Data protection

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the lushroom GmbH. The use of the Internet pages of the lushroom GmbH is possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

Your data will be processed on the basis of the statutory data protection regulations ("GDPR" for short). The privacy policy applies to all cases in which personal data is processed by us as a company or by contracted companies.

Personal data that you transmit electronically on our website, such as your name, e-mail address or postal address, will only be used by us for the purpose stated in each case and will be stored securely.

Area of application:

Online presence of the company (e.g. website, social media)
Communication by e-mail
mobile apps

Below you will find the contact details of the responsible body or person:

Contact us

Lushroom GmbH
Lindach 4a
4511 Allhaming, Austria
E-Mail: [email protected]

Legal basis

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Information on data processing

Your personal data will only be stored for as long as necessary or as required by law. It will be deleted as soon as the purpose of storage no longer applies.

Rights of the users

In accordance with Articles 15-18, 20, 21, 77 of the GDPR, we inform you here about your rights as a user:

Right to information about the processing of your data, as well as to more detailed information about the processing and to copies of the data
Right to rectification and completion in the event of incorrect or incomplete information
Right to erasure of your personal data
Right to restriction of processing
Right to transfer the data concerning you
Right to object to future processing of your data
Right to lodge a complaint with the data protection authority if you believe that the data processing of your personal data violates the GDPR

Data transfer to third countries

Data processing in third countries only takes place with your consent and if this is required by law or contract. Various services with a branch outside the EU (e.g. USA), such as Google, Facebook or YouTube, sometimes also process personal data.

The European Court of Justice currently classifies the USA as a country with an inadequate level of data protection according to EU standards. As a result of the processing of US services, there is a risk that your data will not be stored and processed anonymously and that US authorities may gain access to individual data. For this reason, we inform you here about the risks arising in this context.

Registration function

By registering on the controller's website, the IP address assigned by the data subject's internet service provider, the date and time of registration are also stored. This data is stored against the background that this is the only way to prevent the misuse of our services and, if necessary, to make it possible to investigate criminal offenses committed. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.

The controller shall provide any data subject at any time upon request with information about what personal data is stored about the data subject. Furthermore, the controller shall rectify or erase personal data at the request or indication of the data subject, insofar as this does not conflict with any statutory retention obligations. All of the controller's employees are available to the data subject as contact persons in this context.

Contact via the website

The website of the lushroom GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

Disclaimer

The exclusion of liability applies as part of the Internet offer from which reference was made to this website. Should individual parts or formulations in the text not, not completely or no longer correspond to the current legal basis, the remaining parts of the text are not affected.

Liability for website content

The website content has been created with the greatest possible care and we are constantly striving to develop it further in order to provide correct and up-to-date information. Unfortunately, however, we cannot accept any liability for the accuracy of all website content, especially content provided by third parties. Likewise, we are not obliged to monitor the data transmitted and stored by you or to investigate unlawful circumstances.

Obligations under general law to remove information or block its use remain unaffected even if we are not responsible. Should we become aware of any legal infringements, the respective content on our website will be removed immediately. If you notice any unlawful content, please contact us (for contact details, see the legal notice).

Liability for links to third-party websites

Our website contains links to external websites over whose content we have no influence. For this reason, we do not accept any responsibility for this, as this is the responsibility of the respective operator of the site.

At the time of linking, the external sites were checked and no legal violations were identified. However, it is not reasonable for us to permanently check the content of external websites without concrete evidence of an infringement. If we become aware of any legal infringements, we will remove the respective links immediately.

Copyright

As the operator of this website, we always endeavor to respect the copyrights of others. Our self-created content on this website is subject to copyright - third-party content is therefore marked as such.

In order to edit, reproduce or distribute third-party content outside the limits of copyright law, you require the written consent of the copyright holder.

Copies or downloads of the site are only permitted for private (i.e. non-commercial) use.

Cookies

Cookies are small files that make it possible to store certain user data, such as personal page or language settings. We use them to provide you with a pleasant user experience. There are also strictly necessary cookies - for these there are legitimate interests even without consent. The use of non-essential cookies only takes place with your consent. You yourself can influence the use of cookies. You can deactivate the storage of cookies via your browser and also delete all cookies manually at any time.

We use content management platform software on our website to enable the secure handling of cookies and scripts used.

The software scans and checks all cookies and scripts and automatically creates a cookie pop-up with the cookie consent required under data protection law. This makes it easier for us and you to keep track of all cookies and you as a visitor to our website can decide which scripts and cookies you want to allow or not.

