Skip navigation

Always free delivery

10% off private label and BIO products

4× small orders from 1 EUR

Try Xtra

PRIVACY POLICY - CUSTOMERS

Großer Kern GmbH, with its registered office at Tal 30, 80331 Munich ("Knuspr.de" or "We"), as the data controller, processes the personal data of its customers in connection with the operation of the web portal accessible at www.knuspr.de and via the mobile application ("Knuspr E-Shop").

This privacy policy is intended for individuals who purchase goods or use services via our e-shop. The following information provides you with transparent details regarding the nature, scope, purpose and legal basis of the processing of your personal data, as well as your associated rights as a data subject.

If you have any questions regarding the processing of your personal data or the exercise of your rights as a data subject, you can contact us at any time at kunden@knuspr.de or privacy@rohlikgroup.com.


1. SCOPE OF THE PROCESSING OF PERSONAL DATA, PURPOSES, DURATION AND LEGAL BASIS

In this section, we inform you about the personal data we process about you. For clarity, we have organised this section according to individual processing operations. For each process, the purpose, the categories of data processed, the duration of processing and the legal basis in accordance with Article 6(1)(a) to (f) of the General Data Protection Regulation (EU) 2016/679 ('GDPR') are listed.


1.1 Responding to enquiries, queries and suggestions

Purpose of processing

When you contact us with an enquiry, a concern or a suggestion, you may be asked to provide certain information about yourself or your company. We use the information you provide to contact you and to send you the requested information.

The provision of personal data for the purpose of responding to your enquiries, questions or providing the requested information is necessary. If you do not provide this data, we may not be able to respond to your enquiry, question or suggestion.

Categories of personal data

  • First name
  • Surname
  • Address
  • Customer account number
  • Telephone number
  • Email

If you are ordering for business purposes, we will also process:

  • Company name
  • Registered office
  • Identification number and tax identification number

Legal basis for processing

The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR, which consists of processing your enquiry, request or suggestion.

Duration of processing

A maximum of 4 years from the resolution of your enquiry, request or suggestion.


1.2 Processing of the order

Purpose of processing

When you purchase goods from the Knuspr.de online shop, we require your personal data in order to conclude and fulfil the contract.

The provision of personal data for the purpose of fulfilling the contract is a contractual requirement, and failure to provide such data may result in the contract not being concluded.

Categories of personal data

  • First name
  • Surname
  • Address
  • Telephone number
  • Email address
  • Details of the goods ordered
  • Information regarding the choice of payment method
  • Payment card details
  • Additional comments

If you are ordering for business purposes, we also process:

  • Company name
  • Registered office
  • Identification number and tax identification number

Legal basis for processing

This processing is necessary:

a) to fulfil a contract with you or to take pre-contractual steps at your request in accordance with Article 6(1)(b) of the GDPR,

b) to comply with legal obligations to which we are subject pursuant to Article 6(1)(c) of the GDPR, and

c) to protect our legitimate interests pursuant to Article 6(1)(f) of the GDPR, which primarily consist of the ability to document the essential details of our contractual relationship with you.

Duration of processing

We process data necessary for order processing and the fulfilment of the associated legal obligations for a period of up to 8 years from the end of the year in which the order was placed.


1.3 Creation and management of a customer account

Purpose of processing

When you create a customer account on the Knuspr.de e-shop, we process data relating to your purchases, your use of our services, and the personal data you provide about yourself via your account, for the purpose of creating and managing your customer account.

To access your customer account, you can also log in via the Facebook social network or your Google or Apple account. In this case, you do not need to enter your details manually, and we receive the personal data required to properly create a customer account for you from Meta Platforms, Inc. (Facebook social network), Alphabet Inc. (Google) or Apple Inc. The personal data transmitted to us in this way will be processed to the extent and for the purposes corresponding to your account settings on the Facebook social network or in your Google or Apple account.

When you make a purchase in the Knuspr.de e-shop, we store the data you have entered (primarily your first and last name, delivery address, telephone number and email address) for your next purchase, so that you do not have to enter it again.

When you complete a satisfaction survey, a market survey or a questionnaire regarding our services, etc., we process the data you provide in the questionnaire or survey for the purpose of improving the quality of our services. We add the completed satisfaction survey to your order details after you have made a purchase. Completing questionnaires or surveys is entirely voluntary.

