Privacy Policy

1) Introduction and contact details of the controller

We are delighted that you have visited our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data is any data that can be used to identify you personally.

The data controller for this website, within the meaning of the General Data Protection Regulation (GDPR), is Conscious U GmbH, Alte Jakobstr. 121, 10969 Berlin, Germany.

You can contact us by telephone: +49 30 69564585, email: office@conscious-u.com. The controller responsible for processing personal data is the natural or legal person who determines the purposes and means of processing personal data, either alone or jointly with others.

2) Data collection when you visit our website

2.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called ‘server log files’). When you visit our website, we collect the following data, which is necessary for us to display the website to you:

  • Which of our websites you visited;  
  • The date and time of access;
  • The amount of data sent in bytes;
  • The source/reference from which you accessed the page;
  • The browser used;
  • The operating system used;
  • The IP address used (if applicable, in anonymised form).

The processing is carried out in accordance with Article 6. 6(1) f GDPR, based on our legitimate interest in improving the stability and functionality of our website. This data will not be shared or used for any other purpose. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use. For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the ‘https://’ string and the lock symbol in your browser.

3) Hosting and content delivery network

3.1 We use a provider that hosts our website and displays page content exclusively on servers within the European Union, either directly or through selected subcontractors. All data collected on our website is processed on these servers. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorised disclosure to third parties.

3.2. Cloudflare
We use a content delivery network from the following provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. This service allows us to deliver large media files, such as graphics, page content and scripts, more quickly via a network of regionally distributed servers. This processing is conducted to safeguard our legitimate interest in improving the stability and functionality of our website, in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorised disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and enable certain functions, we use cookies (small text files stored on your device). Some of these cookies are automatically deleted when you close your browser (so-called ‘session cookies’), while others remain on your device for a longer period of time and enable page settings to be stored (so-called ‘persistent cookies’). You can find the storage period for these cookies in the overview of your web browser’s cookie settings.

If individual cookies used by us also process personal data, this is carried out in accordance with Art. 6 para. 1 lit. b GDPR, for example, for the performance of a contract in accordance with Art. 6 para. 1 lit. a GDPR if you have given your consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the website functions optimally and is designed in a way that is user-friendly and effective. 1 lit. f GDPR, to safeguard our legitimate interests in ensuring the website is as functional, customer-friendly, and effective as possible.

You can configure your browser to notify you when cookies are set, allowing you to decide whether to accept them or exclude their use in specific cases or generally. Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contact

When you contact us (e.g. via the contact form or email), we will process your personal data solely for the purpose of processing and responding to your enquiry, and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request, in accordance with Article 6(1)(f) of the GDPR. 6 para. 1 lit. f GDPR. If your enquiry relates to a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if the circumstances make it clear that the matter in question has been conclusively clarified, unless there are legal storage obligations to the contrary.

6) Data processing when opening a customer account.

In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. 1 lit. b GDPR, we will continue to collect and process your personal data to the extent necessary when you provide it to us in order to open a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the controller’s address above. Once your account has been deleted, your data will be deleted, provided that all contracts concluded via this account have been fully processed and there are no statutory retention periods or legitimate interests preventing this.

7) Use of customer data for direct marketing

7.1 Registration for our email newsletter
If you register for our email newsletter, we will regularly send you information about our offers. The only information we require to send you the newsletter is your email address. Providing further data is optional and will be used to address you personally.

We use the double opt-in procedure to send the newsletter, which ensures that you will only receive it once you have confirmed your consent by clicking on a verification link sent to the email address you provided. By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR.

We will store the IP address assigned to you by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your email address at a later date. The data collected when you register for the newsletter will be used for this purpose only.

You can unsubscribe from the newsletter at any time via the link provided or by contacting the controller named above. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to us using your data for other purposes, or unless we are permitted by law to use your data in a manner that is not prohibited by this statement.

7.2 Brevo
Our email newsletters are sent via this provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.

Based on our legitimate interest in effective, user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter to this provider, in accordance with Art. 6 para. 1 lit. f GDPR, so that they can send you the newsletter on our behalf. Subject to your express consent in accordance with Art. 6(1) a GDPR, the provider also conducts statistical evaluations of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent. This allows them to measure opening rates and specific interactions with the newsletter content. In doing so, end device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with future effect. We have concluded a data processing agreement with the provider to protect the data of our website visitors and prohibit its transfer to third parties.

