Privacy Policy

Last updated: [DATE]

We take the protection of your personal data very seriously. This Privacy Policy explains how Walkolution GmbH ("we", "us", "our") collects, uses, and protects your personal data when you visit our website global.walkolution.com or place an order through our online shop. It applies to customers and visitors in the European Union, the European Economic Area, the United Kingdom, Switzerland, and all other countries and territories we serve through this store, with the exception of the United States and Canada, which are served by a separate store at walkolution.com.

We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TDDDG), and any other applicable data protection legislation.

1. Controller

The controller responsible for data processing on this website is:

Walkolution GmbH
Gewerbestraße 1
97355 Wiesenbronn
Germany

Represented by: Douglas G. Bayerlein

If you have any questions about data protection, please contact us at the address above or by email at walkolution@woodway.de

2. General Information on Data Processing

2.1 Scope of processing

We process personal data only to the extent necessary to provide a functional website, deliver our products and services, and fulfil our contractual and legal obligations. Personal data means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).

2.2 Legal bases

We process your personal data on the following legal bases:

  • Consent — Art. 6(1)(a) GDPR: where you have given consent for a specific purpose (e.g. newsletter, marketing cookies).
  • Contract performance — Art. 6(1)(b) GDPR: where processing is necessary to fulfil a contract with you or to take pre-contractual steps at your request.
  • Legal obligation — Art. 6(1)(c) GDPR: where we are required to process data by law (e.g. tax retention obligations).
  • Legitimate interest — Art. 6(1)(f) GDPR: where processing is necessary for our legitimate interests, provided your rights do not override those interests.

2.3 Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by statutory retention periods (typically 6 years under German commercial law, § 257 HGB, and 10 years under German tax law, § 147 AO). Once the purpose has been fulfilled and retention periods have expired, the data is routinely deleted or anonymised.

2.4 Obligation to provide data

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required. You are not obligated to provide data, and there are no consequences for declining — except where indicated (e.g. where data is needed to fulfil a contract or process an order).

3. Hosting & Server Log Files

3.1 Hosting

Our online shop is hosted by Shopify Inc., 151 O'Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada. Shopify provides us with the e-commerce platform on which we operate this store. Your data is stored on Shopify's servers, which may be located in Canada, the United States, or other jurisdictions. Data transfers to Canada are covered by the European Commission's adequacy decision. For transfers to other countries, Shopify relies on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Further information: Shopify Privacy Policy.

3.2 Server log files

Each time you access our website, your browser automatically transmits certain technical data, which is stored in server log files:

  • IP address (anonymised where technically possible)
  • Date and time of access
  • Page requested (URL)
  • Referring URL
  • Browser type and version
  • Operating system

This data is processed on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the stable and secure operation of the website. Log file data is not merged with other data sources and is automatically deleted after 30 days.

4. Contact & Communication

If you contact us by email or through a contact form, we process the personal data you provide (name, email address, message content) solely to handle your enquiry.

  • For enquiries related to a contract or order: Art. 6(1)(b) GDPR.
  • For all other enquiries: Art. 6(1)(f) GDPR (legitimate interest in responding to customer communication).

Your data will be deleted once your enquiry has been conclusively dealt with, unless statutory retention periods apply.

5. Orders & Contract Performance

5.1 Customer accounts and orders

When you create a customer account or place an order, we process the following data to fulfil the contract:

  • Name, address, email address, telephone number (if provided)
  • Order details, delivery address, payment information

Legal basis: Art. 6(1)(b) GDPR (contract performance). Data is retained for the duration of the contractual relationship and thereafter in accordance with statutory retention periods (§ 257 HGB, § 147 AO).

5.2 Invoicing and accounting

We use Lexoffice (Haufe-Lexware GmbH & Co. KG, Freiburg, Germany) as our invoicing and accounting system. Order data is transmitted to Lexoffice for invoice generation and tax-compliant record-keeping. Legal basis: Art. 6(1)(b) and Art. 6(1)(c) GDPR. Lexoffice processes data within the EU. Further information: Lexoffice Privacy Policy.

5.3 Shipping and delivery

To deliver your order, we share your name, delivery address, and — where applicable — your email address or telephone number with the relevant shipping carrier(s). Legal basis: Art. 6(1)(b) GDPR (contract performance).

[PLACEHOLDER — please insert the shipping carriers used, e.g.:]

6. Payment Processing

We offer the following payment methods. When you select a payment method, the data required to process the payment is transmitted to the respective payment service provider. Legal basis: Art. 6(1)(b) GDPR (contract performance).

6.1 Shopify Payments (Stripe)

Credit and debit card payments are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data is processed within the EU/EEA. Further information: Stripe Privacy Policy.

6.2 PayPal

If you pay via PayPal, your payment data is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Your data may be transferred to PayPal Inc. in the United States; transfers are safeguarded by Standard Contractual Clauses. Further information: PayPal Privacy Policy.

6.3 Klarna

If you choose a Klarna payment option (e.g. Pay Later, Instalments), your data is processed by Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. To offer Klarna's payment options, we share certain personal data (contact details, order details, IP address) with Klarna before the checkout is completed so that Klarna can assess whether you qualify. This processing is based on Art. 6(1)(b) GDPR. Further information: Klarna Privacy Policy.

