PRIVACY
1. Privacy Overview
General Information
The following information provides a clear and comprehensive overview of what happens to your personal data when you visit this website.
Personal data includes all information that can identify you personally.
Detailed information on data protection can be found in the complete Privacy Policy listed below.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator:
Fjuled Nutrition GmbH
Großer Kuhlenweg 25
26125 Oldenburg
Germany
Email: hello@fjuled.com
You can find full details in the section “Information About the Data Controller” in this Privacy Policy.
How Do We Collect Your Data?
Your data is collected in two ways:
Data you provide to us directly, eg:
– Through contact forms
– When creating an account
– When placing an order
– When communicating with us
Data collected automatically through our IT systems when visiting the website:
– Browser type
– Operating system
– Time of page access
– IP address
– Device identifiers
– Cookies (if consented)
– Technical diagnostic information
Automatic data collection begins as soon as you access the website.
What Do We Use Your Data For?
We use your data for the following purposes:
To provide a functional, secure website
For contract initiation and fulfillment
For processing orders
Customer communication
Troubleshooting and security
Usage analytics and marketing optimization
Managing consents and cookie preferences
Fraud prevention
Hosting and technical services
What Rights Do You Have Regarding Your Data?
You have the following rights:
Right of access to your stored personal data
Right to rectification
Right to delete
Right to restrict processing
Right to object to processing
Right to withdraw consent at any time
Right to data portability
Right to lodge a complaint with a supervisory authority
At any time, you can contact us regarding these rights at hello@fjuled.com
.
Analytics and third-party tools
When visiting this website, your browsing behavior may be statistically evaluated using analytics tools.
More detailed information about these tools can be found further down in this Privacy Policy.
2. Hosting
We host our website content with the following providers:
Shopify
Shopify International Ltd.
Victoria Buildings
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland
Shopify provides the website creation and hosting platform. When you visit our website, Shopify collects the following:
IP address
Device information
Browser information
Visitor statistics
Traffic sources
Customer behavior analytics
Performance data
If you make a purchase, Shopify additional processes:
name
Email address
Billing and shipping address
Payment information
Phone number (if provided)
Transaction data
Device identifiers
Cookies
Shopify stores cookies on your device for analytics and system functionality.
Further details: https://www.shopify.com/legal/privacy
Legal Basis
Art. 6(1)(f) GDPR – legitimate interest in reliable website presentation
Art. 6(1)(a) GDPR and §25 TDDDG – if cookie consent is required
Consent can be withdrawn at any time
Data Processing Agreement
We have concluded a legally required Data Processing Agreement (DPA) with Shopify to ensure GDPR-compliant processing.
3. General Information and Mandatory Disclosures
Data Protection
We treat your personal data confidentially and in accordance with GDPR and this Privacy Policy.
Data transmission on the internet (eg, email communication) can have security gaps. Complete protection is not possible.
Information About the Data Controller
Fjuled Nutrition GmbH
Großer Kuhlenweg 25
26125 Oldenburg
Germany
Email: hello@fjuled.com
The controller is the natural or legal person determining the purposes and means of personal data processing.
Storage Duration
Unless a specific storage period is defined, we store personal data until the purpose no longer applies.
Data is deleted if:
You requested deletion
You withdraw your consent
Retention periods expire
The purpose of processing ceases
Legal Bases for Data Processing
We process data under:
Article 6(1)(a) GDPR – consent
Art. 6(1)(b) GDPR – contract performance
Art. 6(1)(c) GDPR – legal obligation
Art. 6(1)(f) GDPR – legitimate interest
Art. 9 GDPR – special category data (only with explicit consent)
Transfers to Non-Secure Third Countries (including USA)
We use services based in non-EU countries.
Data transfers are based on:
Standard Contractual Clauses (SCCs)
EU–US Data Privacy Framework (DPF)
Explicit consent
When providers are not DPF-certified, equivalent safeguards are implemented.
Recipients of Personal Data
We share personal data only with:
Service providers needed for contract fulfillment
Shipping providers
Payment processors
Analytics providers
IT and hosting partners
Authorities (if required by law)
Transfers only occur under GDPR-compliant contracts.
Withdrawal of Consent
You may withdraw consent at any time with effect for the future.
Right to Object (Article 21 GDPR)
1. Objection to Processing Based on Legitimate Interest
You may object at any time for reasons relating to your particular situation.
2. Objection to direct marketing
If your data is used for direct marketing, you can object at any time.
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority.
Right to Data Portability
You may request that we provide your data in machine-readable format.