BorlabsCookie

We use the BorlabsCookie tool (Borlabs - Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany) on our website. This enables us to store the cookie consents of our website visitors. You can find out more about BorlabsCookie's data processing here: https://de.borlabs.io/datenschutz/

Webhosting

When you visit our website, your browser (e.g. Google Chrome, Mozilla Firefox, Apple Safari or Microsoft Edge) must connect to a web server on which the website is stored. During the connection, personal data may be processed by our provider in order to ensure that the page is displayed correctly. As a rule, user data is collected, such as the URL of the website accessed, the browser used, operating system, URL of the previously visited page, host name & IP address of the access device, time of access and web server log files.

For our website we use the services of the web hosting provider raidboxes. (Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany) You can find out more about their privacy policy here: https://raidboxes.io/legal/privacy/

WordPress.com privacy policy

For our website we use the content management system WordPress.comwhich also processes data in the USA, among other places. (see section "Data transfer to third countries"). WordPress uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://wordpress.com/support/data-processing-agreements/). This means that WordPress undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find out more about data processing by WordPress here: https://automattic.com/de/privacy/

Web analytics

Google Ads - Conversion Tracking

We use Google Ads (Google Inc. - responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland) for our marketing measures. With the help of Google Ads, we can improve our advertising campaigns and only show them to people who are interested in our offer.

With the help of the conversion tracking tool, it is possible to observe which keywords, ads or campaigns we can use to best achieve the desired customer actions. We can also see how many users interact with our ads and subsequently carry out a conversion.

Based on this data, we can measure the success of individual marketing measures and constantly optimize our advertising offer.

A code or tag has been integrated into our website in order to be able to analyze user actions. If you click on one of our Google Ads ads, the data is stored by a Google domain via the "Conversion" cookie.

Since 2017, all information has been collected using the _gac cookie, which stores data as soon as you visit a page of ours where the automatic tag identification of Google Ads has been integrated. Unlike cookies set for Google domains, Google is only able to read the conversion cookies when you are on our site.

Our company does not receive any personal data from Google, but only a report with statistical evaluations regarding user behavior.

We therefore have no influence on how the data collected is used by Google. According to Google, the data is stored in encrypted form on secure servers. As a rule, conversion cookies have an expiration date of 30 days and no personal data is transferred. Cookies with the designation "Conversion" or "_gac" expire after 3 months.

You can use your browser settings to restrict the setting of cookies if necessary and thus also block Google Conversion Tracking. This means that you will not be included in the tool's statistics.

Google also processes data in the USA (see section "Data transfer to third countries"). Google uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://business.safety.google/intl/de/adsprocessorterms/). This means that Google undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find more information about Google's data processing here: https://policies.google.com/privacy?hl=de

Google Analytics

On our website we use Google Analytics, an analysis tracking tool (Company: Google Inc. - responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland). A tracking code has been implemented on our website in order to record and analyze various user actions. The collected data (e.g. IP address, location, time, number of visits) and a random user ID are stored anonymously on a Google server for this purpose. According to Google, IP addresses are truncated within the EU or EEA and are not associated with any other data.

Google uses the information to provide our company with an analysis of user activity on our website.

With the help of a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de), you can prevent Google Analytics from using your data. However, this restriction only applies to data collection by Google Analytics and not to our company or other advertising analysis services.

Google also processes data in the USA (see section "Data transfer to third countries"). Google uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://business.safety.google/intl/de/adsprocessorterms/). This means that Google undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find more information on data processing by Google Analytics here: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

Google Site Kit

We use the WordPress plugin Google Site Kit on our website (Company: Google Inc. - responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland).

This tool allows us to view important website analytics statistics collected by other Google services (e.g. Google Analytics, Google Search Console, Google Tag Manager) in our WordPress dashboard. Your personal data, such as user behavior, is stored with your consent in Google's cookie notice.

Google Tag Manager

We use the Google Tag Manager on our website (Company: Google Inc. - responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland). This allows us to centrally manage sections of code that we have implemented on our site from various tracking tools. No cookies are set by Google Tag Manager itself.

By using the Tag Manager, Google is able to collect various data anonymously for the creation of user trends - however, no conclusions can be drawn about a person or our website.

