Privacy Policy

This Privacy Policy applies to data processing by EHT Eternal Horticulture Technologies GmbH STARTPLATZ, Im Mediapark 5, D-50670 Köln, Germany (“ eternal.ag ”, “ we ”, “ us ”) regarding the use of our website available at http://www.eternal.ag (“ Website ”).

The effective management of all personal data, including its security and confidentiality, lies at the heart of our business and underpins our practices and processes. This is not only conditioned by Applicable Data Protection Laws, but is also driven by our commitment to our customers and to meet their expectations of having in place robust compliance and risk management practices and protocols.

With the following Privacy Policy, we inform you about the type, scope and purpose of the collection, use and other processing of Personal Data, as specified hereunder, when using the Website. Insofar as the processing of Personal Data is based on Art. 6 para. 1 lit. f) GDPR, the purposes mentioned also represent our legitimate interests.

When you use the Website, we processes your Personal Data. “ Personal Data ” means any information relating to an identified or identifiable natural person. When Personal Data is processed, this means that we collect, store, transmit, delete or otherwise use this data.

When processing your Personal Data, we comply with the applicable data protection laws, in particular the General Data Protection Regulation (“ GDPR ”), the German Federal Data Protection Act (“ BDSG ”) and the German Telecommunications Digital Services Data Protection Act (“ TDDDG ”).

If the data processing carried out by us changes, we will adapt our Privacy Policy. We therefore ask you to inform yourself regularly about the content of our Privacy Policy. We will inform you if the change requires any action on your part, such as consent or other individual notification.

1. Controller; Contact information

The Controller responsible for processing your Personal Data is:
EHT Eternal Horticulture Technologies GmbH
Im Mediapark 5,
D-50670 Köln, Germany

If you have any questions regarding data protection or to exercise your rights in accordance with section 6 of this Privacy Policy in connection with the use of our Website, you can contact us at: dataprotection@eternal.ag

2. Collection and storage of your Personal Data; type and purpose of processing and relevant legal basis

In the following, we will inform you which Personal Data we process when you use the Website. We also explain the purpose for which we process your data and the legal basis on which we do so.

2.1. Informative use of our Website (Automatically Collected Data)

During the mere informative use of our Website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called server log files), whereby logging only takes place to the technically necessary extent. The following information is collected:

Name of the Website accessed,
File, date and time of retrieval,
Volume of data transferred,
Notification of successful retrieval,
Browser type and version,
Operating system of the user,
Referrer URL (the website from which the access is made),
IP address and the requesting provider,
When the Website is accessed via a mobile device: country code, language, name of device, name of operating system and version.

The legal basis for the collection of this data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in collecting this data results from the following purposes:

ensuring optimal use of our Website,
ensuring smooth connection establishment,
evaluation of system security and stability.

2.2. Contact form and contact via email

When you contact us by contact form or email, the data you provide (first name, last name, business contact information (company name, job title, mobile phone number, email address)) will be processed by us in order to answer your questions. We use your data exclusively for the purpose of answering your inquiry. The legal basis for this is Art. 6 para. 1 lit. f) GDPR (legitimate interest of processing inquiries and other requests). Your data will be deleted after processing your request unless further storage is necessary, e.g. when we have concluded a contract with you. In this case we process your data on the basis of Art. 6 para. 1 lit. b) GDPR.

2.3. Newsletter

If you subscribe to our newsletter, we use Mailchimp, a service provided by The Rocket Science Group LLC d/b/a Mailchimp, 405 North Angier Ave. NE, Atlanta, GA 30308, USA, to send the newsletter and manage subscriptions. We have concluded a data processing agreement in accordance with Art. 28 GDPR with Mailchimp. For the purpose of sending the newsletter, we process the personal data you provide when subscribing, in particular your email address and, if provided by you, your name.