Categories of personal data

  • First name
  • Surname
  • Age verification details (18+)
  • Customer account number
  • Login details
  • Email address
  • Telephone number
  • Address
  • Purchase history
  • Device fingerprint
  • IP address
  • Device location
  • Information regarding membership of loyalty or additional customer programmes
  • Content of the questionnaire
  • Additional comments

If you are ordering for business purposes, we also process:

  • Company name
  • Registered office
  • Identification number and tax identification number

Legal basis for processing

This processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken at your request in accordance with Article 6(1)(b) of the GDPR.

We process data obtained through satisfaction surveys, market research and questionnaires regarding our services on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR.

On the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR, we also process your personal data that is necessary for the potential defence of our legal claims following the termination of your customer account.

Duration of processing

We process personal data relating to your customer account, including the data contained therein, for the purpose of setting up and managing the customer account until the account is closed, and subsequently for a period of 4 years from the date of closure.

If you create a customer account (or log in via a Facebook, Google or Apple account) and do not make a purchase from us, we process the data for a period of 5 months from the date of creation.


1.4 Sending of commercial communications

Purpose of processing

To inform you about the goods and services we offer, as well as any ongoing competitions, we will send you our commercial communications, provided you have not opted out. You have the option to opt out of receiving commercial communications via the communication settings in your customer account during the registration process. You can change the settings (granting/withdrawing consent) in your customer account settings at any time. Due to technical limitations arising from SMS technology, when sending commercial communications via SMS, we will identify ourselves in the way you are most familiar with, i.e. as "Knuspr" or "Knuspr.de".

If you give us your consent, we may send you special offers based on the categories of goods you have already purchased from us. In this case, we will send you commercial communications about our goods and services, as well as those of our partners, by email, taking into account your purchases and preferences or otherwise selecting goods and services that best meet your needs.

Categories of personal data

By email, SMS, push notification:

  • First name
  • Surname
  • Email address
  • Telephone number

By post:

  • First name
  • Surname
  • Address

By telephone (live call):

  • First name
  • Surname
  • Telephone number
  • Call recording

Legal basis for processing

If you are our customer and have not opted out of receiving commercial communications, the legal basis for processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR, which primarily consists of promoting the sale of our goods and services to our customers, as well as the exception under Section 7(3) of the Unfair Competition Act (UWG).

If you are our customer and have opted out of receiving commercial communications on the basis of a legitimate interest, but then actively select the option to receive commercial communications in your customer account settings, the legal basis for the processing is your consent in accordance with Article 6(1)(a) of the GDPR. Giving this consent is voluntary and you are not obliged to do so by any legal provision. You may withdraw your consent at any time; the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal.

Duration of processing

We process personal data for the purpose of sending commercial communications on the basis of a legitimate interest (direct marketing) for the duration of our contractual relationship and for a maximum of 12 months after its termination, or until you object to such processing.

We process personal data for the purpose of sending commercial communications on the basis of your consent until such consent is withdrawn or until the customer account is terminated or deleted.


1.5 Satisfaction surveys

Purpose of processing

To improve the quality of our services and provided you have not objected to such communications, we will send you satisfaction questionnaires, market surveys or other communications relating to our services, etc. Participation in questionnaires/surveys is entirely voluntary.

Categories of personal data

  • First name
  • Surname
  • Customer account number
  • Email address
  • Telephone number
  • Company name (if you are ordering on behalf of a legal entity)
  • Content of the questionnaire

Legal basis for processing

If you are our customer and do not opt out of receiving satisfaction surveys, the legal basis for processing is our legitimate interest under Article 6(1)(f) of the GDPR, which is to improve our services.

If you are our customer and object to receiving satisfaction surveys on the basis of a legitimate interest, and then actively select this option in your customer account settings, the legal basis for the processing is your consent in accordance with Article 6(1)(a) of the GDPR. Granting this consent is voluntary and you are not obliged to do so by any legal provision. You may withdraw your consent at any time; the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal.

Duration of processing

We process personal data for the purpose of sending satisfaction surveys on the basis of your consent until such consent is withdrawn or until the customer account is terminated or deleted.


1.6 Recording of telephone calls

Purpose of processing

When you communicate with us by telephone, all our calls are recorded. Call recordings are stored in our internal system and, if you are a customer, linked to your customer account. The call recordings serve primarily to document the fulfilment of our contractual obligations, for quality management, to prevent future legal claims, to combat fraud, and to fulfil your requests and respond to your enquiries. If you do not consent to the recording of calls, please contact us by email.

