retention: Until final processing and thereafter according to statutory retention periods.

3.5 Orders, Customer Account and Contract Fulfillment (Shop)

  • Data: Master data (name, address, email), order data, payment data (see 3.6), communication data.

  • Purpose: Order processing, delivery, customer service, accounting.

  • Legal basis: Art. 6 (1) lit. b GDPR; legal obligations (Art. 6 (1) lit. c GDPR, e.g. tax retention).

  • Retention: 7 years (tax law) or until expiry of warranty and limitation periods.

3.6 Payment Service Providers

We use external payment providers (e.g. Stripe, PayPal, Klarna – please specify).

  • Data: Payment method, transaction ID, invoice data.

  • Legal basis: Art. 6 (1) lit. b GDPR.

  • Note: Payment providers process data independently under their own privacy policies.

3.7 Shipping Service Providers

For delivery we share address data with shipping companies (e.g. Austrian Post, DPD).

  • Legal basis: Art. 6 (1) lit. b GDPR.

3.8 Newsletter / Direct Marketing

  • Data: Email address, phone number, name.

  • Purpose: Sending information about products and offers.

  • Legal basis: Art. 6 (1) lit. a GDPR (consent) or § 174 TKG (existing customer exception).

  • Withdrawal: Possible at any time by email.

3.9 Web Analytics & Reach Measurement (e.g. Google Analytics 4)

  • Data: IP address (anonymized), device info, usage behavior, events.

  • Legal basis: Art. 6 (1) lit. a GDPR.

  • IP Anonymization: Enabled.

  • Processor Agreement: Concluded with Google.

  • Third‑Country Transfer: USA (Standard Contractual Clauses, additional safeguards).

3.10 Online Marketing (e.g. Google Ads, Meta Pixel)

  • Purpose: Conversion tracking, remarketing, campaign optimization.

  • Legal basis: Art. 6 (1) lit. a GDPR.

  • Objection/Withdrawal: Via cookie settings or providers’ opt‑out links.

3.11 Social Media Profiles

We maintain profiles on Facebook/Instagram, TikTok, LinkedIn, etc. Data processing is joint with each platform provider. Please refer to their privacy notices.

3.12 Hosting & CDN

Our Website is hosted via Shopify (Shopify International Ltd., Ireland / Shopify Inc., Canada).

  • Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient delivery).

  • Processor Agreement: Concluded with Shopify.

  • Third‑Country Transfer: Standard Contractual Clauses.


4. Recipients and Categories of Recipients

  • IT/hosting service providers

  • Payment and shipping providers

  • Newsletter/email service providers (e.g. Klaviyo, Mailchimp)

  • Analytics and marketing providers (Google, Meta, etc.)

  • External advisors (tax consultants, lawyers)


5. Transfers to Third Countries

Transfers to countries outside the EU/EEA occur only if an adequacy decision by the EU Commission exists (e.g. Canada) or suitable safeguards (e.g. Standard Contractual Clauses) are in place along with additional protective measures.


6. Data Retention

We retain personal data only as long as necessary for the respective purpose or as required by law. Afterwards, data is deleted or anonymized.


7. Your Rights (Data Subject Rights)

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of Processing (Art. 18 GDPR)

  • Data Portability (Art. 20 GDPR)

  • Objection to processing based on Art. 6 (1) lit. e or f GDPR (Art. 21 GDPR)

  • Withdraw Consent (Art. 7 (3) GDPR) with future effect

You also have the right to lodge a complaint with the Austrian Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
Phone: +43 1 521 52‑25 69
E‑Mail: dsb@dsb.gv.at
Web: www.dsb.gv.at


8. Automated Decision-Making / Profiling

No automated decision-making within the meaning of Art. 22 GDPR takes place. Profiling occurs only within marketing and analytics tools based on your consent.


9. Data Security

We use SSL/TLS encryption and implement technical and organizational measures to protect your data against loss, destruction or unauthorized access.


10. Changes to this Privacy Policy

We update this Privacy Policy as needed (e.g. new technologies, legal changes). The version published on the Website applies.


11. Cookie Overview

(Example structure – please fill with your actual shop/tool cookies.)

11.1 Necessary Cookies

Name Provider Purpose Duration
_shopify_y Shopify Session ID/Analytics (shop function) 1 year
cart Shopify Cart function 2 weeks

11.2 Preferences / Functional

Name Provider Purpose Duration
locale Own cookie Store language selection 1 year

11.3 Statistics / Analysis

Name Provider Purpose Duration
_ga Google Analytics User identification 2 years
_gid Google Analytics Session analysis 24 hours

11.4 Marketing / Tracking

Name Provider Purpose Duration
_fbp Meta Platforms Inc. Remarketing / conversion tracking 3 months
IDE Google Ads Conversion / retargeting 1 year

 


12. Contact for Privacy Concerns

If you have questions about the processing of your personal data, please contact:
info@berbersan.at