The processing is based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may withdraw your consent at any time with effect for the future, for example by clicking the unsubscribe link included in each newsletter or by contacting us directly. The lawfulness of processing carried out before the withdrawal remains unaffected.

We store your newsletter data until you withdraw your consent or unsubscribe from the newsletter, unless we are legally required to retain the data for a longer period. Further information about the processing of user data by Mailchimp can be found in Intuit’s privacy policy at: https://www.intuit.com/privacy/statement/.

2.4. Website optimization and Website analysis

(a) Functional Cookies

Our Website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer. The cookie contains a string of characters that allows your system to be uniquely identified when you return to the Website.

Most of the cookies we use (“Session Cookies”) and the data stored and transmitted in them are automatically deleted at the end of your visit. Other cookies (“Persistent Cookies”) remain stored on your end device until you delete them. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. You can delete cookies that have already been saved at any time. If you deactivate cookies, the functionality of the Website may be limited.

Some elements of our Website require that the calling browser can be identified even after a page change. Cookies may be stored for this purpose, which enable us to recognize your browser on your next visit. If personal data are processed by the cookies, we process them on the basis of a balancing of interests pursuant to Art. 6 para. 1 lit. f) GDPR, which always also takes your interests into account.

(b) Analysis Cookies

When you visit our Website, cookies are also set that enable an analysis of your use of the Website for reach measurement (“ Analysis Cookies ”). We use Analysis Cookies exclusively on the basis of your consent in accordance with section 25 para. 1 TDDDG and Art. 6 para. 1 lit. a) GDPR via our cookie banner. You can also access further information about the cookies we use via our cookie banner. You can also use the cookie banner to revoke your consent to the processing of your data through Analysis Cookies at any time.

We use the following Analysis Cookies:

PostHog
We use the service PostHog, provided by PostHog, Inc., 965 Mission Street, San Francisco, CA 94103, USA (“ PostHog ”), on our website. PostHog helps us better understand how our website is used and enables us to improve it.

For analytical purposes, the following data may be processed: name and username, email address, IP and MAC address, browser footprint, geographic information (country, region, city), and information about the use of the platform such as page views, clicks, or browsing behavior.

We have entered into a data processing agreement with PostHog in accordance with Art. 28 GDPR and have agreed on the EU Standard Contractual Clauses for the transfer of personal data to processors in third countries. PostHog’s privacy policy can be accessed here: https://posthog.com/privacy. The cookies used by PostHog have a maximum lifespan of two years.

Segment
We use the data analytics tool Segment, provided by Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA (“ Segment ”), to collect and analyze technical usage data generated when using our website. Segment enables us to collect, manage, and analyze data from various sources. It allows us to obtain a centralized view of data and use it to personalize services and improve our business processes.

We have entered into a data processing agreement with Segment.io, Inc. in accordance with Art. 28 GDPR, which can be accessed at: https://www.twilio.com/en-us/legal/data-protection-addendum. The cookies used by Segment have a maximum lifespan of two years.

2.5. Advertising

In addition, we may process your personal data for advertising purposes in order to send you personalized advertising, provided you have given your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

2.6. Careers

If you are interested in a professional career with us, you have the opportunity to apply. If you submit your application documents such as cover letter, CV and certificates/references in digital form for this purpose, we will process the personal data submitted as part of the application process for the purpose of deciding on whether to establish an employment relationship with you, including notification of acceptance or rejection.

The legal basis for processing your data for this purpose is Article 88 GDPR in conjunction with section 26 para. 1 BDSG. If we enter into an employment relationship with you, we will process your personal data that we processed as part of the hiring process also for the purpose of carrying out or terminating the employment relationship. In this case, the legal basis is Article 88 GDPR in conjunction with section 26 para. 1 BDSG.

The related data protection information for our employees will be provided separately and is not the subject of this Privacy Policy. Furthermore, we process your personal data we collected as part of the application process also for the purpose of complying with legal obligations on the basis of Art. 6 para. 1 lit. c) GDPR as well as on the basis of Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests, namely to establish, exercise and/or defend legal claims (e.g. in relation to possible claims that may arise from the General Act on Equal Treatment (Allgemeines Gleichstellungsgesetz – AGG)).

