GDPR

The company Grünweg GmbH, located in 63906 Erlenbach am Main (" esnero.com " or "we"), as the data controller, informs our customers who purchase goods or use services offered in our online shop, accessible via the web portal www.esnero.com or the mobile application esnero.com (" esnero online shop "), about the processing of personal data described below and about our privacy policy.

To help you navigate our privacy policy, we have provided an overview of the most important points in each chapter below:


 

CHAPTER: WHAT WILL YOU LEARN THERE?

  1. SCOPE OF PERSONAL DATA PROCESSING, PURPOSE AND LEGAL BASIS OF PROCESSING

Information on the processing of personal data for the purposes of:

  • Answering inquiries, questions, suggestions, and terminating the customer account
  • Invoicing
  • Creating a customer account
  • Sending commercial messages
  • Satisfaction questionnaires
  • Recording telephone conversations
  • Sale of tobacco and alcohol products
  • Conducting marketing analyses and statistics
  • Operation of the Squirrel Club
  • Customization of the content of the e-shop esnero.com
  • Non-conclusion of contracts/termination of customer account

 

2. WHO HAS ACCESS TO YOUR PERSONAL DATA

Information on access to personal data:

  • Generally
  • Regarding payment services
  • Regarding our partner pharmacies

 

3. PERIOD OF PROCESSING PERSONAL DATA

Information on the processing period for personal data:

  • For the purpose of fulfilling the contract and complying with legal obligations
  • Based on a legitimate interest
  • Within the customer account
  • For age verification
  • For sending commercial messages
  • Non-conclusion of contracts/termination of customer account

 

4. INFORMATION ABOUT COOKIES

Information about cookies and links to social media regarding the scope:

  • Third-party tools
  • Set cookies
  • Social Media Buttons
  • A link to a separate document with detailed information.

 

5. CONSENT TO THE PROCESSING OF PERSONAL DATA FOR MARKETING

In this chapter you will find information about:

  • What consent to marketing is
  • Which personal data we use in connection with marketing consent
  • How we obtain approval for marketing
  • Where you can change your marketing settings
  • Who our partners are and what information we give them
  • How long we use personal data based on marketing consent
  • Which tools we use for targeted and personalized advertising

 

6. WHAT RIGHTS YOU HAVE REGARDING YOUR PERSONAL DATA

This chapter contains information about the rights you have regarding your personal data:

  • Right of access: You have the right to obtain information about what personal data we have stored about you.
  • Right to rectification: You can request the correction of inaccurate or incomplete data.
  • Right to erasure: You have the right to request the erasure of your personal data, provided there are no legal retention obligations.
  • Right to restriction of processing: Under certain conditions, you can have the processing of your data restricted.
  • Right to object: You can object to the processing of your personal data, especially when it is processed for direct marketing purposes.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection authority if you believe that your data protection rights have been violated.

 

7. FINAL PROVISIONS

This chapter contains information about the effectiveness and changes to the privacy policy, as well as the contact details of the data protection officer:

  • Effectiveness and changes to the privacy policy: This privacy policy takes effect upon its publication. We reserve the right to amend this policy at any time to comply with legal requirements or to reflect changes to our services. You will be notified of any significant changes.
  • Contacting the Data Protection Officer: If you have any questions about this privacy policy or would like to discuss the further processing of your personal data with us, you can contact us at any time at info@esnero.com .

 

1. SCOPE OF PERSONAL DATA PROCESSING, PURPOSE AND LEGAL BASIS OF PROCESSING

In this section we explain which personal data we process about you, why we process this data and on what legal basis this is done.

1.1 Responding to inquiries, questions, and suggestions

When you send us an inquiry or proposal, we need certain information, such as your first and last name, address, email address, telephone number, and, if applicable, the name of your company and other relevant information. We use this data to process your inquiry and send you a response. The legal basis for this processing is our legitimate interest in handling your inquiry.

1.2 Order processing

When you purchase goods in our online shop, we process your data to conclude and fulfill the contract, such as your first and last name, delivery address, email address, and payment information. Providing this data is necessary to conclude the contract and process the order.

1.3 Create a customer account

When you create a customer account, we process the data you provide during registration to manage your account, facilitate your order, and tailor the shop's content to your needs. If you create an account via social media such as Facebook or Google, we may receive the corresponding data from these platforms. The legal basis for this processing is the performance of our contract with you.

