0
1

Shopping cart (1)

Remove
Subtotal: 161,00 
View cash register
Home Privacy Policy

Privacy Policy

Privacy Policy

As of: September 18, 2025

Introduction

This website is operated by RumInvestor. It is important to us to handle your data responsibly and protect it as best we can. Below, we explain in clear terms what data we process, why we process it, and what rights you have.

  1. General information

2.1 What is personal data?

Personal data is information that can be used to identify you (e.g., name, address, email, IP address). "Processing" means any "action" involving data, e.g., collection, storage, transmission, or deletion (Art. 4 GDPR).

2.2 Legal basis

We process data on the basis of the GDPR, the BDSG (Federal Data Protection Act) and – in the case of cookies/end device access – the TDDDG (Telecommunications Data Protection Act). Depending on the purpose, we rely in particular on:

  • Art. 6 para. 1 lit. b GDPR (contract/preliminary contract),
  • Art. 6 para. 1 lit. c GDPR (legal obligation),
  • Art. 6 para. 1 lit. f GDPR (legitimate interest),
  • Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG (consent for non-essential cookies/technologies).

2.3 Responsible party

RumInvestor
Grabenstr. 4, 65606 Villmar, Germany
Phone: +49 (0)6482 – 8849914
Email: sh@ruminvestor.de

2.4 Principles: Disclosure & Deletion

We only pass on data if there is a legal basis for doing so (e.g., to processors with a contract in accordance with Art. 28 GDPR or to payment/shipping/identity service providers for the purpose of fulfilling a contract).
We delete data as soon as the purpose or legal basis no longer applies and there are no retention obligations.

  1. Hosting, security, and server logs

3.1 Hosting (IONOS)

Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. IONOS processes technical data for the provision and security of the site.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure/stable provision).
A data processing agreement (Art. 28 GDPR) is in place with IONOS.

3.2 SSL/TLS encryption

Your connection is encrypted (indicated by "https://" or a padlock symbol).

3.3 Server log files

When the page is accessed, the browser type/version, operating system, referrer URL, host name, time of the server request, and IP address, among other things, are automatically processed.
Purposes: System security, stability, error analysis, display.
Legal basis: Art. 6 (1) (f) GDPR.
Storage period: generally up to 14 days (longer only for the investigation of security incidents). No merging with other data takes place; where possible, we store data in pseudonymized form.

  1. Cookies & Consent

4.1 Technically necessary cookies

These are necessary for the functioning and operation of the website (e.g., shopping cart, language).
Legal basis: depending on the case, Art. 6 para. 1 lit. b, lit. c, or lit. f GDPR.

4.2 Non-essential cookies / Device access

We only use analysis/convenience functions with your consent.
Legal basis: Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. You can revoke your consent at any time with future effect.

4.3 Consent tool ("Cookie Notice Lite")

We use "Cookie Notice Lite" (WP Speed Matters, India) to obtain and document consent. Among other things, the time/type of consent and browser/device information are processed; a technically necessary cookie stores your selection.
Legal basis: Art. 6 (1) (c) GDPR in conjunction with Art. 7 GDPR and § 25 (2) No. 2 TDDDG (duty to provide evidence).
Storage period: until revoked or until the requirement to provide evidence no longer applies.

  1. Analysis and third-party tools (only if activated)

5.1 Google Search Console

Provider: Google Ireland Ltd., Dublin. Used for technical monitoring/SEO. No cookies are set on our website for this purpose.
Data may be transferred to the USA; protection via EU standard contractual clauses (SCC).
Legal basis: Art. 6 (1) (f) GDPR (SEO/error analysis).

5.2 Jetpack (security/statistics)

Provider: Automattic Inc., USA. Cookies/device access may be used for statistical/convenience purposes; third-country transfers are secured via SCC.
Legal basis: Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG (after consent); for pure security functions, Art. 6 (1) (f) GDPR (legitimate interest) may apply.

  1. Contact (email, telephone, contact form)

When you contact us, we process your details (name, email, message, telephone number, address if applicable) in order to process your enquiry.
Legal basis: Art. 6 (1) (b) GDPR (pre-contractual/contractual) or (f) GDPR (enquiry processing).
Storage period: Deletion after completion, provided there are no obligations to the contrary.

Contact form (WPForms) – Provider: WPForms LLC, USA. Where applicable, protection via SCC/AVV.
Legal basis: Art. 6 (1) (b) or (f) GDPR.

  1. Shop & plugins used

7.1 WooCommerce (shop system)

Provider: Automattic Inc., USA. Processing of order, delivery, and billing data for contract fulfillment; third-country transfer (USA) via SCC, if applicable.
Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligations).

7.2 Germanized for WooCommerce

Provider: vendidero GmbH, Germany. Supplements legally required shop functions.
Legal basis: Art. 6 para. 1 lit. b and lit. c GDPR.

7.3 Elementor / Elementor Pro

Provider: Elementor Ltd., Israel (adequacy decision pursuant to Art. 45 GDPR). Elementor uses SCC for US transfers.
Legal basis: Art. 6 (1) (f) GDPR (operation/usability); for non-essential functions, Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG.