Categories of personal data

  • Call recording

Legal basis for processing

The legal basis for the recording of telephone calls is your consent in accordance with Article 6(1)(a) of the GDPR. The provision of this consent is voluntary and you are not obliged to do so by any legal provision. You may withdraw your consent at any time; the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal.

Duration of processing

Call recordings are generally stored for a period of 6 months, or for longer in connection with a specific case (if they are to be used as evidence).


1.7 Sale of tobacco, alcohol and instant lottery tickets

Purpose of processing

When you purchase alcoholic drinks, instant lottery tickets, tobacco products and e-cigarettes from us, we are legally obliged, under the Youth Protection Act and the Tobacco Products Act, to verify your age. We must therefore ensure that no alcoholic beverages, tobacco products, smoking accessories, herbal smoking products or e-cigarettes are sold through us to persons under the age of 18. When delivering an order containing tobacco products and/or alcohol and/or instant lottery tickets, the courier is entitled to request proof of identity from the person receiving the delivery. In order to provide evidence of the age verification system to the supervisory authorities, the courier enters the information from the identity card into our internal system.

Categories of personal data

  • First name
  • Surname
  • Date of birth
  • The last four digits of the ID card number (we do not process the full ID card number)

Legal basis for processing

This processing constitutes the fulfilment of a legal obligation applicable to us pursuant to Article 6(1)(c) of the GDPR.

Duration of processing

We store the personal data required to verify age for the sale of tobacco products, alcoholic beverages, instant lottery tickets and e-cigarettes for a period of 4 years from the date of the last purchase of the products.


1.8 Conducting marketing analyses and statistics

Purpose of processing

If you give us your consent in the Knuspr.de e-shop, we will also process the personal data you provide, including your purchase history, for the purpose of carrying out marketing analyses and statistics.

Categories of personal data

  • First name
  • Surname
  • Address
  • Telephone number
  • Email address
  • Details of the goods ordered
  • Information regarding the choice of payment method
  • Payment card details
  • Communication with you, including any photos you provide to us (e.g. in the event of a complaint)
  • Purchase history
  • Data relating to your visit to the Knuspr.de online shop
  • Device fingerprint
  • IP address
  • Information regarding membership of loyalty or additional customer programmes

Legal basis for processing

This processing is only possible on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. Granting this consent is voluntary and you are not legally obliged to do so. You may withdraw your consent at any time; the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal.

Duration of processing

We process personal data for the purpose of carrying out marketing analyses and statistics on the basis of your consent until such consent is withdrawn or until the customer account is terminated or deleted.


1.9 Operation of the Hörnchen Club

Information on the processing of personal data of Hörnchen-Club members can be found in a separate document, the current version of which is available here.


1.10 Customisation of the content of the Knuspr.de e-shop

Purpose of processing

The Knuspr.de e-shop uses your customer number and your purchase history to display personalised content to you on the Knuspr.de e-shop. The display of personalised content simply means that your favourite products are shown first in each product category to make shopping easier for you.

The purpose of the processing is to provide the shopping service with as few clicks as possible. Please note that the service of ensuring shopping with as few clicks as possible is an integral part of the Knuspr.de online shop. The purpose of displaying personalised content is not to engage in marketing, distribute advertising or encourage the purchase of specific products.

We have carried out a data protection impact assessment for this processing in collaboration with our Data Protection Officer to ensure that this processing, which is intended to provide you with a functional service that saves you time, does not pose an increased risk to your privacy.

Categories of personal data

  • Customer account number
  • Purchase history

Legal basis for processing

This processing is necessary for the performance of a contract with you in accordance with Article 6(1)(b) of the GDPR.

Duration of processing

For as long as the customer account is active.


1.11 Use of the virtual (AI) assistant Maia

Purpose of processing

If you use our virtual assistant Maia to help you choose products, provide cooking tips and make shopping easier, please note that Maia uses elements of artificial intelligence to provide answers. To enable Maia to provide follow-up answers, it stores data on past conversations (usually the last five conversations). Maia does not use the data to improve its algorithms in general, but only to generate the best possible answer to your question. However, if you point out an incorrect answer to the virtual assistant, it learns from this and uses this data to try to avoid a repeat. The virtual assistant Maia is an additional service that you may or may not use – its use is entirely voluntary.

