Christiane's Naturkraft
|

Privacy Policy

Last updated: May 2026

Introduction

This Privacy Policy explains how Christiane’s Naturkraft FlexCo processes personal data when you visit our website, place an order, contact us, or use our services.

1. Data controller

The controller responsible for the processing of your personal data is:

Christiane’s Naturkraft FlexCo
Stumpergasse 7/2/2
1060 Vienna
Austria
Email: support@christiane.co

2. Personal data we process

We process personal data only where this is necessary, legally permitted, or based on your consent. Depending on how you use our website and services, we may process the following categories of data:

Order and customer data. Name, email address, billing address, delivery address, order details, payment status, invoice data, and customer communication.

Payment data. Payment details are processed by our payment service providers. We do not store complete credit card details ourselves.

Communication data. If you contact us, we process the information you provide, such as your name, email address, message content, and related correspondence.

Newsletter and product update data. If you sign up for updates, we process your email address and, where applicable, your consent status and subscription preferences.

Technical data. When you visit our website, technically necessary data may be processed, such as IP address, browser type, device information, access time, and server log data.

Analytics data. We currently use Plausible Analytics to understand aggregate website usage. Plausible is designed to work without cookies and without creating individual user profiles. Analytics data is used only to understand general website performance, such as page views, referrers, and visitor trends.

3. Purposes and legal bases

We process your personal data for the following purposes:

Processing orders and delivering products. Legal basis: performance of a contract or steps prior to entering into a contract, Article 6(1)(b) GDPR.

Customer support and communication. Legal basis: performance of a contract, Article 6(1)(b) GDPR, or legitimate interest in responding to inquiries, Article 6(1)(f) GDPR.

Payment processing. Legal basis: performance of a contract, Article 6(1)(b) GDPR.

Accounting, tax, and legal obligations. Legal basis: compliance with legal obligations, Article 6(1)(c) GDPR.

Newsletter and product updates. Legal basis: your consent, Article 6(1)(a) GDPR. You can withdraw your consent at any time.

Website security, fraud prevention, and technical operation. Legal basis: legitimate interest in operating a secure and functional website, Article 6(1)(f) GDPR.

Website analytics with Plausible. Legal basis: legitimate interest in understanding and improving our website, Article 6(1)(f) GDPR, where no consent is legally required. If analytics technologies requiring consent are used in the future, they will only be activated with your consent where required.

4. Cookies and similar technologies

Our website uses technically necessary cookies and similar technologies for functions such as the shopping cart, checkout, security, and language settings. These are required for the website to work properly.

We currently use Plausible Analytics for privacy friendly website statistics. Plausible does not use cookies and does not create individual tracking profiles.

If we introduce optional analytics, advertising, embedded content, or other non essential third party technologies in the future, they will only be used where legally permitted and, where required, only after your consent.

5. Possible future use of Google services

We do not currently state that we use Google Analytics, Google Ads, Google Maps, Google Fonts, reCAPTCHA, YouTube embeds, or similar Google services unless they are actually active on the website.

We may introduce Google services in the future, for example for analytics, advertising, spam protection, maps, fonts, or embedded content. If we do so, we will update this Privacy Policy and, where required, obtain your consent before such services are activated.

Google services may involve processing by Google companies and may, depending on the specific service and configuration, involve transfers of personal data outside the European Economic Area. In such cases, we will use the legally required safeguards, such as adequacy decisions, standard contractual clauses, consent mechanisms, and data processing agreements where applicable.

6. Recipients and processors

We may share personal data with trusted service providers where necessary for the purposes described above. These may include:

  • Payment service providers
  • Shipping and logistics providers
  • Email and newsletter service providers
  • Website hosting providers
  • IT and security service providers
  • Accounting and tax advisors
  • Legal advisors, courts, or authorities where legally required
  • Analytics providers, currently Plausible Analytics

These service providers process personal data only where necessary and, where required, on the basis of data processing agreements.

7. International data transfers

We primarily aim to process personal data within the European Economic Area.

If personal data is transferred outside the European Economic Area, we will ensure that an appropriate legal basis for the transfer exists. This may include an adequacy decision by the European Commission, standard contractual clauses, additional safeguards, or your explicit consent where required.

8. Retention periods

We retain personal data only for as long as necessary for the relevant purpose.

Order, invoice, and accounting data are generally retained for the statutory retention period applicable under Austrian law, usually 7 years.

Customer communication is retained as long as necessary to handle your request and for any related legal claims.

Newsletter data is retained until you unsubscribe or withdraw your consent.

Server logs and technical security data are retained only for a limited period unless longer retention is necessary for security, fraud prevention, or legal reasons.

9. Your rights

Under the GDPR, you have the following rights, subject to the applicable legal requirements:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise your rights, contact us at support@christiane.co.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) if you believe that your personal data is being processed unlawfully.

10. Mandatory data

When you place an order, certain data is required to process and deliver your order. If you do not provide this data, we may not be able to complete your order.

Providing data for newsletters, product updates, or optional cookies is voluntary.

11. Security

We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, especially if our website, services, legal obligations, or third party providers change. The current version will always be available on our website.