8) Data processing for order processing

8.1 Insofar as necessary for executing the delivery and payment contracts, we will pass on the personal data collected by us to the transport company and credit institution commissioned by us, in accordance with Art. 6 para. 1 lit. b GDPR. If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or digital products, we will process the contact details you provided when placing your order to inform you personally within the scope of our legal information obligations in accordance with Art. 6 para. 1 lit. c GDPR.

We will use your contact details strictly for the purpose of notifying you of updates that we owe you and will only process them to the extent necessary for the respective information.

In order to process your order, we also collaborate with the following service provider(s), who assist us in executing concluded contracts, either wholly or in part. Certain personal data will be transferred to these service providers in accordance with the following information.

8.2 Use of payment service providers (payment services)

One or more of the following online payment methods are available on this website:

Micropayment GmbH, Scharnweberstraße 69, 12587 Berlin, Germany. If you select a payment method from this provider that requires advance payment (such as credit card payment), the following information will be passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will be transferred exclusively for the purpose of payment processing with the provider, and only to the extent necessary for this purpose.

PayPal

One or more online payment methods from PayPal are available on this website. PayPal (Europe) S.A.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method from PayPal that requires advance payment, the details you provide during the ordering process (including your name, address, bank and payment card information, the currency used and the transaction number) will be passed on to PayPal in accordance with Art. 6 para. 1 lit. b GDPR.

This information will only be used for the purpose of processing the payment with PayPal and will only be transferred to the extent necessary for this purpose. 6 para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method that requires advance payment, you will be asked to provide certain personal data during the order process, such as your first and last name, street address, postcode, town, date of birth, email address and telephone number. If applicable, you will also be asked to provide details of an alternative means of payment.

In such cases, to protect our legitimate interest in determining your creditworthiness, we will forward this data to the provider for a credit check, in accordance with Art. 6 para. 1 lit. f GDPR.

The provider will check whether the payment option you have selected can be granted based on the personal data you have provided and other information (e.g. shopping basket, invoice amount, order history, payment history). The credit check may contain probability values (so-called score values). If score values are included in the credit assessment result, they are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, are included in the calculation of the score values. You can object to this processing of your data at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for payment processing under the contract.

9) Online marketing

9.1 Brevo Tracker
This website uses the following provider’s software-based marketing service for the provision and synchronisation of various customer management services: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

The service enables automated processing of feed activities, control of advertising in used marketing channels and analysis of the success of marketing measures, as well as centralised email marketing and contact management. Cookies, which are small text files stored locally in your web browser’s cache on your device, perform various functions and enable us to analyse your use of the website. These cookies collect information such as your IP address, location, and the time you accessed the website.

All of the above processing, particularly the setting of cookies to read information from your device, will only be conducted if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by deactivating this service in the ‘Cookie Consent Tool’ provided on the website, with effect for the future.

Further legal bases for data processing apply in the context of specific service functions (such as the requirement for express consent in accordance with Art. 6 para. 1 lit. a GDPR for sending newsletters). We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorised disclosure to third parties.

9.2 Digistore24 affiliate programme
We participate in the affiliate programme of the following provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany.

In this context, we have placed links on our website that lead to offers on the provider’s or third parties’ websites (‘partner sites’). To measure the success of an affiliate link, evaluate orders generated via such a link, and pay commissions accordingly, the provider uses cookies and/or comparable technologies. These are generally set on the partner sites, for which we are not responsible under data protection law. In doing so, the provider also regularly processes the IP address and, if necessary, further information about the end device.

All of the above processing, particularly the reading or storage of information on your end device, will only take place if you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by using the cookie consent management options on the partner sites.

10) Website functionalities

11.1 Collmex

We use the cloud-based accounting software service provided by Collmex GmbH for our accounting. Collmex GmbH, Lilienstr. 37, 66119 Saarbrücken, Germany.

The provider processes incoming and outgoing invoices, as well as our company’s bank transactions, if necessary, in order to carry out automatic reconciliation. This is done on the basis of our legitimate interest in efficiently organising and documenting our business processes.

11.2 Cookie consent tool

This website uses a cookie consent tool to obtain user consent for cookies and applications that require it. This tool is displayed to users when they visit the website in the form of an interactive interface through which they can give their consent to certain cookies and/or applications by ticking the relevant boxes. When using this tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the box. This ensures that such cookies are only set on the user’s device if consent has been given. The tool sets technically necessary cookies to store your cookie preferences. No personal user data is processed in this process. However, if the storage, assignment or logging of cookie settings does involve the processing of personal data (such as the IP address), this is done in accordance with Art. 6 para. 1 lit. f GDPR.