If your application documents contain special categories of personal data within the meaning of Art. 9 para. 1 GDPR, we will assume that you expressly consent to their processing within the meaning Art. 9 para. 2 lit. a) GDPR unless another exception applies in a specific case (e.g. Art. 9 para. 1 lit. b) GDPR in conjunction with section 26 para. 3 BDSG or Art. 9 para. 2 lit. h) GDPR in conjunction with section 22 para 1 lit. b) BDSG).

If we reject your application, your data will be deleted 6 months after this point in time pursuant to section 61b para. 1 German Labour Court Act (Arbeitsgerichtsgesetz – ArbGG) in conjunction with section 15 AGG unless further processing of these data is necessary for the purposes of establishing and/or defending legal claims. The data of applicants we hire are processed for as long as is necessary to establish, perform or terminate the employment relationship.

We use Rippling, operated by People Center Inc. d/b/a Rippling, 2443 Fillmore St #3807361, San Francisco, CA 94115, USA, (“ Rippling ”), as a processor for the administration of our application process. In this context, Rippling processes applicant data, in particular contact and address details. We have concluded a Data Processing Agreement with Rippling pursuant to Article 28 GDPR. Further information is available in Rippling’s Privacy Notice under https://app.rippling.com/legal?section=privacy.

3. Recipients or categories of recipients of your Personal Data

We sometimes use external service providers to process your data (e.g. IT service providers). In part these service providers process your personal data as data processors on our behalf, in accordance with our instructions and under our supervision exclusively for the purposes described in this Privacy Policy according to Art. 28 GDPR, in part they act as independent data controllers. In the last case we only forward your personal data if necessary for the fulfillment of the contract, in which case the legal basis for the transfer is Art. 6 para. 1 lit. b) GDPR.

3.1. Rippling, PostHog, Segment, Mailchimp (see above)

3.2. Stripe

When you order a paid service from us, payment processing is done through the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, (“ Stripe ”). We transfer to Stripe the information you provided during the ordering process, together with information about your order (name, address, credit card information, invoice amount, currency and transaction number).

The transfer of your data takes place exclusively for the purpose of payment processing with Stripe and only insofar as it is necessary for this purpose. The data entered will only be processed by Stripe and stored at Stripe. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment.

The transmission of your data to Stripe is necessary for the processing of the purchase contract with you and is therefore based on Art. 6 para. 1 lit. b) GDPR. You can find more information about Stripe’s data protection at: https://stripe.com/de/privacy.

3.3. Vercel

We use the hosting services of Vercel GmbH, Prielmayerstraße 3, 80335 Munich, Germany (“ Vercel ”) to provide and operate our website and platform. Vercel provides the infrastructure required to host our services and to deliver content to users efficiently and securely.

In this context, Vercel may process technical data that is generated when you access our website or platform. This may include IP address, request data, browser type and version, operating system, access times, referring URLs, and other technical log data required for the secure and reliable operation of the service.

We have entered into a data processing agreement with Vercel in accordance with Art. 28 GDPR. Further information on how Vercel processes personal data can be found in Vercel’s privacy policy: https://vercel.com/legal/privacy-policy. The processing of this data is carried out for the purpose of providing and ensuring the stability and security of our website and platform.

4. Transfer of Personal Data outside the EEA

Your personal data may be transferred or disclosed to third-party companies which can be located outside the European Economic Area (EEA), i.e. in third countries.

In the context of the transfer of Personal Data to a third country, we will regularly ensure by means of suitable guarantees, for example by concluding the standard contractual clauses of the European Commission, that data is only transferred to a third country on the basis of a level of protection corresponding to the GDPR. With respect to personal data transferred to the USA, the data security is ensured by the EU-US Data Privacy Framework which has been approved by the EU Commission via its Adequacy Decision dated 10 July 2023 (C(2023)4745final).