1.4 Sending commercial communications

When you become our customer, we are entitled to send you emails or text messages with information about our products and services, unless you have objected. You can change your preferences for receiving commercial communications at any time via your customer account or by email. If you agree, we can send you personalized offers and communications based on your preferences and purchases. The legal basis for this is your consent or our legitimate interest.

1.5 Satisfaction Questionnaires

When you participate in customer satisfaction surveys, we process the data you provide to improve our services. Your participation is voluntary. The legal basis for this processing is our legitimate interest in improving our services or your consent.

 

1.6 Recording of telephone conversations

When you call us, the conversation is recorded for documentation purposes. These recordings help us fulfill our contractual obligations and take your wishes into account. The legal basis for this is our legitimate interest.

1.7 Sale of tobacco products and alcohol

When you purchase tobacco products or alcohol, we process your data to ensure that you meet the legal minimum age for purchase. The legal basis for this is the fulfillment of legal obligations.

1.8 Conducting marketing analyses and statistics

If you agree, we will use your data and purchase history for marketing analysis and statistics to better tailor our offerings to your needs. You can withdraw your consent at any time. The legal basis for this is your consent.

1.9 Operation of the Squirrel Club

To become a member of the Squirrel Club, you need to provide information about your child, such as name, date of birth, and gender. This data is required for membership and processed for personalized offers. You can withdraw your consent at any time. The legal basis for this processing is your consent.

1.10 Customizing the content of the esnero.com e-shop

We use your data to show you personalized content in the online shop and to highlight your preferred products. The legal basis for this is the performance of our contract with you.

1.11 Non-conclusion of contracts/termination of the customer account

If you repeatedly place unpaid orders or otherwise cause us harm, we reserve the right to refuse to provide services. The legal basis for this is our legitimate interest in preventing damages and losses.


 

5. CONSENT TO THE PROCESSING OF PERSONAL DATA FOR MARKETING

In this chapter you will find information about:

  • How we obtain approval for marketing
  • Where you can change your marketing settings
  • Who our partners are and what information we give them
  • How long we use personal data based on marketing consent
  • Which tools we use for targeted and personalized advertising

 

  1. WHO HAS ACCESS TO YOUR PERSONAL DATA

We only share your personal data with authorized employees and cooperating persons or individual data processors or other controllers, but only to the extent necessary to fulfill the individual purposes and on the basis of the appropriate legal basis for the processing of personal data.

These include, for example:

  • a. External auditing firms;
  • b. Commissioned transport companies;
  • c. External law firms;
  • d. Processors who provide us with server, web, cloud marketing or IT services.

Please note that we are part of a group of companies managed by Rohlik Group as, located at Sokolovská 100/94, Karlín, 186 00 Prague 8, Czech Republic (the "Group"). All companies within the Group are wholly based in the EU. The transfer of personal data for internal administrative and operational purposes within the Group is based on the legal basis of Article 6(1)(f) GDPR, i.e., legitimate interest in accordance with Recital 48 of the GDPR.

2.1. Payment services

We share your personal data with payment service providers to a reasonable extent, depending on your chosen payment method. Please note that the payment service provider may act as an independent data controller, and the processing of your personal data for payment initiation (enabling payment from your account to our account) or payment via a payment gateway is then governed by the respective payment service provider's privacy policy. These policies are available here for the payment initiation service provider Everifin and here for the payment gateway provider Adyen.

Section 2.2 "Pharmacy"

When you purchase goods from our partner pharmacy's online shop, we transmit your selected data to the respective partner pharmacy to process your order. This includes information about the products you purchased in the pharmacy section, as well as your first and last name, telephone number, email address, and delivery address.

 

  1. PERIOD OF PROCESSING PERSONAL DATA

We process your personal data for as long as we provide you with our services or fulfill a mutual contract, or for as long as is necessary to comply with archiving or other obligations under applicable law, such as the Accounting Act, retention laws or the Value Added Tax Act.

After the contract has been fulfilled (payment of the price and delivery of the goods), we will continue to process your personal data for our legitimate interests, i.e., the protection of our claims, for the necessary period, but no longer than 4 years. We will process personal data that we process based on your consent until you withdraw your consent. To withdraw your consent, simply send an email with the corresponding request to info@esnero.com .

