Data protection

1. Responsible person

Mittelweser Heilquellen GmbH
Auf dem Kampe 3a
31582 Nienburg/Weser
Telephone: 05021 - 60 39 0
Email: info@thesourcelab.de

2. Hosting & Platform

Our online store is powered by Shopify :

Shopify Inc. , 151 O'Connor Street, Ottawa, Ontario K2P 2L8, Canada

Shopify processes personal data in accordance with the EU Standard Contractual Clauses. More information: https://www.shopify.com/legal/privacy

3. Data Collected

3. Data Collected

When you visit our website or place an order, we – or rather our service provider Shopify – collect the following personal data:

First and Last Name

Billing and delivery address

Email address and telephone number (if provided)

Payment information (e.g., via Shopify Payments or third-party providers)

Order details (products purchased, quantity, price)

IP address (automatically transmitted when using the website)

This data is required to process your order, answer your inquiries, and provide our service.

4. Purposes of processing

Contract processing & order processing; Shipping & returns
Customer Service & Communication
Marketing & Retargeting
Security & Abuse Prevention

5. Tools and services used

a) Cookie Consent Tool (Cookiebot)

We use Cookiebot from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and manage your consents.


https://www.cookiebot.com/de/privacy-policy/

b) Google Analytics (with consent)

We use Google Analytics 4 , a web analytics service provided by Google Ireland Ltd., Gordon House, Dublin 4.


https://policies.google.com/privacy

c) Meta/Facebook Pixel (with consent)

We use the Facebook Pixel (Meta Platforms Ireland Ltd.) for personalized advertising:


https://www.facebook.com/privacy/policy

d) Payment service providers (e.g. PayPal, Klarna)

For payment processing, we share data with the following service providers:

You can find the privacy policies of these providers on their websites.

6. Legal basis

Article 6 paragraph 1 letter b GDPR (performance of a contract)

Article 6 paragraph 1 letter a GDPR (consent for tracking)

Article 6 paragraph 1 letter f GDPR (legitimate interest)

7. Storage duration

Data is stored only as long as is necessary for the respective purposes or as required by law (e.g. 10 years for invoice data according to § 147 AO).

8. Your rights

You have the right to:


Right of access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)

Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Complaint to a supervisory authority (e.g. The State Commissioner for Data Protection of Lower Saxony)

9. Data security

We use up-to-date encryption measures (TLS/SSL), firewalls, access restrictions, and regular security audits.

10th update

We reserve the right to update this privacy policy in the event of changes in legal regulations or technical developments. Last updated: May 2025.

Our selection

1 10