Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website and for your interest in Snuff & Coze. Below we explain how we handle your personal data when you use our website.
Personal data refers to any information that can be used to personally identify you.

1.2 The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Snuff & Coze.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries sent via a contact form), this website uses SSL or TLS encryption.
You can recognize an encrypted connection by “https://” and the lock symbol in your browser’s address bar.

2) Data Collection When Visiting Our Website

When you visit our website purely for informational purposes, meaning without registering or otherwise providing information to us, we only collect the data that your browser automatically transmits to our server (so-called server log files).

When you visit our website, the following data is collected, among others, which is technically necessary to correctly display the site:

  • Visited page / URL
  • Date and time of access
  • Amount of data transferred (in bytes)
  • Source/referrer URL
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

Processing is carried out based on Art. 6(1)(f) GDPR, due to our legitimate interest in improving the stability and functionality of the website.
There is no further transfer or use of the data.
However, we reserve the right to check the server log files retroactively if there are concrete indications of unlawful use.

3) Cookies

To make visiting our website more user-friendly and to enable certain functions, we use cookies on various pages.
These are small text files stored on your device.

Some cookies are deleted automatically after you close your browser (session cookies).
Other cookies remain stored on your device and allow us to recognize your browser on your next visit (permanent cookies).

Cookies may process the following data in a limited manner:

  • Browser and device data
  • Location data
  • (Partial) IP address

Permanent cookies are automatically deleted after a defined period; this period varies per cookie.

Cookies help simplify the ordering process by storing settings (such as the contents of your shopping cart).
If personal data is processed by cookies, this is done:

  • based on Art. 6(1)(b) GDPR for performance of a contract, or
  • based on Art. 6(1)(f) GDPR to protect our legitimate interest in an optimally functioning and user-friendly website.

We may collaborate with advertising partners. In such cases, third-party cookies may also be placed on your device.
If applicable, we will inform you separately about the use and content of these cookies.

Browser cookie settings
You can configure your browser to notify you when cookies are placed and decide individually whether to accept them, refuse them in specific cases, or disable them altogether. Instructions can be found in each browser’s help section.

Note: Disabling cookies may limit the functionality of our website.

4) Contact

When you contact us (e.g. via contact form or e-mail), we collect the personal data you provide. Which data this is can be seen in the respective form.

We use this data exclusively:

  • to respond to your inquiry,
  • for ongoing customer communication, and
  • for technical handling of the request.

Legal basis is our legitimate interest in responding to your inquiry (Art. 6(1)(f) GDPR).
If you contact us with the intent of concluding a contract, Art. 6(1)(b) GDPR also applies.

Your data is deleted once your request has been fully processed and no legal retention requirements apply.

5) Data Processing for Customer Accounts and Contract Fulfillment

According to Art. 6(1)(b) GDPR, we collect and process personal data when you provide it to us for:

  • completing an order, or
  • creating a customer account.

Which data is collected can be seen in the input fields.
You may request deletion of your customer account at any time by contacting us.

We use the data you provide solely for contract fulfillment.
After full completion of the order or deletion of the account, your data will be blocked from further use and deleted after tax and commercial retention periods expire, unless you have expressly consented to further use or we are legally permitted to continue processing.

6) Use of Your Data for Direct Marketing

6.1 Subscription to our newsletter

When you subscribe to the Snuff & Coze email newsletter, you will regularly receive information about our offers. Only your email address is required; other information is optional and used for personalized addressing.

We use a double opt-in process:

  • you subscribe,
  • you receive a confirmation email,
  • only after confirming via the link will we send you the newsletter.

By activating the confirmation link, you grant consent (Art. 6(1)(a) GDPR).
Upon registration, we store your IP address, date, and time of subscription to trace possible misuse.

You may unsubscribe at any time via the link in any newsletter or by contacting us.
Your email address will then be removed from the mailing list unless you have expressly consented to further use or we are legally permitted to continue processing.

6.2 Newsletter to existing customers

If you provided your email address during a purchase, we may use it to send offerings for similar products, even without explicit consent, based on our legitimate interest in personalized direct marketing (Art. 6(1)(f) GDPR).

You may object at any time by contacting us. After objection, your email address will no longer be used for marketing.

7) Data Processing for Handling Orders

7.1 Shipping and payment

To fulfill the contract, we may transfer personal data as necessary to:

  • the carrier / delivery service,
  • the payment service provider or bank.

Legal basis: Art. 6(1)(b) GDPR.

7.2 Use of payment services

PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later”/installment via PayPal, we transfer your payment data to:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg

This is based on Art. 6(1)(b) GDPR to process your payment.

PayPal may conduct a credit check for certain payment methods (Art. 6(1)(f) GDPR – PayPal's legitimate interest).
More information can be found in PayPal’s privacy policy.

You may object, but PayPal may still process your data if necessary to fulfill the contract.

SOFORT / Klarna
If you choose the "SOFORT" payment method, payment is handled by:

SOFORT GmbH (part of the Klarna Group), Theresienhöhe 12, 80339 Munich, Germany

We send your data and order details to SOFORT based on Art. 6(1)(b) GDPR.

8) Review Reminder

We may use your email address once to remind you to review your order, provided you have given explicit consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time by contacting us.

9) Use of Social Media Plug-ins

We use social media plug-ins from Facebook, Google+ and Instagram, implemented with a privacy-friendly Shariff solution.

This means:

  • Buttons are integrated as normal HTML links.
  • No connection to the provider's servers is made unless you click the button.
  • Only upon clicking will a new window open, where you can use functions (like, share, etc.).

Providers (Facebook, Google, Instagram) are certified under the Privacy Shield and ensure adequate protection per EU standards.

Details can be found in each provider’s privacy policy.

10) Online Marketing

We use various online marketing tools, including:

  • DoubleClick by Google
  • Google AdWords with conversion tracking

These services use cookies to:

  • display relevant ads,
  • analyze campaign performance,
  • prevent ads from being shown too frequently.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in optimal marketing).

You may disable cookie-based tracking in your browser, via Google’s settings, or via the Digital Advertising Alliance.

11) Web Analytics with Google (Universal) Analytics

Our website uses Google (Universal) Analytics, a web analysis service.

Cookies are used to analyze site usage.
We use _anonymizeIp(), so your IP address is shortened within the EU and cannot be directly linked to you.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in statistical analysis for optimization and marketing).

You may:

  • block cookies in your browser,
  • install a browser plug-in to disable Google Analytics,
  • set an opt-out cookie to stop analytics on this site.

Google is certified under Privacy Shield.

12) Remarketing / Retargeting

We use:

  • Facebook Custom Audiences (via Facebook Pixel)
  • Google AdWords Remarketing

These allow us to re-target website visitors with personalized ads.
This is based on cookies and pseudonymous profiles.

Processing occurs only with explicit consent (Art. 6(1)(a) GDPR) or our legitimate interest (Art. 6(1)(f) GDPR, where applicable).

You may:

  • block cookies in your browser,
  • disable personalized ads in Facebook or Google,
  • object via the Digital Advertising Alliance.

13) Rights of Data Subjects

Under the GDPR, you have the following rights with Snuff & Coze:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
  • Right to object (Art. 21 GDPR)

If we process your data based on legitimate interests, you may object at any time for reasons related to your personal situation.

If you object:

  • we will stop processing unless we can demonstrate compelling legitimate grounds that outweigh your interests, or
  • processing is required for legal claims.

If we use your data for direct marketing, you may object at any time. After objection, your data will no longer be used for such marketing.

14) Retention Period for Personal Data

The retention period is based on statutory storage obligations (e.g. tax or commercial law).

After these periods, the respective data is routinely deleted, unless still required:

  • for fulfilling or preparing a contract, or
  • because we have a legitimate interest in continued storage.