Google also processes data in the USA (see section "Data transfer to third countries"). Google uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://business.safety.google/intl/de/adsprocessorterms/). This means that Google undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find more information about Google Tag Manager here: https://support.google.com/tagmanager/?hl=de#topic=3441530

YouTube Analytics and Reporting API

We use the advertising analysis tool YouTube Analytics and Reporting API (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) on our website.

YouTube also processes data in the USA, among other places (see section "Data transfer to third countries"). YouTube uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://business.safety.google/intl/de/adsprocessorterms/.). This means that YouTube undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find more information on data processing by YouTube, a subsidiary of Google, here: https://policies.google.com/privacy?hl=de.

Social Media

Facebook

On our website we use services of the social media network Facebook (Meta Plattform Inc. - responsible for the European area: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Both we as a company and Facebook are responsible for the collection of data via our Facebook page. However, we have no influence on the further processing of the data. Joint obligations have been set out in an agreement that is publicly available: https://www.facebook.com/legal/terms/page_controller_addendum. If you have any further questions about Facebook's data processing, you can contact one of their data protection officers via a contact form: https://www.facebook.com/help/contact/540977946302970.

Personal data may be collected through the use of Facebook tools such as Facebook Pixel, social plug-ins (e.g. share button) or Facebook Login. Depending on the tool, this may involve data such as name, address and IP address, which are encrypted before transmission. User actions (event data) on our website are also transmitted - e.g. product purchases or visits to subpages. This data is compared by Facebook with Facebook account data in order to optimize personalized advertising, but also for security or development purposes, for example. The contact data is then deleted again.

Facebook only uses the event data to optimize the display of advertisements if it is possible to combine it with other data collected in other ways.

Some of this data is transmitted using cookies. The number depends on which tools are used or whether you have a Facebook account. You can find more information about Facebook cookies here: https://www.facebook.com/policies/cookies. You can use your browser settings to restrict the use of cookies if necessary.

As described in the section "User rights", you have the right to access, correct, transfer and delete your personal data. However, the data can only be completely deleted if you delete your Facebook account completely.

Facebook also processes data in the USA, among other places (see section "Data transfer to third countries"). Facebook uses standard contractual clauses provided by the EU Commission as the basis for data processing (https://www.facebook.com/legal/terms/dataprocessing). This means that Facebook undertakes to comply with the European data protection standard, even if data is processed in third countries.

You can find out more about Facebook's data processing here: https://www.facebook.com/about/privacy/update

Instagram

On our website we use services of the social media network Instagram (Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA). Instagram has been a subsidiary of Meta Platforms Inc. since 2012 - i.e. Instagram is part of the Facebook products, also uses the same technologies and systems and data processing is carried out across all Facebook companies.

Your browser automatically connects to the Instagram servers as soon as you visit one of our pages that has integrated Instagram services. Data is transmitted to Instagram, stored and processed regardless of whether you have an Instagram account.

This includes, for example, information about our website, your device, purchases made or advertisements. The exact time of your interaction with Instagram is also recorded. If you have an Instagram account or are logged in, more data may be stored.

We assume that Instagram, like Facebook, distinguishes between customer data (e.g. name, address, IP address) and event data (data on user actions). Before being transmitted to Instagram, the contact data is encrypted and forwarded together with the event data, which may also be combined. The contact data collected is compared by Instagram with the data it already has from you.

Some of this data is transmitted using cookies. The number depends on which tools are used or whether you have an Instagram account. You can use your browser settings to restrict the use of cookies if necessary.

As described in the section "User rights", you have the right to information, correction, transmission and deletion of your personal data. However, the data can only be deleted completely if you delete your Instagram account completely.

Instagram (or Facebook) also processes data in the USA, among other places (see section "Data transfer to third countries"). Instagram uses standard contractual clauses provided by the EU Commission as the basis for data processing. This means that Instagram undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find out more about Instagram's data policy here: https://help.instagram.com/519522125107875

YouTube

We have embedded videos from the YouTube platform (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) on our website. When you visit one of our pages that contains an embedded YouTube video, your browser connects to the servers of YouTube or Google (YouTube has been a subsidiary of Google since 2006).

When you visit a page with an embedded YouTube video, at least one cookie is set, which YouTube uses to store our URL and your IP address. If you are logged into a YouTube account, the interactions can also be assigned to your profile. This involves various information, such as technical data about your device, session duration, bounce rate, ratings, contact details or user actions (e.g. "Share" button).

