Cobrend Naturals
Cobrend Naturals

Privacy Policy

This Privacy Policy explains how Cobrend Naturals (“we”, “us”, “our”) collects and processes personal data when you use cbnaturals.de and related services, pursuant to the GDPR (EU 2016/679), the German Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG).

In short: We collect the minimum data to process orders, deliver parcels, provide support, and—only with your consent—send marketing or set non-essential cookies. You can change your cookie choices anytime via Cookie Settings and exercise your GDPR rights via email.

1. Controller

Cobrend Naturals – Sole Proprietorship
Owner: Chigozie Brendan Omeje
Panoramastraße 6, 69168 Wiesloch, Germany
Email: info@cbnaturals.de · Tel: +49 1521 3324290

No Data Protection Officer (DPO) is appointed. If a DPO is designated, details will be added here.

2. Principles & Legal Bases

  • Art. 5 GDPR – Principles: lawfulness, fairness, transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality.
  • Art. 6 GDPR – Legal bases: contract (b), consent (a), legal obligation (c), legitimate interests (f).
  • TTDSG §25: storing/reading info on a device (cookies, pixels) requires consent unless strictly necessary.

3. Data Sources

  • Directly from you (checkout, account, forms, emails).
  • Automatically via your device/browser (logs, cookies, usage).
  • From service providers (payment, shipping status, email delivery), where necessary for the service.

4. Categories of Data

Identity & Contact

  • Name, billing/shipping address
  • Email, telephone
  • Customer/account ID

Order & Payment

  • Items, amounts, delivery method
  • Payment status (processed by PayPal/Stripe)
  • Invoices and tax data

Technical & Usage

  • IP address, device, OS, browser
  • Pages viewed, clicks, session data
  • Cookie identifiers & consent records

Support & Comms

  • Messages, inquiries, attachments
  • Newsletter preferences/consents

Special Notes

  • We do not store full card numbers.
  • We do not intentionally collect data of children under 16 without consent.

5. Purposes & Legal Bases

Purpose Data (examples) Legal Basis
Operate website/store, account management Identity, contact, technical, usage, cookies (essential) Legitimate interests (Art. 6(1)(f)); essential cookies under TTDSG §25(2)
Order processing & delivery Identity, contact, order, shipping Contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c))
Payments Order & transaction meta (card data processed by provider) Contract (b); legal obligation (c); legitimate interests (f: fraud prevention)
Customer support & service Identity, contact, messages Contract (b); legitimate interests (f)
Newsletter & marketing communications Email, consent logs, preferences Consent (Art. 6(1)(a)); opt-out any time
Analytics & performance measurement Technical/usage, cookies (non-essential) Consent (a); legitimate interests (f) where applicable
Security & fraud prevention Technical logs, IP, device signals Legitimate interests (f); legal obligation (c)
Accounting & tax compliance Invoices, payment records Legal obligation (c)

6. Cookies & Consent (TTDSG §25)

  • Essential cookies (always active): core functions (cart, checkout, security, consent log).
  • Functional/Analytics/Marketing cookies: set only with your explicit consent.
Manage or withdraw your consent anytime via Cookie Settings or your browser. See our separate Cookie Policy for details.

7. Analytics & Marketing Tools

Only if enabled and consented:
  • Analytics (e.g., Google Analytics — Google Ireland Ltd.): IP anonymisation within the EU where configured; potential transfers to the USA under SCCs.
  • Advertising Pixels (e.g., Meta Pixel, TikTok Pixel, Pinterest Tag): campaign measurement and audience insights; cross-border transfers may occur under SCCs.
  • Email/CRM (e.g., MailPoet, Klaviyo): newsletter delivery and performance metrics, based on consent.

Exact tools in use and their retention may be listed in the Cookie Policy and/or your consent manager.

8. Orders, Payments & Shipping

  • Payments: processed by providers such as PayPal and Stripe. We do not store full card details.
  • Shipping: we share necessary data (name, address, email/phone, contents/weight) with carriers such as DHL/Deutsche Post to deliver your parcel and provide tracking.
  • Hosting & security: site hosting and CDN (e.g., Hostinger, Cloudflare) process technical data to provide stable and secure service.

9. Recipients & Processors (Art. 28 GDPR)

We never sell or rent your data. We share it with trusted service providers under written data processing agreements (DPAs) where required, including:
  • Payment processors: PayPal, Stripe
  • Logistics/shipping: DHL, Deutsche Post
  • Email/newsletter: MailPoet, Klaviyo (consent-based)
  • Hosting/CDN/security: Hostinger, Cloudflare
  • Professional services: tax advisors/accountants; legal authorities where required by law

10. International Transfers (Arts. 44–49 GDPR)

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards such as the EU Commission’s Standard Contractual Clauses (SCCs), and—where necessary—additional measures. Adequacy decisions are used where available. You may request details of applicable safeguards.

11. Retention Periods

Data Typical Period Legal/Business Basis
Contracts, orders, invoices Up to 10 years §147 AO, §257 HGB (tax/commercial)
Customer support inquiries Up to 3 years Regular limitation period
Marketing/consent records Until withdrawal of consent GDPR accountability
Technical/analytics logs Up to 12 months Security, performance

After expiry, data is deleted or anonymised following our retention schedule, unless statutory retention requires longer storage.

12. Security Measures (Art. 32 GDPR)

  • SSL/TLS encryption for data in transit
  • EU-based hosting, regular updates & backups
  • Role-based access controls & authentication
  • Vendor due diligence and contractual safeguards
  • Incident response and breach notification procedures

No method is 100% secure, but we implement appropriate technical and organisational measures.

13. Your Rights (Arts. 12–22 GDPR)

  • Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17)
  • Restriction (Art. 18) and Portability (Art. 20)
  • Object to processing based on legitimate interests (Art. 21)
  • Withdraw consent anytime for future processing (Art. 7(3))
To exercise your rights, contact info@cbnaturals.de. We may request information to verify your identity.

14. Children’s Data (Art. 8 GDPR)

Our services are not intended for children under 16. We do not knowingly process children’s data without verifiable parental consent.

15. Automated Decision-Making / Profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR that produces legal or similarly significant effects. We do not conduct profiling beyond standard analytics/marketing (consent-based).

16. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For our location:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
Königstraße 10a, 70173 Stuttgart, Germany
Website: baden-wuerttemberg.datenschutz.de

17. Changes to this Policy

We may update this Policy to reflect legal, technical, or business changes. The “Last updated” date will be adjusted and the current version will be available here.

Last updated: 08 September 2025

18. Contact

Cobrend Naturals – Sole Proprietorship
Owner: Chigozie Brendan Omeje
Panoramastraße 6, 69168 Wiesloch, Germany
Email: info@cbnaturals.de · Tel: +49 1521 3324290
Join Our Community

Don’t miss out! 🎉
Subscribe now to unlock your exclusive discount and be the first to hear about our newest products and special offers.”

Close