7. Cookies & Consent Management

7.1 Cookies — general

Our website uses cookies. Cookies are small text files stored on your device by your browser. Some cookies are technically necessary for the website to function ("essential cookies") and are set on the basis of Art. 6(1)(f) GDPR. All other cookies (analytics, marketing) are only set with your prior consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG.

7.2 Essential cookies

These cookies are required for core website functionality, such as maintaining your shopping cart and session. They cannot be deactivated. Examples include Shopify session cookies (_shopify_s, _shopify_y, cart) and consent-status cookies set by our cookie banner.

7.3 Consent management — CookieFirst

We use CookieFirst (Digital Data Solutions B.V., Amsterdam, Netherlands) to manage your cookie preferences and document your consent. When you interact with our cookie banner, CookieFirst stores a cookie on your device recording your choices. CookieFirst processes data within the EU. Legal basis for essential operation: Art. 6(1)(f) GDPR; for the storage and retrieval of consent preferences: § 25(1) TDDDG. Further information: CookieFirst Privacy Policy.

You can adjust or withdraw your cookie consent at any time by clicking the cookie settings link in the footer of our website.

8. Analytics & Marketing

The following services are only activated with your prior consent via our cookie banner. Legal basis: Art. 6(1)(a) GDPR. You may withdraw consent at any time by adjusting your cookie settings.

8.1 Server-side Google Tag Manager (sGTM) via TAGGRS

We use a server-side Google Tag Manager container operated through TAGGRS (TAGGRS B.V., Netherlands). The server-side container is hosted within the European Union. It acts as an intermediary layer between your browser and third-party analytics/marketing services, allowing us to control which data is forwarded and to reduce the amount of personal data transmitted to third parties. TAGGRS acts as a data processor on our behalf under Art. 28 GDPR. Further information: TAGGRS Privacy Policy.

8.2 Google Analytics 4

With your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies to analyse how visitors use our website. The information generated is typically transmitted to and stored on Google servers. We have enabled IP anonymisation, meaning your IP address is truncated within the EU/EEA before any data is forwarded. We have concluded a Data Processing Agreement with Google. Data may be transferred to Google LLC in the United States; such transfers are safeguarded by the EU–US Data Privacy Framework adequacy decision and Standard Contractual Clauses. Further information: Google Privacy Policy. You can prevent data collection by Google Analytics by withdrawing your consent via our cookie banner.

8.3 Meta Pixel (Facebook)

With your consent, we use the Meta Pixel, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland ("Meta"). The Meta Pixel enables us to track visitor actions on our website after they have seen or clicked on a Meta (Facebook/Instagram) advertisement, allowing us to measure the effectiveness of advertising campaigns. The data collected is anonymous to us; we cannot identify individual users. However, Meta stores and processes the data and may link it to your Meta account. Data may be transferred to Meta Platforms, Inc. in the United States; transfers are safeguarded by the EU–US Data Privacy Framework and Standard Contractual Clauses. Further information: Meta Privacy Policy.

9. Newsletter — Klaviyo

With your explicit consent, we use your email address to send you our newsletter containing product information, offers, and company news. Legal basis: Art. 6(1)(a) GDPR.

Our newsletter is sent using Klaviyo (Klaviyo, Inc., 125 Summer Street, Boston, MA 02110, USA). Klaviyo acts as a data processor on our behalf under Art. 28 GDPR. Your email address and, if provided, your name are transmitted to Klaviyo for the purpose of sending the newsletter. Klaviyo may process data in the United States; transfers are safeguarded by Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Klaviyo uses tracking technologies within the newsletter to measure open rates and click behaviour. This analysis is carried out on the basis of your consent (Art. 6(1)(a) GDPR).

You can unsubscribe from the newsletter at any time by using the unsubscribe link included in every email or by contacting us directly. Your email address will then be removed from the distribution list. Further information: Klaviyo Privacy Notice.

10. Product Reviews & Comments

If you submit a product review or comment, we collect your name, email address, and the content of your review. This processing is based on your consent under Art. 6(1)(a) GDPR, which you may revoke at any time. Reviews may be published on our website; your email address will not be displayed publicly.

11. Data Transfers to Third Countries

Some of the services we use are provided by companies based outside the European Economic Area. We only transfer personal data to third countries where an appropriate level of protection is ensured:

  • Canada (Shopify): European Commission adequacy decision pursuant to Art. 45 GDPR.
  • United States (Google, Meta, Klaviyo, PayPal): EU–US Data Privacy Framework adequacy decision (where the recipient is certified) and/or Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.
  • Sweden (Klarna), Netherlands (CookieFirst, TAGGRS), Germany (Lexoffice): EU/EEA — no transfer mechanism required.

12. Your Rights

Under the GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at info@walkolution.com.

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we process your personal data, and if so, to access that data and receive further information about the processing.
  • Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided there is no legal obligation or overriding legitimate interest requiring its retention.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR, on grounds relating to your particular situation. If you object, we will no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

13. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).

The supervisory authority responsible for Walkolution GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: www.lda.bayern.de

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. The current version is always available on this page. We encourage you to review it periodically.