When you click on a "Subscribe" button, at least one cookie is recorded and YouTube saves our URL and your IP address, as well as information about your browser, your language settings and your approximate location. If you are logged in to a YouTube account, more information may be collected, which can also be assigned to your profile. This data is used by YouTube to optimize its own offers and to create analyses for other advertisers.

If you are not logged in to a Google or YouTube account, Google collects unique data (e.g. about your device, browser, app) in order to maintain your language settings, for example. However, as fewer cookies are set, not all interaction data can be stored.

There are different deletion periods for the data collected by Google. Some data remains stored in your Google account until you delete it. Other data is automatically deleted after a specified period of time.

Some of the data is linked to your device or browser and can also be deleted without logging into a Google account.

You can also restrict the use of cookies in your browser settings.

YouTube also processes data in the USA, among other places (see section "Data transfer to third countries"). YouTube uses standard contractual clauses provided by the EU Commission as the basis for data processing. This means that YouTube undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find out more about YouTube's and Google's data policies here: https://policies.google.com/privacy?hl=de.

Web design

Google Fonts Local

On our website we use Google Fonts from Google (Google Inc. - responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland). The fonts are integrated locally on our web servers - this means that no connection to Google servers is established in this regard.

E-Commerce

WooCommerce

On our website, we use the services of the WooCommerce store system, which is integrated as a plugin. This is based on the WordPress CMS system, a subsidiary of Automattic Inc (60 29th Street #343, San Francisco, CA 94110, USA).

All information that you enter in a text field in our online store can be recorded by WooCommerce or Automattic. This includes, for example, your e-mail address, name or billing information. Data such as IP address, browser information, language settings or time of web access are automatically stored by Automattic in server log files.

In order to identify you uniquely as a user and to offer interest-based advertising, WooCommerce sets cookies in your browser, among other things. These are set differently depending on the user action. You can also use your browser settings to restrict the setting of cookies if necessary - however, we would like to point out that this may restrict the functions of the online store.

WooCommerce deletes data as soon as it is no longer required for its own purposes, provided there are no legal obligations to retain it for longer. Server log files, for example, are deleted after around 30 days. During this period, the company uses the data to analyze traffic on its own websites.

You have the right to access your personal data at any time, and you can also object to its use and processing.

Your consent to the processing and storage of your data through the use of WooCommerce is the legal basis for data processing. The legitimate interest in optimizing our web services also serves as the basis. However, WooCoomerce is only used with your consent.

WooCommerce also processes data in the USA (see section "Data transfer to third countries"). WooCommerce uses standard contractual clauses provided by the EU Commission as the basis for data processing. This means that WooCommerce undertakes to comply with the European data protection standard, even if data is processed in third countries. You can find out more about the data policies of WooCommerce and Automattic here: https://automattic.com/privacy/ or https://woocommerce.com/

German Market

We use the WooCommerce plug-in German Market (MarketPress GmbH, Karcherallee 13, 01277 Dresden, Germany) on our website.

You can find out more about German Market's data processing here: https://marketpress.de/datenschutz/

We use the services of various payment providers on our website to provide you and us with a secure payment process. The payment provider you choose will process the payment and enable you to place an order via online banking. Our company then receives confirmation when payment has been made. As part of the payment process, personal data may also be collected by the respective payment provider.

Different data is processed depending on the payment provider. Basically, this is information such as name, address or bank details that are necessary for the execution of a transaction. Other data may also be collected, such as user actions on our website, any contract data, your IP address or device information.

You have the right to receive information about your personal data at any time and to correct or delete it. You can also use your browser settings to restrict the use of cookies if necessary - however, we would like to point out that this may prevent the payment process from working properly.

PayPal as payment method

The data controller has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

If the data subject selects "PayPal" as the payment option during the ordering process in our online store, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, cell phone number or other data required for payment processing. Personal data that is necessary for processing the purchase contract is also data that is related to the respective order.

The purpose of transmitting the data is to process payments and prevent fraud. The controller will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of PayPal.

The data subject has the option of withdrawing consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Plugins used

WP Rocket

We use the WordPress plug-in WP Rocket (WP Media, Lyon, France) on our website. By integrating the plug-in, it is possible that data may be transferred to third countries. (see section "Data transfer to third countries") You can find out more about WP Rocket's data processing here: https://wp-rocket.me/terms/

Data protection

Your orders and information at a glance:

Generate or download QR codes:

If you have any other questions or concerns: