top of page

Privacy Policy 

Introduction and Overview

We have written this privacy policy (version 22.05.2023-322507776) to relay to you, according to the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we as data controllers – and the processors we commission (e.g., providers) – process, will process in the future, and what lawful options you have. The terms used are meant to be gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it benefits transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the shortest, most unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps you will learn something new.

If you still have questions, we kindly ask you to contact the responsible person or office mentioned below or in the imprint, follow the available links, and view further information on third-party websites. You can also find our contact details in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us in our company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in the sense of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

  • All online presences (websites, online shops) we operate

  • Social media presences and email communication

  • Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas where personal data is processed in a structured manner through the mentioned channels within the company. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at

We only process your data if at least one of the following conditions applies:

Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing your entered data from a contact form.

Contract (Article 6 Paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we conclude a purchase contract with you, we need personal information beforehand.

Legal Obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes. These usually contain personal data.

Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For instance, we need to process certain data to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the performance of a task carried out in the public interest or the exercise of official authority, and the protection of vital interests, generally do not apply to us. If such a legal basis is relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Contact Information of the Responsible Party

If you have questions about data protection or the processing of personal data, you can find the contact details of the responsible person or office below:

ecopals GmbH
Strelitzer Str. 60, 10115 Berlin

Storage Duration

As a general criterion, we store personal data only as long as necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obligated to store certain data even after the original purpose has ceased, for example for accounting purposes.

If you request the deletion of your data or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing further below, if we have additional information.

Rights under the General Data Protection Regulation

  • According to Articles 13 and 14 GDPR, we inform you about the following rights you have to ensure fair and transparent data processing

  • The purpose of the processing

  • The categories of data processed

  • Who receives this data and, if the data is transferred to third countries, how security can be ensured

  • How long the data will be stored

  • The existence of the right to rectification, erasure, restriction of processing, and objection to processing

  • That you can lodge a complaint with a supervisory authority (links to these authorities can be found further below)

  • The origin of the data, if we did not collect it from you

  • Whether profiling is conducted, i.e., whether data is automatically evaluated to create a personal profile of you

  • Right to Access (Article 15 GDPR): You have the right to know whether we process data about you. If this is the case, you have the right to receive a copy of the data and learn the following information:

  • Right to Rectification (Article 16 GDPR): You have the right to have incorrect data corrected.

  • Right to Erasure ("Right to be Forgotten") (Article 17 GDPR): You have the right to request the deletion of your data.

  • Right to Restriction of Processing (Article 18 GDPR): You have the right to restrict the processing of your data, which means we may only store the data but not use it further.

  • Right to Data Portability (Article 20 GDPR): You have the right to receive your data in a common format upon request.

  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your data, which will result in a change in processing.

If the processing of your data is based on Article 6 Paragraph 1 lit. e (public interest, exercise of official authority) or Article 6 Paragraph 1 lit. f (legitimate interest), you can object to the processing. We will then quickly assess whether we can legally comply with this objection.

If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter.

If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.

Right not to be subject to automated decision-making (Article 22 GDPR): You have the right under certain circumstances not to be subject to a decision based solely on automated processing (e.g., profiling).

Right to Complain (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible office listed above at our company!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website can be found at In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Berlin Data Protection Authority
Commissioner for Data Protection: Maja Smoltczyk
Address: Friedrichstraße 219, 10969 Berlin
Phone: 030/138 89-0

bottom of page