Categories of personal data

  • First name
  • Surname
  • Address
  • Email address
  • Customer account number
  • Purchase history
  • Recording of a conversation, including any photos you provide to us

Legal basis for processing

As part of our customer service, we offer you the option to submit enquiries regarding your order, delivery status, returns and other contract-related matters via our voice chatbot. The processing of your voice data and the content transmitted in this context is carried out on the basis of Article 6(1)(b) of the GDPR, as the voice chatbot is used exclusively within the framework of the customer contractual relationship.

Duration of processing

For as long as the customer account is active and for a further 4 years following its deletion.


1.12 Public fundraising

Purpose of processing

If you participate in a public fundraising campaign to which you can contribute via our e-shop Knuspr.de, we are legally obliged under the Income Tax Act and the Income Tax Implementation Ordinance to pass on your data to the organiser of the public fundraising campaign. We will always inform you of the organiser in connection with your contribution to the respective public fundraising campaign.

Categories of personal data

  • First name
  • Surname
  • Address
  • Amount of donation

Legal basis for processing

This processing constitutes the fulfilment of a legal obligation applicable to us pursuant to Article 6(1)(c) of the GDPR.

Duration of processing

If you take part in a public fundraising campaign organised by us (i.e. where we are involved in its implementation), we generally process your personal data for a period determined by the nature of the fundraising campaign and the applicable legal provisions (at least 5 years in accordance with the Accounting Act and up to 10 years for tax purposes).


1.13 Referral programme

Purpose of processing

If you take part in the "Referral Programme", it is necessary to process some of your personal data. The programme is a free bonus scheme through which all customers with an active account can receive a reward for purchases made in the Knuspr.de online shop. You receive a reward for referring new customers, and the person you refer also receives a benefit. Participation in the programme and the provision of personal data for the purposes of the programme are voluntary; however, without the processing of such data, your participation in the programme is not possible.

Categories of personal data

  • First name
  • Surname
  • Customer account number
  • Telephone number
  • Email address
  • Purchase history
  • Device fingerprint
  • Device IP address
  • Information on links used

Legal basis for processing

This processing is necessary for the performance of a contract with you pursuant to Article 6(1)(b) of the GDPR regarding participation in the referral programme and in accordance with the terms and conditions of the referral programme.

Duration of processing

Personal data is processed automatically and securely in electronic form for the period necessary for the organisation of the programme, the verification of compliance with the programme terms and conditions, and any checks by authorities, but for no longer than three (3) years after termination of participation in the referral programme, unless a longer period is required by law (e.g. in connection with accounting).


1.14 "Knuspr Xtra" programme

Purpose of processing

If you use the paid membership in accordance with the terms and conditions of the Xtra membership service, we process your personal data for the purpose of ensuring the operation of the paid membership, i.e. for the purpose of providing above-average services.

Categories of personal data

  • First name
  • Surname
  • Customer account number
  • Address
  • Telephone number
  • Email
  • Details of the goods ordered
  • Information regarding the chosen payment method
  • Payment card details
  • Information about your use of Xtra benefits

Legal basis for processing

This processing is necessary for the performance of a contract with you pursuant to Article 6(1)(b) of the GDPR regarding the provision of Xtra membership.

Duration of processing

For as long as your membership of the programme is active, unless a longer period is required by law (e.g. in connection with accounting).


1.15 "Knuspr Fürsorge" Club

Purpose of processing

If you are a member of the "Knuspr Fürsorge" club, the courier delivering your first order will verify your eligibility for club membership in one of the following ways:

a. for senior citizens – by visually checking your age or by checking an official ID (identity card or passport),

b. for holders of a disability card or another document proving a disability.

We do not store any data from the documents presented during this verification. The courier simply confirms to our customer support team that eligibility has been verified, and this confirmation is stored in our system. You can find the "Knuspr Fürsorge" Terms and Conditions here.

Categories of personal data

  • Date of birth
  • Expiry date of a disability card or other document proving a disability

Legal basis for processing

This processing is necessary for the performance of a contract with you pursuant to Article 6(1)(b) of the GDPR regarding membership of the club.

Duration of processing

One-off verification.


1.16 Complaints

Purpose of processing

In order to process complaints, it is necessary to process your personal data. In this context, in addition to information about the goods ordered, we also use the content of our relevant communications, including any photos you provide to us, as well as your purchase history. To ensure availability and an immediate response to our above-average volume of online complaints, we use automated processing procedures and, in justified cases, automated decision-making to process your personal data more quickly and consistently, always in accordance with Article 22(2)(a) of the GDPR. This process may also involve elements of artificial intelligence. The decision-making logic for handling complaints in such cases is identical to that used when complaints are handled by a human employee and is based on the rules set out in the complaints procedure.