5. When do we delete your Personal Data?

We delete your data when it is no longer required for the purposes for which it was originally collected.

Irrespective of this, we store your Personal Data processed when using the Website until the expiry of the statutory or possible contractual warranty rights. After this period has expired, we will retain the information required under commercial and tax law relating to the contractual relationship for the periods specified by law. For this period, the Personal Data will only be processed again in the event of a review by the tax authorities.

6. Your Rights

With regard to our processing of your Personal Data, you are entitled to the following rights free of charge:

6.1. Right to information pursuant to Art. 15 GDPR

You have the right to obtain information from us as to whether and what Personal Data we process about you. This also includes information on how long and for what purpose we process the Personal Data, from which source it originates and to which recipients or categories of recipients we pass it on. We can also provide you with a copy of this Personal Data.

6.2. Right to rectification pursuant to Art. 16 GDPR

You have the right to demand that we correct any incorrect or no longer correct information about you without delay. You can also request that we complete your incomplete Personal Data. If this is required by law, we will also inform third parties of this correction if we have passed on your Personal Data to them.

6.3. Right to erasure pursuant to Art. 17 GDPR

You have the right to request that we erase your Personal Data without undue delay if one of the following applies:

Your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved;
You withdraw your consent and there is no other legal basis for the processing;
You object to the processing and there are no overriding legitimate grounds for the processing; in the case of the use of Personal Data for direct marketing purposes, a mere objection on your part to the processing is sufficient;
Your Personal Data has been processed unlawfully;
the deletion of your Personal Data is necessary to fulfil a legal obligation under EU law or the law of a member state to which we are subject.

Your right to erasure may be restricted on the basis of statutory provisions. This includes in particular the restrictions listed in Art. 17 GDPR.

6.4. Right to restriction of processing pursuant to Art. 18 GDPR

You have the right to obtain from us restriction of processing of your Personal Data if one of the following grounds applies:

You contest the correctness of your Personal Data for a period of time that enables us to verify the correctness of the Personal Data;
the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
We no longer need your Personal Data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or
You have objected to processing as long as it is not yet clear whether our legitimate grounds override yours.

If you have obtained a restriction of processing in accordance with the above list, we will inform you before the restriction is cancelled.

6.5. Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those Personal Data to a third party. The exercise of this right does not affect your right to erasure.

6.6. Right to object pursuant to Art. 21 GDPR

You have the right to object to the processing of your Personal Data at any time for reasons arising from your particular situation if we base this processing on legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. If you file an objection, we will no longer process your Personal Data, except in two cases:

We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or
The processing serves the assertion, exercise or defence of legal claims.

In particular, if we process your Personal Data for direct marketing purposes, you have the right to object at any time to the processing of your Personal Data for the purpose of such marketing. If you object to the processing of your Personal Data for direct marketing purposes, we will no longer use your Personal Data for this purpose.

6.7. Right to withdrawal of consent pursuant to Art. 7 GDPR

You can withdraw the consent you have given us at any time with effect for the future. This withdrawal can be made in the form of an informal notification to the above-mentioned contact addresses. If you withdraw your consent, this will not affect the legitimacy of the Personal Data processing carried out up to that point.

6.8. Right to file a complaint with the supervisory authority

If you believe that the processing of your Personal Data by us violates applicable data protection law, you have the right to file a complaint with the competent supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2 – 4
40213 Düsseldorf
Telefon: +49 211 38424 - 0
E-Mail: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

In addition, you can file a complaint with the data protection supervisory authority responsible for you at your place of residence.

7. Automated individual decision-making including profiling pursuant to Art. 22 GDPR

We do not process your Personal Data for automated decisions in individual cases, including profiling within the meaning of Art. 22 GDPR.

Status: March 2026