3.1. Customer account

We process the personal data associated with your customer account, including the data contained therein, for the purpose of managing the customer account as long as the account is active. We process this personal data to send you offers for our goods until you delete your account or opt out of receiving our offers. If you create a customer account (or log in via Facebook) and do not make any purchases from us, we process the data for 5 months after its creation. We retain the data about your purchases in your customer account for 4 years and then delete it, unless:

  • a. You have made a purchase from us in the last 6 months; or
  • b. You have logged into your customer account within the last 12 months; or
  • c. If you have given us your consent to process your personal data.

3.2. Commercial Communication

We process personal data for the purpose of sending commercial communications based on a legitimate interest (direct marketing) for the duration of our contractual relationship and for a maximum of 12 months after its termination or until you object to this processing.

We process personal data for the purpose of sending you commercial communications based on your consent, for as long as you have given your consent. You can object to the processing of your personal data for the purpose of sending you commercial communications at any time, without this affecting our other relationship. You can opt out of receiving further communications by clicking on the link included in the commercial communication sent to you, or by sending us an email with the corresponding request to info@esnero.com . You can also easily specify how we may contact you and which topics are of interest to you via your profile in the "Communication Preferences" section.

3.3. Failure to conclude contracts, termination of customer account

In the event that we are forced to refuse our services to you for the reasons described in section 1.14, we will retain the data necessary to protect our rights and legally protected claims for a maximum of 3 years.

 


 

  1. ONLINE SERVICES AND SOCIAL MEDIA

We use both our own online services and third-party services on our website. These services typically use cookies or similar technologies. Cookies are small text files containing brief data that can be stored on a user's device when visiting a website. In the Esnero e-shop, we use cookies for the following purposes:

  • a. the memory of the logged-in user;
  • b. add to shopping cart and order;
  • c. practical web functions;
  • d. Anonymized analysis of user movements on the web;
  • e. Customer chat;
  • f. obtain voluntary feedback from users and
  • g. Personalization of advertisements.

All personal data is processed lawfully and transparently; only adequate, relevant, and necessary data is required for the purpose of processing. Further information can be found in the current version here.

4.2. Online service settings

In our consent management banner, you can specify which online services you allow us to use. You can change your online service settings at any time by reopening the consent management banner. You can also manage cookies in your browser settings. Instructions on how to configure cookies in the most common browsers can be found at the following links:

  • a. Chrome
  • b. Firefox
  • c. Opera
  • d. Microsoft Edge

4.3. Social Media Buttons

The social media buttons in the Esnero e-shop are primarily placed to facilitate interaction with social media and make the Esnero e-shop more engaging for you as a user. A connection to the respective social media platform is only established when you actively click on the button. In this case, your web browser initiates a connection to the servers of the respective social media platform.

5. Marketing Consent

5.1. Processing of personal data for the purpose of tailoring our advertising and the advertising of our partners to your preferences
If you give us your consent to use your data (see below for the exact scope) to tailor our advertising and that of our partners to your interests, you allow us to show you advertising from us and our partners that we believe may be of interest to you. We call this consent "marketing consent".
If you grant us marketing consent, we can specifically evaluate the success of campaigns based on an analysis of your behavior using pseudonymized data. If you have given your consent, we can also use a unique identifier (user ID) to track your behavior across different websites, browsers, or devices.
Please note that granting marketing consent is entirely voluntary and that not granting consent will not affect our business relationship in any way.

5.2. What personal data do we use in connection with marketing consent?
The specific data used for targeting and personalization depends on how the ad is targeted/adapted. In most cases, this involves the following categories of personal data:

  • Data about the location where you shop is primarily used for geographic targeting;
  • Data about your previous purchases, your movements in our e-shop, your preferred product categories, whether you like special offers, how often you shop, the average value of your order, whether you are a member of one of our clubs (Premium, Esnero), whether you shop via the website or the app, etc., are used for interest and behavior targeting.
    In addition, data about your reaction to the displayed advertisement (e.g. clicks, switching to the e-shop, etc.) is processed to evaluate the success of the campaigns.
    We use pseudonymized data for advertising targeting and personalization. Pseudonymization is the processing of personal data in such a way that the data can no longer be associated with a specific person without the use of additional information. This additional information is stored separately and is subject to technical and organizational measures that ensure the data cannot be unlawfully linked to a specific person.

5.3. How do we obtain approval for marketing?
On the banner or our online shop pages, you can decide whether to grant us your consent by checking the "Yes" box or decline it by checking the "No" box. Once you've made your choice, the banner will disappear. If you decline, we'll give you the opportunity to grant your marketing consent again 30 days after your initial refusal. From then on, the decision is entirely up to you. If you change your mind at any time, you can adjust your settings as described below.

5.4. Where can you change your marketing settings?
You can manage (grant/revoke) your marketing consent at any time in the communication center of your profile on Esnero.de. You'll find the communication center under your initials (the icon in the top right corner of esnero.de) and then click on "My Account". On the page that opens, you'll find the "Communication Settings" tab on the left.

5.5. Who are our partners and what data do we pass on to them?
Our partners are: Endemic advertisers (providers), such as FMCG, and non-endemic advertisers (non-providers), such as automotive, telecommunications, travel & hospitality, media & entertainment, consumer electronics & technology, financial services (banks, payments, insurance) and retail.
We do not share any of your specific data with our partners. The aforementioned categories of personal data (within the context of advertising targeting) are used solely to create so-called audience segments for displaying a specific advertisement, based on parameters we select (if it is our advertisement) or those provided by our partner. This process relies on the data available to us, collected during your purchases and activity in the Esnero online shop. We include you (via your device) in one of the target groups and display the selected advertisement (ours or our partner's). We then use the data about your response to the advertisement to evaluate the success of a particular advertising campaign and to improve the effectiveness of audience targeting and ad customization.

5.6. How long do we use personal data with marketing consent?
If you give us consent for marketing purposes, we will process your personal data for the duration of the consent (i.e., until it is withdrawn).
Please note that if you give us your consent, we will include in the processing all data (see categories above) that we have stored about you since the beginning of our business relationship.

 

5.7. Which instruments are used for targeted and personalized advertising?
We use Criteo's tools to target and personalize advertising outside the Esnero online shop. However, Criteo's tools only process pseudonymized data. Criteo is our data processor.

 


 

6. YOUR RIGHTS ARISING FROM THE PROCESSING OF PERSONAL DATA

You have the following rights regarding the processing of your personal data by us:
a. the right to access personal data;
b. the right to rectification;
c. the right to erasure (“right to be forgotten”);
d. the right to restriction of data processing;
e. the right to object to processing; and
f. the right to lodge a complaint regarding the processing of personal data.

Your rights are explained below so that you can get a better idea of their content.
You can exercise all your rights by contacting us at info@esnero.com .
You can lodge a complaint with the supervisory authority if you believe we are not processing your data correctly. The Bavarian State Office for Data Protection Supervision is responsible for us. However, if you are located in another German state or outside of Germany, you can also contact the data protection authority in that state.

6.1 Right to information
You can request confirmation from us at any time as to whether your personal data is being processed, and if so, for what purposes, to what extent, to whom it is disclosed, how long we process it, whether you have the right to rectification, erasure, restriction of processing or objection, where we obtained the personal data from, and whether automated decision-making, including possible profiling, takes place based on the processing of your personal data. You also have the right to receive a copy of your personal data, the first of which is free of charge, and we may charge reasonable administrative costs for subsequent copies.

6.2 Right to rectification
You can ask us at any time to correct or complete your personal data if it is inaccurate or incomplete.

6.3 Right to erasure
We must delete your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, or (iv) we are legally obliged to do so.

6.4 Right to restriction of processing
Until we have resolved the issues with the processing of your personal data, we must restrict the processing of your personal data so that we can only store it and, if necessary, use it for the establishment, exercise or defense of legal claims.

6.5 Right to object
You can object to the processing of your personal data that we process for direct marketing purposes or on the basis of a legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

 

7. FINAL PROVISIONS

7.1 Contact information of the data protection officer
If you have any questions about the processing of your personal data, you can contact our data protection officer at:
Email: info@esnero.com

7.2 Effectiveness, Updates
This privacy policy has been in effect since November 25, 2025, and is constantly being updated.
Last updated: March 2025

My Wishlist

View wishlist

Wishlist is empty.

Compare

Shopping cart

Your cart is empty.

Return to shop
close