Grape Guru

Privacy Policy

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication and procedural data

Categories of Data Subjects

  • Prospective customers
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Contact inquiries and communication
  • Security measures
  • Office and organizational procedures
  • Management and response to inquiries
  • Feedback
  • Marketing
  • Provision of our online services and user-friendliness
  • Information technology infrastructure

Applicable Legal Bases

Applicable legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.

Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that data is transferred to or disclosed to other entities, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this is only done in accordance with legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether personal data is being processed and to access such data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be erased without undue delay, or alternatively to request restriction of the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Provision of Online Services and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

Data types processed: Usage data (e.g., page views and session duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Web Analytics, Monitoring and Optimization

We improve our products and advertising by using various analytics tools to understand how users use our website. By using our website, you agree that we and our partners may collect and use this data.

PostHog Analytics

We use PostHog, a product analytics platform, to understand how you use and interact with our website. PostHog enables us to use session replays, heatmaps and behavioral analytics to continuously improve our products and services.

PostHog is a European company and stores data on EU servers (eu.posthog.com), ensuring GDPR-compliant data processing. The data is collected anonymously and is used exclusively to improve the user experience.

Data collected: Session replays, heatmaps, scroll depth, click behavior, usage metrics, device types, browser information, page views.

Purpose: Analysis of user behavior, improvement of user experience, identification of problems, product optimization.

Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR).

For more information, please see the PostHog Privacy Policy.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies and similar technologies to analyze the use of our website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser software settings accordingly.

Data collected: Page views, session duration, click paths, geographic origin, devices and browsers used, conversion events.

Purpose: Analysis of user behavior, optimization of website performance, improvement of user experience, marketing analytics.

Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR).

For more information, please see the Google Privacy Policy.

AppsFlyer Attribution

We use AppsFlyer for the attribution of app downloads and to measure the effectiveness of our marketing campaigns. AppsFlyer helps us understand which website visits lead to actual app installations.

Data collected: Click IDs, device information, app install events, conversion data.

Purpose: Marketing attribution, campaign optimization, ROI measurement.

Your choices: You can object to the use of analytics tools by disabling cookies in your browser settings. Please note that this may prevent you from being able to use all features of this website to their full extent.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication. Readers' data is only processed for the purposes of the blog to the extent necessary for its presentation and communication between authors and readers or for security reasons.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

Data types processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and posts as well as the information relating to them, such as information about authorship or time of creation).

Data subjects: Communication partners.

Purposes of processing: Contact inquiries and communication; Management and response to inquiries; Feedback; Provision of our online services and user-friendliness.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "Newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described during registration, they are decisive for the consent of the users.

Data types processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Communication partners.

Purposes of processing: Direct marketing (e.g., by email or mail).

Legal bases: Consent (Art. 6(1)(a) GDPR).

Business Services

We process data of our contractual and business partners, e.g., customers and prospective customers (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and related measures, and within the framework of communication with contractual partners (or pre-contractually), for example to respond to inquiries.

Data types processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of contract, term, customer category).

Data subjects: Prospective customers; Business and contractual partners.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact inquiries and communication.

Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Last updated: March 9, 2026