Assigning or logging cookie settings is done in accordance with Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in legally compliant, user-specific and user-friendly cookie consent management and consequently in the legally compliant design of our website. A further legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are legally obliged to make the use of cookies that are not necessary for technical reasons dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorised disclosure to third parties. Further information on the operator and the cookie consent tool settings can be found in the corresponding user interface on our website.

11) Tools und Sonstiges

11.1  – Collmex    
Für die Erledigung der Buchhaltung nutzen wir den Service der cloudbasierten Buchhaltungssoftware des folgenden Anbieters: Collmex GmbH, Lilienstr. 37, 66119 Saarbrücken, Deutschland

Der Anbieter verarbeitet Eingangs- und Ausgangsrechnungen sowie ggf. auch die Bankbewegungen unseres Unternehmens, um Rechnungen automatisch zu erfassen, zu den Transaktionen zu matchen und hieraus in einem teilautomatisierten Prozess die Finanzbuchhaltung zu erstellen.

Sofern hierbei auch personenbezogene Daten verarbeitet werden, erfolgt die Verarbeitung auf Basis unseres berechtigten Interesses an einer effizienten Organisation und Dokumentation unserer Geschäftsvorgänge.

11.2 Cookie-Consent-Tool 
Diese Website nutzt zur Einholung wirksamer Nutzereinwilligungen für einwilligungspflichtige Cookies und cookie-basierte Anwendungen ein sog. „Cookie-Consent-Tool“. Das „Cookie-Consent-Tool“ wird Nutzern bei Seitenaufruf in Form einer interaktiven Benutzeroberfläche angezeigt, auf welcher sich per Häkchensetzung Einwilligungen für bestimmte Cookies und/oder cookie-basierte Anwendungen erteilen lassen. Hierbei werden durch den Einsatz des Tools alle einwilligungspflichtigen Cookies/Dienste nur dann geladen, wenn der jeweilige Nutzer entsprechende Einwilligungen per Häkchensetzung erteilt. So wird sichergestellt, dass nur im Falle einer erteilten Einwilligung derartige Cookies auf dem jeweiligen Endgerät des Nutzers gesetzt werden.

Das Tool setzt technisch notwendige Cookies, um Ihre Cookie-Präferenzen zu speichern. Personenbezogene Nutzerdaten werden hierbei grundsätzlich nicht verarbeitet.

Kommt es im Einzelfall zum Zwecke der Speicherung, Zuordnung oder Protokollierung von Cookie-Einstellungen doch zur Verarbeitung personenbezogener Daten (wie etwa der IP-Adresse), erfolgt diese gemäß Art. 6 Abs. 1 lit. f DSGVO auf Basis unseres berechtigten Interesses an einem rechtskonformen, nutzerspezifischen und nutzerfreundlichen Einwilligungsmanagement für Cookies und mithin an einer rechtskonformen Ausgestaltung unseres Internetauftritts.

Weitere Rechtsgrundlage für die Verarbeitung ist ferner Art. 6 Abs. 1 lit. c DSGVO. Wir unterliegen als Verantwortliche der rechtlichen Verpflichtung, den Einsatz technisch nicht notwendiger Cookies von der jeweiligen Nutzereinwilligung abhängig zu machen.

Soweit erforderlich, haben wir mit dem Anbieter einen Auftragsverarbeitungsvertrag geschlossen, der den Schutz der Daten unserer Seitenbesucher sicherstellt und eine unberechtigte Weitergabe an Dritte untersagt.

Weitere Informationen zum Betreiber und den Einstellungsmöglichkeiten des Cookie-Consent-Tools finden Sie direkt in der entsprechenden Benutzeroberfläche auf unserer Website.

12) Rights of the data subject

12.1 The applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data:

  • Right to information pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent pursuant to Art. 7(3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR

12.2 Right to object

If we process your personal data on the basis of our overriding legitimate interest in the context of a balancing of interests, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future. If you exercise your right to object, we will stop processing the data concerned. Further processing remains reserved, however, if we can prove compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing is necessary for the assertion, exercise or defence of legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising. You can exercise your objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.

13) Storage duration of personal data

The storage duration of personal data is determined by the respective legal basis and purpose of processing, as well as by the applicable statutory retention period (e.g. commercial and tax retention periods), if applicable.

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data will be stored until consent is withdrawn. If data is processed within the scope of legal obligations or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for fulfilling or initiating a contract and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, the data will be stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Unless otherwise specified in the additional information provided in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Copyright notice: This privacy policy was created by the specialist lawyers at IT-Recht Kanzlei and is protected by copyright (https://www.it-recht-kanzlei.de).

 

Date: July 2025