In accordance with Article 22(3) of the GDPR, we take appropriate measures to protect the rights and freedoms of customers, monitor automated decision-making with the option to review the decision in justified cases, and in the event of complaints resolved on the basis of automated decision-making, the customer always has the option to exercise the rights set out in Article 5.8 of this Privacy Policy.

Categories of personal data

  • First name
  • Surname
  • Customer account number
  • Address
  • Telephone number
  • Email
  • Details of the goods ordered
  • Information regarding the chosen payment method
  • Payment card details
  • Communication with you, including any photos you provide to us (e.g. in the event of a complaint)
  • Additional comments

If you are ordering for business purposes, we also process:

  • Company name
  • Registered office
  • Identification number and tax identification number

Legal basis for processing

This processing is necessary for the performance of a contract with you pursuant to Article 6(1)(b) of the GDPR regarding the use of the Knuspr.de online shop and for compliance with our legal obligations pursuant to Article 6(1)(c) of the GDPR.

Duration of processing

For as long as the customer account remains active, and for a further four years after it has been closed.


1.17 Protection against fraud

Purpose of processing

We process your personal data for the purpose of preventing, detecting and investigating fraudulent activities that could harm our financial interests or undermine the credibility of our services.

To combat fraudulent activities, we use not only information about the goods ordered but also the content of our relevant communications, including any photos you provide to us, as well as your purchase history.

If you are or have been our customer and we repeatedly record unpaid orders or fraudulent behaviour, or if you have caused us significant harm in any way or similar harm is imminent, we are entitled to refuse to provide services to you and to process your personal data for this purpose.

Categories of personal data

  • First name
  • Surname
  • Customer account number
  • Address
  • Telephone number
  • Email
  • Details of the goods ordered
  • Information regarding the chosen payment method
  • Payment card details
  • Communication with you, including any photos you provide to us (e.g. in the event of a complaint)
  • History of problematic behaviour (including all necessary documents, e.g. records, written communication, camera recordings)
  • Device fingerprint
  • Device IP address
  • Additional comments

If you are ordering for business purposes, we also process:

  • Company name
  • Registered office
  • Identification number and tax identification number

Legal basis for processing

This processing is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, which consists of our protection against fraud and the fulfilment of our legal obligations pursuant to Article 6(1)(c) of the GDPR.

Duration of processing

If we are forced to refuse to provide our services to you, we will store the data necessary to protect our rights and legally protected claims for a maximum of 4 years.


1.18 Competitions

Purpose of processing

We endeavour to organise our competitions in such a way that participation is as straightforward as possible for entrants. In most cases, the customer automatically enters the prize draw once the conditions of the relevant competition have been met. The winners drawn are invited to accept the prize, which they may do, but are not obliged to.

In the case of winners who have opted out of receiving commercial communications, the winner will only be sent an operational message containing information about the prize they have won and a request to contact us if they are interested in accepting the prize.

Categories of personal data

The scope of the data processed varies depending on the type of competition; the following data may be processed:

  • First name
  • Surname
  • Customer account number
  • Address
  • Telephone number
  • Email
  • Details of the goods ordered
  • Information regarding the chosen payment method
  • Payment card details

If the winner gives us their consent, we may process their first name and the first letter of their surname, their photograph, their video recording (or other data to the processing of which they consent) for the purpose of providing information about the competition and to support our business activities, but only to the extent and for the specific purposes set out in the relevant consent.

Legal basis for processing

The processing of data relating to customers of the Knuspr.de online shop in connection with their participation in the prize draw and the evaluation of their entry is based on the performance of a contract pursuant to Article 6(1)(b) of the GDPR regarding the use of the Knuspr.de online shop, which was concluded in accordance with the General Terms and Conditions.

All other possible processing of personal data in connection with competitions and the publication of their results is carried out on the basis of consent in accordance with Article 6(1)(a) of the GDPR. The granting of this consent is voluntary and you are not legally obliged to do so. You may withdraw your consent at any time; the withdrawal of consent does not affect the lawfulness of the processing of personal data prior to the withdrawal.

Duration of processing

We process personal data in connection with the organisation of competitions for no longer than 3 years. This period is based on the general limitation period within which the results of the competition may be contested and for which we must demonstrate compliance with legal requirements in the event of an audit by the relevant supervisory authorities.


