Privacy Policy
1. Privacy at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this online shop or make a purchase. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to the privacy policy listed below this text.
Who is responsible?
The entity responsible for data processing in this online shop is Weingut Puder GbR. You can find full contact details in section 3 under “Information on the responsible entity”.
What data is collected?
When visiting and using this shop, the following data is essentially processed:
Data that you actively provide (e.g. during an order, newsletter registration, in the AI Sommelier chat),
Data that is generated during contract fulfillment (e.g. order history),
Technical data that is automatically collected when visiting the website (e.g. IP address, browser type).
Why is your data processed?
Data is processed in particular for contract fulfillment (order, shipping, payment), to provide the online shop, to fulfill legal obligations (e.g. accounting, taxes, youth protection), and on the basis of your consent (e.g. for the newsletter).
What rights do you have?
You have the right to receive information about your stored data, its origin, its recipients, and the purpose of its collection at any time at no charge, as well as the right to request correction, blocking, or deletion. You also have the right to data portability, as well as the right to lodge a complaint with the competent supervisory authority. Details can be found in section 3.
Who processes your data technically?
This online shop is operated via the Vinolin UG (haftungsbeschränkt) platform. Vinolin processes part of your data as a data processor on behalf of the aforementioned responsible entity. For certain functions (in particular the central login service and the AI Sommelier under the sole responsibility of Vinolin), Vinolin is the controller; you can find details on this in sections 5, 6, and 7.
2. Hosting and technical provision
The online shop is operated on the “Vinolin Suite” SaaS platform by Vinolin UG (haftungsbeschränkt), Bildungscampus 11, 74076 Heilbronn. Vinolin processes the personal data generated in this shop as a data processor on behalf of the shop operator. A data processing agreement has been concluded with Vinolin in accordance with Art. 28 GDPR.
Vinolin uses the following sub-processors for the technical provision of the platform:
Vercel Inc. (USA, with global CDN) — web hosting and delivery of static content
Neon Inc. (USA, data processing in Frankfurt am Main) — database hosting
Inngest, Inc. (USA) — background job processing
Amazon Web Services EMEA SARL (Luxembourg, data processing in Frankfurt am Main) — sending of transactional emails (e.g. order confirmations)
Google Ireland Ltd. (Ireland, data processing in Frankfurt am Main) — AI functions for the Sommelier (cf. section 7)
PostHog, Inc. (USA, data processing exclusively in the EU — Frankfurt am Main) — web analysis and session recordings, only with your consent (cf. section 4.3)
For sub-processors based outside the EU, EU Standard Contractual Clauses (SCCs) are used in accordance with Art. 46 (2) lit. c GDPR; in some cases, there is also a self-certification under the EU-U.S. Data Privacy Framework.
Processing is carried out for the purpose of fulfilling the contract with our customers (Art. 6 (1) lit. b GDPR) as well as based on our legitimate interest in a secure, fast, and efficient provision of the online shop by professional providers (Art. 6 (1) lit. f GDPR).
3. General information and mandatory information
Data protection
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
We point out that data transmission on the internet (e.g. when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.
Information on the responsible entity
The responsible entity for data processing in this online shop is:
Weingut Puder GbR
Königstraße 12
67308 Zellertal – Niefernheim
Phone: +49 (0) 06355 – 402
E-mail: info@puder-wein.de
{{HANDELSREGISTER_GERICHT_NUMMER}}
VAT ID No.: DE148676217
Data Protection Officer
We have not appointed a data protection officer because we are not obliged to do so. If you have any questions regarding data protection, please contact us using the contact details mentioned under “Information on the responsible entity”.
Storage duration
Unless a more specific storage period has been stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods pursuant to § 257 HGB / § 147 AO; generally ten years); in the latter case, deletion will take place after these reasons cease to exist.
General information on the legal basis for data processing
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR. If your data is required for the fulfillment of a contract or for the performance of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is required to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing can also occur on the basis of our legitimate interest according to Art. 6 (1) lit. f GDPR. The following paragraphs of this privacy policy provide information about the legal basis relevant in each individual case.
Recipients of personal data
As part of our business activities, we work with various external entities. In some cases, it is necessary to transmit personal data to these external entities. We only pass personal data to external entities if this is necessary for the performance of a contract, if we are legally obliged to do so, if we have a legitimate interest in the disclosure pursuant to Art. 6 (1) lit. f GDPR, or if another legal basis permits the disclosure. When using data processors, we only pass on personal data on the basis of a valid contract for data processing.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object (Art. 21 GDPR)
If the data processing is based on Art. 6 (1) lit. e or f GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. If you file an objection, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing.
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, the data subjects have a right of appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedies.
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz.
Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a standard, machine-readable format. If you require the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Information, correction, and deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to correction or deletion of this data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
Objection to promotional e-mails
The use of contact data published within the framework of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
4. Data collection when visiting this shop
4.1 Cookies
This online shop uses cookies. We distinguish between technically necessary cookies and those that we only use with your consent.
Technically necessary cookies are required for the shop to function — in particular for:
managing your login session (if you have logged in via the Vinolin login),
managing your shopping cart,
securely processing the ordering and payment process,
a technical identification of your session in the AI Sommelier chat (Conversation-ID),
saving your cookie selection itself (cookie “vinolin-consent”, storage duration 12 months).
These cookies are set on the basis of § 25 (2) no. 2 TDDDG without consent, as they are absolutely necessary for the provision of the services you have expressly requested. The legal basis for the associated data processing is Art. 6 (1) lit. b GDPR (contract fulfillment) or Art. 6 (1) lit. f GDPR (legitimate interest in a secure and functional operation).
Cookies and comparable technologies requiring consent (categories “Statistics”, “Marketing”, and “Preferences”) are only used if you have consented when visiting this shop via the cookie banner (§ 25 (1) TDDDG, Art. 6 (1) lit. a GDPR). Currently, this concerns web analysis with PostHog (category “Statistics”, cf. section 4.3). You can change your selection at any time via the “Cookie settings” link in the footer and revoke your consent with effect for the future — revocation is as easy as granting it.
To verify the consent given (Art. 7 (1) GDPR), we save the time, the selected categories, a random decision ID, and a shortened IP address for every banner decision.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases or generally exclude them. If technically necessary cookies are deactivated, the functionality of this shop is limited.
4.2 Server log files
When you call up this online shop, information is automatically recorded in so-called server log files, which your browser transmits automatically, via the infrastructure of our platform provider Vinolin (cf. section 2). These are: browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address.
A merge of this data with other data sources is not performed. This data is collected on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in the technically error-free provision of this shop and the security of our systems. The logs are generally deleted automatically after 30 days.
4.3 Web analysis and session recordings with PostHog
If you have consented to the “Statistics” category via the cookie banner, we use the analysis service PostHog in this shop. The provider is PostHog, Inc. (USA). Processing takes place exclusively via the EU cloud of PostHog; the data is stored on servers in Frankfurt am Main (Germany) and is not transferred to the USA. PostHog is integrated as a sub-processor in the data processing by Vinolin (cf. section 2); a contract for data processing according to Art. 28 GDPR exists.
PostHog helps us to understand how visitors use this shop in order to improve the offer and in particular the ordering process. For this purpose, the following are processed, among others:
accessed pages and interactions with the shop (e.g. adding to the shopping cart, steps in the ordering process),
technical information (browser type, operating system, device type),
a pseudonymous visitor ID (cookie / local storage),
for logged-in customers, a pseudonymous account ID.
Session recordings: With your consent, PostHog records individual shop sessions pseudonymized (so-called Session Replay) in order to detect operational problems in the shop. All form entries as well as e-mail and address data are already masked in your browser and are not transmitted to PostHog.
The legal basis is your consent (Art. 6 (1) lit. a GDPR, § 25 (1) TDDDG). You can revoke your consent at any time with effect for the future via “Cookie settings” in the footer; the associated cookies will then be deleted and no further data will be collected. The legality of the processing carried out until the revocation remains unaffected.
Further information can be found in PostHog's privacy policy at https://posthog.com/privacy.
5. End customer account and login (account.vinolin.com)
5.1 Central login service
For logging in to this shop, we use the central login service of Vinolin UG (haftungsbeschränkt) under the domain account.vinolin.com. This service allows you to make purchases in all Vinolin shops with a single account, without having to create a separate account in each shop.
Vinolin UG (haftungsbeschränkt), Bildungscampus 11, 74076 Heilbronn, is responsible for the processing of your account data within the scope of this login service. The applicable privacy policy can be found at https://vinolin.com/datenschutz.
5.2 What data is processed?
When registering and logging in via the Vinolin account, the following data is processed in particular:
First name, last name (optional gender and profile picture)
E-mail address and e-mail verification status
Telephone number (optional)
Date of birth (as part of the age indication)
Password hash, session token, OAuth tokens
IP address and user agent at the time of login
5.3 When will your data be passed on to us?
Only once you make a purchase in our shop or subscribe to our newsletter will the data necessary for these purposes be transmitted by Vinolin to us as the shop operator. From this point on, we are responsible for the processing of the data associated with the order or the newsletter (cf. sections 6 and 8).
6. Order processing in the shop
6.1 What data is processed during an order?
As part of an order, we process the data required for contract fulfillment. This is partly collected directly from you, partly provided via the Vinolin account or via the payment service provider:
Master and contact data (via Vinolin account):
First and last name, e-mail address, possibly telephone number
Date of birth (for the age indication in accordance with youth protection laws)
Address and payment data (via the payment service provider Stripe, cf. section 6.3):
Shipping and billing address
Payment data (e.g. credit card token; full card data is not stored by us)
Order data:
Order number, order items, quantities, prices
Order status, shipping status
Invoice documents
6.2 Legal basis and storage duration
Order data is processed on the basis of Art. 6 (1) lit. b GDPR (contract fulfillment). Order data relevant for accounting (in particular invoices) are kept for ten (10) years in accordance with § 257 HGB / § 147 AO. The legal basis for this is Art. 6 (1) lit. c GDPR (legal obligation).
6.3 Payment processing via Stripe
Payment processing in this shop is carried out via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Via Stripe, you can pay with, among other things, credit card, Apple Pay, Google Pay, or Wero.
Stripe is an independent controller within the meaning of Art. 4 No. 7 GDPR for payment processing. You enter your payment data (in particular card and bank details, delivery and billing address) directly with Stripe. Stripe processes this data under its own responsibility for payment processing as well as for the fulfillment of legal obligations (in particular in the area of anti-money laundering).
We only transmit your e-mail address to Stripe to enable Stripe to identify your order. We receive status information about the payment as well as the delivery address required for shipping back from Stripe.
Further information can be found in Stripe's privacy policy at https://stripe.com/de/privacy.
6.4 Payment processing via PayPal
If you choose to pay with PayPal, payment processing is carried out via PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg.
PayPal is an independent controller for payment processing. You enter your payment data directly with PayPal. PayPal processes this data under its own responsibility. Further information can be found in PayPal's privacy policy at https://www.paypal.com/de/legalhub/privacy-full.
6.5 Shipping of goods
We handle shipping ourselves via a shipping service provider commissioned by us ({{VERSANDDIENSTLEISTER}}). For this purpose, we transmit your delivery and, if applicable, contact data (e-mail address, telephone number) to the shipping service provider. The legal basis is Art. 6 (1) lit. b GDPR.
6.6 Sending of order confirmations and status e-mails
As part of the order processing, you will receive automated e-mails (order confirmation, shipping confirmation, status information). The technical dispatch takes place via the infrastructure of our platform provider Vinolin and is handled via the sub-processor Amazon Web Services EMEA SARL (cf. section 2).
7. AI Sommelier
In this shop, an AI-supported sommelier is available to recommend suitable wines from our range based on your taste preferences.
7.1 Anonymous use
You can also use the AI Sommelier without logging in. Before first use, you must agree to the processing of your inputs. In the case of anonymous use, the conversation history is saved; an IP address is not recorded, so that recognizing your person across multiple sessions is not possible.
7.2 Use with a logged-in account
If you are logged in via your Vinolin account, your name will also be transmitted to enable more personalized advice. In the future, a shop-wide taste profile managed via the Vinolin account may also be included, provided you have consented to the creation and use of such a profile.
7.3 Responsible entity
Weingut Puder GbR as the shop operator is responsible for providing the AI Sommelier within the scope of this shop. Vinolin processes the data generated in the Sommelier dialogue as a data processor on behalf of the shop operator (cf. section 2). The processing of the shop-wide taste profile is carried out by Vinolin under its own responsibility; details and the option to consent or revoke can be found in Vinolin's privacy policy.
7.4 AI processing via Google Vertex AI
To generate the AI responses, your inputs as well as, if applicable, your name are transmitted to Google Ireland Ltd. (Google Vertex AI). Processing takes place in a data center in Frankfurt am Main (Germany). According to Google, the transmitted data is processed exclusively for generating the respective response, is not stored permanently, and is not used for training purposes.
7.5 Legal basis and storage duration
Processing takes place on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR, which you grant before the start of the chat. You can revoke your consent at any time with effect for the future.
8. Newsletter
8.1 Registration with double opt-in
You can subscribe to our newsletter on this shop's website. Registration takes place via the double opt-in procedure: after entering your e-mail address, you will receive a confirmation e-mail with a confirmation link. Only after clicking the link will you be added to our distribution list.
8.2 What data is processed?
As part of the newsletter registration, we process:
Your e-mail address
Confirmation status (Pending / Verified / Unsubscribed)
Confirmation and unsubscribe token
Time stamp of registration and confirmation
8.3 Dispatch and technical provision
We handle the technical dispatch of the newsletters via the infrastructure of our platform provider Vinolin. Amazon Web Services EMEA SARL (cf. section 2) is used as a sub-processor for this purpose. We remain the controller in this regard; Vinolin and AWS are involved exclusively as data processors.
8.4 Legal basis and revocation
Processing takes place on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by clicking the unsubscribe link in every newsletter or by sending us a corresponding message to info@puder-wein.de. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
After revocation, your data will be removed from the active newsletter distribution list. We may keep a record of your consent and the revocation in order to fulfill our burden of proof (Art. 6 (1) lit. f GDPR — legitimate interest in provability).
9. Further data processing outside the Vinolin platform
Accounting software: lexoffice, Winestro, Shiparound
Tax consultant — if they have access to personal data
10. Currency of this privacy policy
We reserve the right to adapt this privacy policy in the event of significant changes. The current version is available on our website.
Status: 1.7.2026