7.4 TranslatePress

Provider: SC Reflection Media SRL, Romania. Recognizes/remembers language settings (cookie) if applicable.
Legal basis: Art. 6 (1) (f) GDPR (multilingualism); non-essential cookies only with consent (Art. 6 (1) (a) GDPR, § 25 (1) TDDDG).

7.5 UpdraftPlus (backups)

Provider: Updraft WP Software Ltd., UK. Regular, encrypted backups for fail-safety; UK adequacy decision.
Legal basis: Art. 6(1)(f) GDPR (security/availability).

  1. Social media (Facebook page)

We may operate a Facebook fan page (Meta Platforms Ireland Ltd.). When you visit/interact with it, we process publicly visible profile data and communication content; Meta provides us with page insights (aggregated statistics).
Legal basis: Art. 6(1)(f) GDPR (presence/interaction/analysis).
Joint responsibility: Art. 26 GDPR (Page Controller Addendum from Meta).

Note: If you are logged in to Facebook, Facebook can technically assign your usage behavior. For more information, please refer to Meta's privacy policy.

  1. Protection of minors / Age verification

We only sell alcoholic beverages to persons aged 18 and over. To comply with youth protection laws, we carry out age verification (e.g., DHL ID check or equivalent procedure).
Legal basis: Art. 6 (1) (c) GDPR in conjunction with JuSchG (legal obligation).
Recipient: designated identity verification service provider.
Storage period: only as long as necessary to document lawful delivery or fulfill legal obligations.

  1. payment services 

We offer the following payment methods: prepayment (bank transfer), credit card (e.g., Visa/Mastercard), Klarna (invoice/installment purchase), Klarna instant transfer, Apple Pay, Google Pay, and PayPal.
For payment processing, we transmit the necessary data (e. g., name, address, email, payment information, transaction data) to the respective payment service.

Legal basis:

  • Art. 6 para. 1 lit. b GDPR (contract/processing),
  • Art. 6 para. 1 lit. f GDPR (prevention of fraud/abuse),
  • Where applicable, Art. 6(1)(c) GDPR (legal obligations).

Secure transmission: Payment data is transmitted exclusively via SSL/TLS.

Information about individual services:

  • Credit card: Processing via the payment service provider specified at checkout; depending on the provider, third-country transfer may be required (secured via SCC).
  • Klarna (invoice/installment purchase/instant transfer): Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. With "instant transfer," authorization is carried out via a secure connection; we do not receive any online banking access data.
  • Apple Pay / Google Pay: Processing in accordance with Apple's or Google's privacy policies.
  • PayPal: Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
    If you choose PayPal as your payment method, the payment details you enter will be transmitted to PayPal as part of the transaction.
    PayPal reserves the right to carry out a credit check for certain payment methods (e.g., credit card via PayPal, direct debit via PayPal, "purchase on account"). For this purpose, PayPal may obtain credit information from credit agencies (for details, see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full).
    The transfer is carried out for payment processing and fraud and risk prevention.
    Legal basis: Art. 6 (1) (b) GDPR (contract processing), Art. 6 (1) (f) GDPR (security interest).
    Recipient: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
    Third country transfer: none; PayPal processes data within the EU or on the basis of appropriate safeguards (Art. 46 GDPR, standard contractual clauses).
  1. shipping service provider

For delivery purposes, we pass on the necessary data (name, delivery address, email/telephone number for delivery information, if applicable) to the respective shipping service provider (e.g. DHL, DPD, UPS, Hermes).
Legal basis: Art. 6 (1) (b) GDPR (contract).
We will only use your email address/telephone number to send you shipment notifications with your consent (Art. 6 (1) (a) GDPR) – this consent can be revoked at any time.

  1. Contract, order, and invoice data / Storage

We process and store order, contract, and billing data for the purpose of contract execution and to fulfill legal obligations.
Legal basis: Art. 6 (1) (b) GDPR (contract), Art. 6 (1) (c) GDPR (tax/commercial law obligations), Art. 6 (1) (f) GDPR (fraud prevention/legal defense).

Typical retention periods:

  • Tax/commercial law documents: 10 years (Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB))
  • Commercial correspondence: 6 years (Section 257 of the German Commercial Code)
  • Other data: until the purpose ceases to apply or the limitation period expires.
  1. Recipient categories & third country transfers
  • Processors: Hosting, support, tools/plugins, backups, consent management
  • Payment services (processing, fraud prevention)
  • Shipping service providers (delivery/shipment information)
  • Identity verification service provider (age verification)

If data is transferred to third countries (e.g., to providers based in the US), this is done on the basis of appropriate safeguards, in particular EU Standard Contractual Clauses (SCC). An adequacy decision has been issued by the EU Commission for Israel.

  1. Your rights

You have the following rights at any time:

  • Information about processed personal data (Art. 15 GDPR)
  • Correction of inaccurate data (Art. 16 GDPR)
  • Deletion ("right to be forgotten," Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests or for direct marketing purposes (Art. 21 GDPR)
  • Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g. with the Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

  1. Changes to this privacy policy

Legal, technical, or operational changes may necessitate adjustments to this statement. We will publish the current version here.

Contact for data protection inquiries:
RumInvestor · Grabenstr. 4, 65606 Villmar, Germany · Phone: +49 (0)6482-8849914 · Email: sh@ruminvestor.de

Back to Top

Search the entire page

Product has been added to your cart