Privacy Policy

HEIDUNDGRIESS is highly committed to the protection of your personal data. With the following privacy policy, we inform you how we collect, process and use your personal data in relation to our websites and social media profiles and what your rights are. The terminology used, e.g. “processing” or “controller”, is in accordance with the definitions in Article 4 of the General Data Protection Regulation (GDPR).

This Privacy Policy was last updated in June 2022.


studio heidundgriess
Süderstrasse 112
20537 Hamburg

Alexandra Griess, Jorel Heid
+49( 0) 176 70621861


The term “personal data” describes all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person becomes identifiable if he or she is identifiable directly or indirectly, especially with the help of the assignment to an identifier such as a name, to an identification number (e.g. customer number), to location data, to an online identifier (e.g. cookie) or to one or more special features. Special features are those that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

“Processing” designates any process or series of operations associated with personal data, with or without the aid of automated procedures. The term includes virtually every handling of data.

“Controller” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.

“Processor” refers to a natural or legal person, public authority, body or other organization who or which processes personal data on behalf of the Controller.


In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to maintain our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.


inventory data (e.g. names),
contact data (e.g. email),
content data (e.g. text input),
usage data (e.g. website visits, access times),
meta/communication data (e.g. device information, IP addresses).


Visitors of our website (subsequently referred to as “users”) and buyers of our goods (subsequently referred to as “customers”).


Providing our online experience, its functionality and content,
Replying to contact requests and communication with users and customers,
Improvement of our online experience,
Measuring reach, marketing.


If we disclose, transmit or grant access to data to other persons and companies (contract processors or third parties), this is done on the basis of a legal permit and in accordance with GDPR. For example, your data may need to be disclosed to payment or shipping service providers to allow us to fulfil your order.

If we commission third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.


If we process data in a country outside the European Union (EU) or the European Economic Area (EEA) or in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is to fulfill our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. This means that the processing e.g. on the basis of specific guarantees, such as the officially acknowledged level of data protection (e.g. for the USA through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contract clauses”).


You have the right to request confirmation as to whether your personal data is being processed, information about this data, as well as further information, and a copy of the data in question, in accordance with Article 15 GDPR.

According to Art. 16 GDPR, you have the right to request the correction of incorrect personal data and the completion of incomplete personal data with immediate effect.

In accordance with Art. 17 GDPR, you have the right to demand personal data to be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.

Under the conditions set out in Article 20 of the GDPR, you have the right to receive any data provided by you, as well as the right to transmit such data to another Controller, without us hindering you to do so.

According to Art. 77 GDPR you have the right to file a complaint with the competent supervisory authority.

If you want to know more about personal data that may be stored or processed by HEIDUNDGRIESS, we are happy to answer your request. Please address you questions to


You have the right to withdraw granted consents in accordance with. Art. 7 (3) GDPR with effect for the future.


You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes


“Cookies” are small files that are stored on Users’ computers containing a variety of information. They are used to establish the identity of the User and his/her device and to secure information provided by the User during the visit. In addition to temporary cookies (“session cookies”, e.g. content of a shopping cart), which are deleted after the User leaves the web pages and closes the browser. Persistent Cookies (e.g. for last login, websites viewed) are not deleted after the User leaves the website. In the case of so-called “third party cookies”, the cookies are not the Controller’s, but a third party’s.

You can prevent cookies from being stored on your computer. In your browser settings, you can select the option that cookies are not allowed in general and/or in relation to specific pages. You can also delete existing cookies here. As a precaution, it is pointed out that our website functions may be limited if cookies are disabled or removed.


The data processed by us are deleted or their processing is restricted in accordance with Articles 17 and 18 GDPR. The data are deleted once they are no longer required for the fulfilment of their defined purpose and if their deletion does not conflict with any legal requirements such as retention obligations according to commercial or tax law.

According to § 147 Abs. 1 AO and § 257 Abs. 1 HGB, there is a retention obligation of up to 10 years for books, financial records, accounting records, trade and business letters, tax documents, etc.


We use the services of a hosting provider to operate and maintain our online experience. Services include the following: infrastructure and platform services, computing capacity, storage and database services, email delivery, security and maintenance services.

We, i.e. our hosting provider, processes inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service according to Art. 6 (1) lit. f GDPR icw Art. 28 GDPR.

The hosting provider for our website is The location of the server is Leipzig, Germany.


We are present in social networks in order to inform customers and interested parties about our brand and products. For details on the processing of personal data within these networks and your rights as data subject, please refer to the privacy policies of the respective social networks.

INSTAGRAM (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy/opt out:


For all privacy-related questions please contact:

studio heidundgriess
Süderstrasse 112
20537 Hamburg

Alexandra Griess, Jorel Heid
+49( 0) 176 70621861