1.19 Marketing consent

Purpose of processing

If you give us your consent to use your data (see below for the specific scope) to tailor our advertising and that of our partners to your interests, you allow us to show you advertising from us and our partners (as defined below) that we believe may be of interest to you. We refer to such consent as "marketing consent".

If you give us your marketing consent, we will target campaigns and evaluate their success based on an analysis of your behaviour using pseudonymised data. Once you have given your consent, we may also use a unique identifier (user ID) to track your behaviour across different websites, browsers or devices.

Please note that granting marketing consent is entirely voluntary and that failure to grant consent has no impact whatsoever on our business relationship.

The categories of your personal data (within the scope of the advertising targeting method) are used solely to create so-called target group segments for the display of specific advertisements in accordance with the parameters selected by us (in the case of our own advertisements) or the parameters specified by our partner. The process is based on the data available to us and collected by us in connection with your purchases and your activity on the Knuspr.de e-shop. We place you (via your device) into one of the target groups and display the selected advertisement (ours or our partner's) to you. We then use the data regarding your reaction to the advertisement to evaluate the success of a specific advertising campaign and to increase the effectiveness of the targeting/tailoring of advertisements.

Categories of personal data

The specific data used for targeting and personalisation depends on how the advertising is targeted/personalised. In most cases, this involves the following categories of personal data:

  • Data about the location where you shop is primarily used for geographical targeting;
  • Data regarding your previous purchases, your activity within our online shop, your preferred product categories, whether you like special offers, how often you shop, the average value of your order, whether you are a member of one of our clubs (Hörnchen-Club, Fürsorge), whether you shop via the website or the app, etc., is used for interest-based and behavioural targeting.

In addition, data regarding your response to the advertisements displayed (e.g. clicks, conversion to the online shop, etc.) is processed to evaluate the success of campaigns. We use pseudonymised data for the targeting and personalisation of advertising. Pseudonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific individual without the use of additional information, whereby this additional information is stored separately and is subject to technical and organisational measures to ensure that the data cannot be unlawfully attributed to a specific individual.

Legal basis for processing

This processing is based exclusively on your consent in accordance with Article 6(1)(a) of the GDPR. You can manage (grant/withdraw) your marketing consent at any time in the Communication Centre of your profile in the Knuspr.de e-shop. You can find the Communication Centre under your initials (the icon in the top right-hand corner of the Knuspr.de e-shop); then click on 'My Account'. On the page that opens, you will find the 'Communication Settings' tab on the left.

Duration of processing

If you give us your consent to marketing, we will process your personal data for the duration of your consent (i.e. until you withdraw it) or until your customer account is terminated or deleted.

Please note that if you give us your consent, we will include all data (see categories above) that we have stored about you since the start of our business relationship in the processing.

We process personal data for the purpose of sending commercial communications on the basis of your consent, for as long as you give your consent. You may object to the processing of your personal data for the purpose of sending commercial communications at any time, without this affecting our other relationships. You can unsubscribe from receiving further communications by clicking on the link in the commercial communication sent to you or by sending us an email with the relevant request to kunden@knuspr.de. You can also easily specify in your profile under 'Communication settings' how we may contact you and which areas are of interest to you.


1.20 Shopping lists

Purpose of processing

As a user, you can create a shopping list in your customer account on the Knuspr.de e-shop to make future shopping easier, and then share it with a person of your choice via a unique link.

Please note that we have no control over who you share the link with or how it is used. Anyone to whom you provide the link to your shopping list can access this list and view its contents. If you grant them permission, they can also edit the list, i.e. add or remove items, change the quantities of ingredients and, of course, copy the list to their own lists or use it to shop from your account.

By default, your shopping list is shared under your first and last name (this is the first and last name the user provided when registering their account on the Knuspr.de e-shop), which cannot be deleted or changed once the link has been shared. You can edit the name of the shopping list before creating the link to share. You can delete the shopping list at any time; in this case, the shopping list will no longer be available via the link.

Categories of personal data

  • First name
  • Surname

Legal basis for processing

This processing is necessary for the performance of a contract with you in accordance with Article 6(1)(b) of the GDPR regarding the use of the Knuspr.de e-shop.

Duration of processing

For the duration of the customer account's existence and subsequently for a period of 4 years from its deletion or until the relevant list is deleted by the user.


