Privacy policy
Privacy Policy
Last updated: 8 July 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
IB Media GmbH Rudolf-Wild-Straße 84 69214 Eppelheim Germany Phone: +49 (0)6221 / 79 35 32 Email: info@longevity-health-club.de
2. What personal data we process
- Contact data: name, address, billing and delivery address, phone number, email address
- Financial data: payment method, transaction details (full card data is processed exclusively by our payment service providers and is not stored by us)
- Account information, if a customer account is used
- Transaction information: items viewed, added to the cart, purchased or returned, order history
- Communication data from your enquiries to us
- Device and usage information: IP address, browser type, device information, interaction with the shop
3. Purposes and legal bases at a glance
- Performance of contract (order processing, shipping, returns, customer account): Art. 6(1)(b) GDPR
- Legal obligations (including retention obligations under tax and commercial law, withdrawal button pursuant to Section 356a BGB): Art. 6(1)(c) GDPR
- Legitimate interest (fraud prevention, IT security, server log files, responding to non-contractual enquiries): Art. 6(1)(f) GDPR
- Consent (non-essential cookies, tracking, newsletter, personalised advertising): Art. 6(1)(a) GDPR, revocable at any time with effect for the future
4. Provision of the shop and server log files
Our shop is operated via the platform of Shopify International Limited. When you access our shop, Shopify automatically collects information in server log files transmitted by your browser (including IP address, date/time, referrer URL, browser used). The legal basis is Art. 6(1)(f) GDPR. Further information on data processing by Shopify can be found at shopify.com/legal/privacy.
5. Cookies and consent management
We use cookies, some of which are technically necessary and some of which serve analysis and marketing purposes. The use of cookies and comparable technologies is governed by Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG) in conjunction with Art. 6(1)(a) GDPR: technically necessary cookies (e.g. shopping cart, login) may be set without consent, Section 25(2) TDDDG. All other cookies (analysis, marketing, personalised advertising) are only set after your express, active consent. An up-to-date overview of all cookies used, as well as the option to change or revoke your consent at any time, can be found in our cookie settings, accessible via the banner or the link in the website footer.
6. Contacting us
If you contact us by email, the data you provide (email address, name and phone number if applicable, content of your enquiry) will be stored by us for the purpose of processing the enquiry. The legal basis is Art. 6(1)(b) GDPR if your enquiry relates to a contract, otherwise Art. 6(1)(f) GDPR.
7. Customer account
You can create a customer account in our shop. In doing so, we process the data you provide (name, address, email address, login credentials) as well as your order history for the purpose of managing your account and processing orders. The legal basis is Art. 6(1)(b) GDPR. You can have your customer account deleted at any time; statutory retention obligations for orders already placed remain unaffected.
8. Newsletter
If you sign up for our newsletter, we use your email address to send you regular information about our products and offers. Registration takes place using the double opt-in procedure: after signing up, you will receive an email with a confirmation link; we will only add you to the mailing list after confirmation. We log the registration (time of sign-up and confirmation, IP address) in order to be able to prove consent. The newsletter is sent via newsletter software operated by ourselves on our own infrastructure; your data is not passed on to external newsletter service providers for this purpose. The legal basis is your consent, Art. 6(1)(a) GDPR. You can unsubscribe from the newsletter at any time via the unsubscribe link in every email or by contacting us.
9. Order processing
To process your order, we process the data required for the performance of the contract (name, delivery and billing address, email address, phone number, payment data, order content), Art. 6(1)(b) GDPR. We share data with the following categories of recipients:
- payment service providers, to process the payment method you have chosen
- shipping service providers, to deliver the ordered goods
- technical service providers for the operation of the shop, in particular Shopify International Limited as hosting and shop platform
10. Our own systems and hosting with AWS
In addition to Shopify, we use our own systems to manage customer and order data. We operate these on the infrastructure of Amazon Web Services EMEA SARL (“AWS”), data centre region Frankfurt am Main (eu-central-1). A data processing agreement pursuant to Art. 28 GDPR is in place with AWS. Storage and processing take place on servers within the European Union. Insofar as access from a third country cannot be ruled out in individual cases, such access takes place on the basis of the standard contractual clauses of the European Commission and the adequacy decision for the EU-U.S. Data Privacy Framework. The legal basis for the processing is Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in the efficient and secure operation of our systems).
11. Withdrawal button / electronic withdrawal function
If you use our online withdrawal function, we process the information required for this (name, order data, contact details for the confirmation of receipt) in order to fulfil our legal obligation under Section 356a BGB. The legal basis is Art. 6(1)(c) GDPR.
12. Relationship with Shopify (advanced marketing features)
For the technical operation of the shop, Shopify acts as our processor (Art. 28 GDPR; the basis is the Data Processing Addendum contained in the Shopify Terms of Service). In addition, we may use advanced Shopify features (e.g. Shopify Audiences) for personalised advertising, in which Shopify includes data from interactions with our shop, with other merchants and with Shopify itself. For these advanced features, Shopify is independently responsible for the processing and no longer acts as our processor. Information on your rights in this context can be found in the Shopify Consumer Privacy Policy at shopify.com/legal/privacy and in the Shopify privacy portal (privacy.shopify.com).
13. Children's data
Our services are not directed at children. We do not knowingly collect personal data from persons under the age of 16 (Art. 8 GDPR). Parents or guardians who become aware that their child has provided us with personal data can contact us using the contact details given above to request its deletion.
14. Storage period
We retain order and invoice data for a period of generally 10 years due to obligations under commercial and tax law (Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)). Customer accounts remain in place until you request their deletion. We store newsletter data until you unsubscribe. We delete contact enquiries once they have been fully processed and no statutory retention obligation applies. We delete or deactivate data based on consent (e.g. tracking) as soon as you revoke your consent.
15. International data transfers
When transferring personal data outside the EU/EEA, we rely on recognised transfer mechanisms such as the standard contractual clauses of the European Commission (Art. 46 GDPR) or, where applicable, adequacy decisions of the EU Commission.
16. Your rights
You have the following rights: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing (Art. 21 GDPR). Where we rely on your consent, you can revoke it at any time with effect for the future.
17. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg) Heilbronner Straße 35 70191 Stuttgart Germany Phone: +49 711 615541-0 Email: poststelle@lfdi.bwl.de
18. Changes to this privacy policy
We will update this privacy policy whenever changes to our data processing make this necessary.