Privacy Policy

This Privacy Policy describes how your personal information is collected, used and shared when you use or make a purchase from (hereinafter “Website” or "Site").
Grüner Handels & Projekt GmbH (hereinafter “we” or “Pfaffi”) processes personal data when providing our services. The protection of personal data is an important concern for us and is therefore carried out in accordance with the applicable legal provisions for the protection of personal data and data security.

Personal Data: is all information that relates to an identified or identifiable natural person (hereinafter also referred to as the ‘data subject’). 
Processing: Any operation or set of operations which is performed with or without the aid of automated series of operations relating to personal data, such as collection, recording, organization, arrangement, storage, adaptation or alteration, reading, querying, use, disclosure by transmission, dissemination or dissemination or any other form of provision, alignment or linking, the restriction, deletion, or destruction.
Profiling: Any type of automated processing of personal data that consists of that personal data are used to identify certain personal aspects relating to a natural person. 
Controller: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Website - Cookies
Cookies are files that collect certain information from your terminal device. In order to make it easier for you to access our Website and to enable evaluations of visits to our Website, we store cookies on your terminal device and process the following data : 

- IP address
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software

As far as we obtain a consent, we process the data based on your consent as per Art 6 (1) lit a GDPR. 
As far as the data concerns logfiles and/or technically necessary cookies Art 6 (1) lit. f GDPR is the legal basis for the temporary storing of the data and logfiles to ensure the functionality of our Website. In case the processing of personal data is required for the fulfilment of a legal obligation that applies to us, Art 6 (1) lit c GDPR forms the legal basis. 
The processed categories of data and the storage period depend on the specific cookie (see below). 

There are different types of cookies:
"Session" cookies remain in your browser as long as you are on a Website and are deleted when you leave.
"Persistent" cookies remain in your browser even after your visit, unless you delete them yourself.
"Essential" cookies are mandatory for the construction or functioning of the website. Therefore, they cannot be deactivated. 
"Performance" cookies store information about your user behavior. Performance cookies serve to improve the functionality of the website.
"Functionality" cookies save decisions which you have made on the Website. This can include, for example, the setting of the font size or the preferred language. This data is used to improve the functionality of the Website.
"Targeting cookies" are specifically designed to collect information from users on their terminal devices to display advertisements on relevant topics that interest them. The information that the cookies collect can be shared with other advertisers to measure the performance of the advertising. 

The following table lists all the cookies we use on our Website with their name, lifetime and function.
If you allow cookies to be accepted via your browser settings, by visiting and/ or consenting to the use of non-essential cookies Pfaffi may store cookies in your browser for the purpose stated.

We also offer a webshop on our Website, through which we process personal data to fulfill your orders (including, but not limited to, processing your payment information, providing shipping, and sending you invoices and/or order confirmations).
We limit the processed personal data to personal data, which is required for your use of the webshop and/or the performance of a contract concluded with us or data that you have provided yourself. Particularly the following data may be processed by using the webshop: 
- Name
- Address
- Email address
- Payment Information (Credit / Debit Card information)  

In case the personal data is required for the performance of a contract with you, Art 6 (1) lit b GDPR serves as the legal basis. The same applies to processing that is required to conduct pre-contractual measures.
As far as the processing of personal data is required for the fulfilment of a legal obligation that applies to Pfaffi, Art 6 (1) lit c GDPR forms the legal basis.
If the processing protects a legitimate interest of Pfaffi or of a third party and if the interests, civil rights and fundamental freedoms of the data subject do not override the interest mentioned first, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

If you are affected by any personal data processing carried out by us, you have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing and a right to data portability in accordance with the requirements of the GDPR at any time, regardless of your age or place of residence or nationality.

a) Right to information
Should you wish, you may at any time request information on the origin, categories, storage period, recipients, the purpose of the data we process about you and the nature of your processing.
b) Right to correction/completion
If we process your data incorrectly or incompletely due to certain circumstances, you may request us to correct or complete this data. 
c) Right to deletion ("right to be forgotten")
Under certain conditions, you as a data subject may request us to delete your personal data without delay. 
d) Right to restriction of processing
As a data subject, you may request us to restrict processing. We will examine the grounds for restriction asserted by you. If this shows that the conditions for a restriction do not (or no longer) exist, we are entitled to lift this restriction. Before this cancellation, we will of course inform you.
e) Right to data portability
If you are interested in obtaining the data you have provided to us, we will be happy to provide it to you in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another responsible party. To the extent that it is technically feasible for us to do so, you may also instruct us to transfer your data directly to another data controller.
f) Right of objection
The processing of your personal data carried out by us is necessary due to our legitimate interests/legitimate interests of a third party you may object to such processing at any time for reasons arising from your particular situation.
g) Revocation of consent to data processing
As a data subject, you have the right to revoke the consent you have given to us at any time. Please note, however, that this revocation does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
h) Right of complaint
Although we make our best efforts to protect the privacy and integrity of your data, disagreements may arise about the way we use your data. 

If you believe that the processing of personal data concerning you violates data protection law, you may lodge a complaint with the competent supervisory authority, without prejudice to any other administrative or judicial remedy. In Austria, the complaint must be filed with the Austrian data protection authority. 

The address is as follows:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at or by mail at the address below: Grüner Handels & Projekt GmbH, Alser Straße 13/1, 1080 Vienna, Austria

In the context of the processing of personal data, we hire subcontractors and conclude agreements with these commissioned data processors in accordance with the requirements of Art. 28 GDPR.: 

Payment Service Provider: 
- Stripe Inc., South San Francisco, 354 Oyster Point Blvd, United 
For more information about how Stripe uses your personal data, please see:
- PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxemburg, Luxemburg. 
For more information about how PayPal uses your personal data, please see:
- Apple Inc (Apple Pay), Cupertino, California
For more information about how Apple Pay uses your personal data, please see:
Hosting of Website: 
- Webflow Inc, 398 11th Street, Floor 2, San Francisco, CA 94103
For more information about how Apple Pay uses your personal data, please see:

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this is done only to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or commission the processing of data in a third country only in the particular circumstances as set out in Art. 44 ff. GDPR. Thus, the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of an adequate level of data protection corresponding to that of the EU or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).

Unless otherwise provided in this Privacy Policy, we will only process your personal data as long as it is required for the specified purpose for which it has been gathered, unless legal retention periods require a longer storage. 

We may occasionally change this Privacy Policy to reflect changes in our practices, or for other operational, legal or regulatory reasons. Please check our Website for changes in our Privacy Policy.