2. WHO HAS ACCESS TO YOUR PERSONAL DATA

We only disclose your personal data to authorised employees and cooperating persons or individual data processors or other controllers, but only to the extent necessary to fulfil the specific purposes and on the basis of the relevant legal grounds for the processing of personal data. These include, for example:

a. external auditing firms,

b. contracted transport companies,

c. law firms,

d. data processors who provide us with server, web, marketing, cloud or IT services,

e. companies within the Rohlik Group.

Please note that we are part of a group of companies managed by Rohlik Group a.s., ID No.: 09960678, with its registered office at Karolinská 654/2, Karlín, 186 00 Prague 8, Czech Republic (the "Rohlik Group"). All companies within the Rohlik Group are based entirely within the EU. The transfer of personal data for internal administrative and operational purposes within the Rohlik Group is based on the legal basis of Article 6(1)(f) of the GDPR, i.e. legitimate interest, in accordance with Recital 48 of the GDPR.


2.1 Payment services

We disclose your personal data to payment service providers to the extent necessary, in accordance with the payment method you have chosen. Please note that the payment service provider may act as an independent data controller and that the processing of your personal data for the purpose of initiating the payment (enabling the transfer from your account to ours) or executing the payment via a payment gateway is then subject to the privacy policy of the respective payment service provider. These policies are available for

a. Apple Pay here,

b. Google Pay here,

c. Everifin payment initiation here,

d. payment gateway provider Adyen here.


2.2 "Pharmacy" section

When you purchase items from the "Pharmacy" section, we will forward the data you have selected to our partner pharmacies at the respective locations. These are:

- Preussen Apotheke Spandau, located at Carl-Schurz-Straße 29, 13597 Berlin

- Apothekerei Dr. Grintz e. K, located at Fürstenrieder Straße 62, 80686 Munich

- Smart Apotheke, located at Alzeyer Straße 11, 65428 Rüsselsheim

This data is transmitted to process your order from the pharmacy. This includes information about the products you purchased in the "Pharmacy" section, as well as your first and last name, phone number, email address, and mailing address.

Our pharmacy partners are independent controllers responsible for processing your personal data within the meaning of the GDPR and, at the same time, joint controllers with us.

We have entered into agreements with our pharmacy partners that govern data exchange and define the obligations of both controllers regarding the protection of personal data.

Knuspr.de, in cooperation with its pharmacy partners, processes data on behalf of both controllers that is necessary for the administration of the Knuspr.de online store and the provision of logistics services (e.g., customer/user account, cookies, shipping, order status, payment methods).

Each controller then processes personal data independently for purposes it determines itself. This primarily involves the processing of personal data for the purpose of concluding and fulfilling a contract, to comply with legal obligations (tax or accounting records), and for the legitimate interests of the controller (e.g., complaints, legal defense) or for marketing purposes.

If you enter any premium customer card numbers from the pharmacy partners' premium programs when placing an order and/or save these in your customer account on the Knuspr.de e-shop, the pharmacy partners and Knuspr.de will also process your premium customer card number and the information that you are a member of the premium program. The purpose of this processing is to enable you to earn points for your purchase, which will be credited to your account as part of the premium program.

Information regarding the processing of personal data by Preussen Apotheke Spandau can be found here, by Apothekerei Dr. Grintz here, and by Smart Apotheke here.


2.3 Integration of an AI assistant

If you choose to connect your own AI assistant via our MCP server to access data sources and tools on the Knuspr.de e-shop, you are exercising your right to data portability (for further information, see Article 5.6 below), and by using this service, your personal data may be made available to you or to the AI assistant provider of your choice. Please note that the further processing of your personal data provided in this way is not carried out by Knuspr.de, but is subject exclusively to the processing conditions of the AI assistant provider you have chosen, and Knuspr.de bears no responsibility for this.


3. RETENTION PERIOD FOR PERSONAL DATA

The specific retention periods are set out in Chapter 1 above for the individual processes of personal data processing. Please note that most personal data is processed for multiple purposes and that the expiry of the retention period for one purpose does not affect the retention period for other purposes. In general, we process your personal data for as long as we provide our services to you or fulfil a mutual contract, or for as long as is necessary to comply with archiving or other obligations under applicable law, such as the Accounting Act, the Archives and Records Act or the Value Added Tax Act.

Once the contract has been fulfilled (payment of the price and delivery of the goods), we will continue to process your personal data in the case of inactive accounts for our legitimate interests, i.e. to protect our claims, for the necessary period, but for no longer than 4 years (this period has been determined taking into account the general limitation period).

