Privacy Policy

We care about your privacy and want to explain clearly how we handle your personal data when you shop with us at info@musa-vaporizer.com

1. Controller

Tobias Siferlinger
LPH Tec., Sole proprietorship
Germany
📧 info@musa-vaporizer.com

2. What Data We Process

We may collect and process the following data:

  • Name, billing and delivery address

  • Email address

  • Order details (products, amounts, order date)

  • Payment data (processed securely via payment providers)

  • IP address and technical data (via hosting or platform)

  • Optional: newsletter subscription

We only collect data necessary to fulfill your order, comply with legal obligations, and provide customer service.

3. Purpose of Processing

We process your data to:

  • Fulfill and deliver your orders

  • Provide customer support

  • Comply with legal obligations (e.g. tax regulations)

  • Send newsletters (only if you opt in)

4. Legal Basis

Data processing is based on:

  • Contract performance – Art. 6(1)(b) GDPR

  • Legal obligations – Art. 6(1)(c) GDPR

  • Consent – Art. 6(1)(a) GDPR (e.g. for newsletter)

5. Data Sharing

We only share data when necessary:

  • Shipping providers – for delivery

  • Payment providers – for processing payments

    • Stripe

    • Amazon Pay

    • Google Pay

    • Bank transfer

  • Tax consultants or public authorities – if legally required

We do not sell or rent your data.

6. Hosting and Platform

Our website is hosted by [Hostinger.com].
We use WooCommerce as our shop system.
The hosting provider may store server logs (e.g. IP addresses, access times) for security and technical reasons.
A data processing agreement in accordance with Art. 28 GDPR has been concluded.

7. International Data Transfers

Since we use global services such as payment providers, your data may be processed outside the EU.
We ensure appropriate safeguards (e.g. standard contractual clauses) in accordance with the GDPR.

8. Newsletter

You will only receive newsletters if you have actively subscribed (opt-in).
You can unsubscribe at any time via the link in the email or by contacting us at info@musa-vaporizer.com.

Using a newsletter tool

We use a Newsletter Plugin (Steffano Lissa) for email newsletters.
A data processing agreement has been signed with this provider under Art. 28 GDPR.

9. Data Retention

We store your data only as long as necessary:

  • Order and tax-related data: 6–10 years (legal retention period)

  • Newsletter data: until you unsubscribe

  • Server logs and technical data: as required for security or operation

10. Your Rights

Under the GDPR, you have the right to:

  • Access your data

  • Correct incorrect data

  • Request deletion

  • Restrict processing

  • Data portability

  • Withdraw consent (e.g. for newsletters)

  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us at:
📧 info@musa-vaporizer.com

11. Cookies & Tracking

Separate Cookie Policy

We provide details about our cookie usage in a separate Cookie Policy.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time.
The current version is always available on our website.

13. Automatic Account Creation

When you place an order as a guest, our system automatically creates a customer account for you in the background. This account is used to store your order details, facilitate future purchases, and provide you with an overview of your past orders.

For this purpose, we process and store the personal data you provide during checkout (such as your name, billing/shipping address, and email address).

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract).

You may log in to your customer account using your email address and set a password via the “Forgot Password” function. You also have the option to delete your account at any time in your profile settings or by contacting us. Please note that certain data may continue to be stored if required by statutory retention obligations (e.g. under tax or commercial law).

Your data will not be used for any purposes other than fulfilling your order and managing your account, unless you have explicitly consented to additional uses (such as newsletters).

14. Independet Analytics


We use Independent Analytics, a privacy-friendly analytics tool that runs directly on our website without relying on external servers. This tool helps us understand how visitors interact with our site, such as which pages are most popular and where our traffic comes from.

Independent Analytics does not use cookies and does not store any personally identifiable information. All data is collected anonymously and stored only on our own server. This information is used exclusively for statistical purposes and to improve our website and services.

15. Customer Review Request

After completing a purchase, we may contact you by email within a certain period of time to invite you to provide feedback or a review of the products you have purchased. This helps us improve our services and allows other customers to make informed decisions. Receiving such an email is part of our customer service, and you are free to choose whether or not to submit a review.

16. Wordfence

We use the Wordfence security plugin to protect our website from unauthorized access, malware, and spam. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

Wordfence helps to secure our website by checking login attempts, monitoring access, and blocking malicious traffic. For this purpose, a connection to the provider’s servers is established, and security-related data (such as IP addresses and patterns of suspicious activity) are compared with Defiant’s databases.

Data processed:

  • IP addresses of visitors

  • Details of login attempts and suspicious activities

  • Security log entries

Legal basis:
The use of Wordfence is based on our legitimate interest in ensuring the best possible protection of our website against cyberattacks (Art. 6 (1) lit. f GDPR).

Data transfer to third countries:
A transfer of personal data (e.g., IP addresses) to Defiant’s servers in the USA may occur. The provider relies on the EU Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Further information on how Wordfence processes personal data can be found in the provider’s privacy policy:
https://www.wordfence.com/help/general-data-protection-regulation/

17. Embedding Videos (YouTube and Vimeo)

YouTube

Our website integrates videos from the platform YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

When you visit a page containing a YouTube video, a connection to YouTube’s servers is established. In the process, certain data (such as your IP address and the page you visited) may be transmitted to YouTube/Google. If you are logged into your YouTube or Google account, this information may be linked to your user profile.

We use YouTube in privacy-enhanced mode where available. According to YouTube, this mode means that data about visitors is not stored until the video is played. However, transmission of data to YouTube/Google servers may still occur before playback.

The processing of this data is based on your consent in accordance with Art. 6(1)(a) GDPR, provided you grant consent via our cookie/consent tool. If no consent tool is used, processing is based on our legitimate interest in providing an attractive presentation of our online services (Art. 6(1)(f) GDPR).

For further information, please see Google’s Privacy Policy:
https://policies.google.com/privacy

Vimeo

Our website also integrates videos from the platform Vimeo. The provider is Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, NY 10001, USA (“Vimeo”).

When you visit a page containing a Vimeo video, a connection to Vimeo’s servers is established. Certain data (such as your IP address, device and browser information, and the page you visited) may be transmitted to Vimeo. If you are logged into your Vimeo account, this information may be associated with your user profile.

While we implement Vimeo in a manner intended to minimize data processing, transmission of data to Vimeo servers in the United States cannot be fully excluded before or during video playback.

The processing of this data is based on your consent in accordance with Art. 6(1)(a) GDPR, provided you grant consent via our cookie/consent tool. If no consent tool is used, processing is based on our legitimate interest in providing a media-rich and user-friendly presentation of our online services (Art. 6(1)(f) GDPR).

For further information, please see Vimeo’s Privacy Policy:
https://vimeo.com/privacy

International Data Transfers

Both YouTube/Google and Vimeo may process data in the United States. Where personal data is transferred to the U.S. or other third countries, such processing is based on:

  • The EU-U.S. Data Privacy Framework (if the provider is certified), or

  • The use of EU Standard Contractual Clauses (SCCs) approved by the European Commission, and/or

  • Other legally recognized transfer mechanisms under Chapter V GDPR.

These measures are intended to ensure that your personal data is afforded an adequate level of protection consistent with EU data protection law.

18. Contact

Questions about your data?
Write to us anytime:
📧info@musa-vaporizer.com

Shopping Cart
en_US
de_DE en_US
Scroll to Top