We process personal data that we process on the basis of your consent until you withdraw your consent. To withdraw your consent, simply send us an email with the relevant request to kunden@knuspr.de or confirm this choice in your customer account settings.


4. ONLINE SERVICES AND SOCIAL MEDIA

On our website, we use both our own online services and third-party services. Services generally use cookies or similar technologies. Cookies are small text files that contain data and may be stored on the user's device when visiting a website. Further information on cookies can be found in a separate Cookie Policy, which you can find here.


5. YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA

You have the following rights regarding the processing of your personal data by us:

a. the right of access;

b. the right to rectification;

c. the right to erasure ('right to be forgotten');

d. the right to restriction of processing;

e. the right to object;

f. the right to lodge a complaint regarding the processing of personal data; and

g. the right to data portability; and

h. rights relating to automated decision-making.

Your rights are explained below to give you a better understanding of what they entail.

You can exercise all your rights by contacting us at kunden@knuspr.de or privacy@rohlikgroup.com.


5.1 Right of access

You may at any time ask us to confirm whether personal data relating to you is being processed and, if so, for what purposes, to what extent, to whom it is disclosed, for how long we process it, whether you have the right to rectification, erasure, restriction of processing or objection, where we obtained the personal data, and whether automated decision-making, including possible profiling, takes place on the basis of the processing of your personal data. You also have the right to receive a copy of your personal data, whereby the first provision is free of charge and we may charge reasonable administrative costs for further provisions.


5.2 Right to rectification

You may at any time request that we rectify or complete your personal data if it is inaccurate or incomplete.


5.3 Right to erasure ('right to be forgotten')

We must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are legally obliged to do so, or (v) you have withdrawn your consent to the processing of personal data, provided that the data in question requires your consent for processing and we have no other legal basis for processing that would allow us to continue processing this data.

Please note that exercising the right to erasure is an irreversible process and that, following erasure, it is therefore no longer possible to restore the customer account on the Knuspr.de e-shop or its history in any way.


5.4 Right to restriction of processing

Until we have clarified all questions regarding the processing of your personal data, we must restrict the processing of your personal data so that we may only store it and, where necessary, use it to assert, exercise or defend legal claims.


5.5 Right to object

You may object to the processing of your personal data that we process for direct marketing purposes or on the basis of legitimate interests.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

If you object to the processing of your personal data on the basis of our legitimate interest and it is not demonstrated that our legitimate interest in the processing outweighs your interests or rights and freedoms, your personal data will no longer be processed for these purposes.


5.6 Right to lodge a complaint regarding the processing of personal data

You may lodge a complaint with the supervisory authority if you believe that we are not processing your data in accordance with the law. The Bavarian State Office for Data Protection Supervision is the competent authority for us. However, if you are resident in another federal state or outside Germany, you may also contact the data protection authority in that jurisdiction.


5.7 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, as well as the right to transmit this data to another controller, provided that:

a. the processing is based on consent (Article 6(1)(a) of the GDPR) or a contract (Article 6(1)(b) of the GDPR) and

b. the processing is carried out by automated means.

When exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, provided this is technically feasible. The data will be provided free of charge. However, a fee may be charged in the event of repeated, manifestly unfounded and/or excessive requests.

Please note that this right does not apply to the processing of personal data that we carry out to fulfil our legal obligations or on the basis of our legitimate interests.


5.8 Rights relating to automated decision-making

In accordance with Article 22(3) of the GDPR, we take appropriate measures to protect our customers' rights and freedoms, monitor automated decisions with the option to review the decision in justified cases, and in the event of complaints resolved on the basis of automated decisions, the customer always has:

a. the right to request a review by a human being,

b. the right to set out their point of view and provide explanations and supporting evidence,

c. the right to challenge the decision.

A request to exercise these rights may also be made directly when communicating with the virtual assistant.


6. FINAL PROVISIONS

6.1 Contact details of the Data Protection Officer

If you have any questions regarding the processing of your personal data, you may contact our Data Protection Officer at:

legal data Schröder Rechtsanwaltsgesellschaft mbH

Maximilianstraße 27

80539 Munich

Email: datenschutz@legaldata.law

Tel. +49 (0)89 954 597 520.

6.2 Validity, updates

This privacy policy is written in both German and English versions. In the event of any discrepancies or inconsistencies between the German and English versions, the German version shall prevail and be deemed the authoritative text.

This privacy policy comes into effect on 25 May 2018 and is updated on an ongoing basis.

Last updated: March 2026