Right of Access, Rectification, Deletion
You may request:
Access
Rectification
Deletion
Right to Restrict Processing
You may request restriction under the following conditions:
Data accuracy is disputed
The processing is unlawful
Data is no longer needed
Objection is pending
SSL/TLS Encryption
We use SSL/TLS encryption to protect transmitted data.
Objection to Advertising Emails
We prohibit the use of our contact details for unsolicited advertising.
4. Data Collection on This Website
Cookies
We use:
Session cookies
Persistent cookies
First-party cookies
Third-party cookies
Marketing cookies
Essential cookies
Legal bases:
Art. 6(1)(f) GDPR – for essential cookies
Art. 6(1)(a) GDPR + §25 TDDDG – for consent-based cookies
Disabling cookies may affect functionality.
Cookiebot Consent Management
Provider:
Usercentrics A/S
Havnegade 39
1058 Copenhagen
Denmark
Cookiebot manages cookie consents and stores:
Consent logs
Cookie settings
IP address (shortened)
Legal basis: Art. 6(1)(c) GDPR (legal obligation)
A DPA is in place.
Contact Forms
Data processed:
name
Message content
Attached files (optional)
Legal bases:
Art. 6(1)(b) GDPR – contractual inquiries
Art. 6(1)(f) GDPR – legitimate interest
Art. 6(1)(a) GDPR – if consented
Communication by Email, Phone or WhatsApp
WhatsApp Business is used for support communication.
Provider:
WhatsApp Ireland Limited
4 Grand Canal Square
Dublin 2, Ireland
Details:
End-to-end encryption
Metadata processed by WhatsApp
Potential US transfer (via Meta)
DPF-certified
SCCs applied
Legal bases:
Art. 6(1)(f) GDPR – legitimate interest
Art. 6(1)(a) GDPR – with consent
Messages are stored until deleted.
User Registration
If you register an account, data processed includes:
name
Email address
Login credentials
Order history
Legal basis: Art. 6(1)(b) GDPR
Data is stored until account deletion.
5. Analytics and Advertising Tools
I will now continue with:
Google Tag Manager
GA4
Microsoft Advertising (UET)
Hotjar
Google Ads + Remarketing
Meta Pixel + Conversion API
Meta Custom Audiences
TikTok Pixel
Pinterest Tag
Klaviyo
Affiliate marketing
eCommerce & Payments (PayPal, Apple Pay, Google Pay, Klarna, Sofort, Visa, Mastercard, Amex, Shopify Payments etc.)
5.1 Google Tag Manager
We use Google Tag Manager, a tag management system provided by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Google Tag Manager allows us to manage and deploy analytics and marketing tags (such as Google Analytics, pixels etc.) on our website. The Tag Manager itself does not create user profiles, store cookies or perform its own analyses. It only triggers other tags that may collect data.
However, Google Tag Manager processes your IP address, which may be transferred to Google servers in the United States.
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in efficient integration and management of tools)
Art. 6(1)(a) GDPR + §25(1) TDDDG (if consent is given for cookies / tracking)
If consent is required, processing takes place solely on that basis. Consent can be withdrawn at any time.
Google is certified under the EU–US Data Privacy Framework (DPF).
5.2 Google Analytics
We use Google Analytics (GA4), a web analytics service provided by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Google Analytics enables us to analyze how visitors use our website. It collects, for example:
Pages viewed
Time spent on pages
Clicks and scroll behavior
browser and operating system
Referrer URL
Approximate location (region)
Device information
Google Analytics uses technologies such as cookies and device fingerprinting to recognize users and link interactions across sessions.
Data is usually transferred to servers of Google LLC in the USA. IP anonymization is activated: your IP address is shortened within the EU/EEA before transmission.
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (consent via cookie banner)
Consent can be withdrawn at any time.
You can also prevent data collection by installing the browser plugin available at:
https://tools.google.com/dlpage/gaoptout
A Data Processing Agreement with Google is in place, and Google relies on Standard Contractual Clauses and the DPF for transfers to the USA.
5.3 Microsoft Advertising (including UET)
We use Microsoft Advertising (including Universal Event Tracking – UET), provided by:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
Microsoft Advertising allows us to display ads in the Bing search engine and on partner sites and to measure the effectiveness of these ads.
Using UET, Microsoft records:
IP address (anonymized)
Devices and browser settings
Microsoft Click ID (stored in a cookie)
Time spent on the website
Pages visited and actions taken
Which ad or keyword led to the visit
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (consent for marketing cookies and tracking)
Microsoft uses Standard Contractual Clauses for EU–US data transfers and is DPF-certified.
A data processing agreement is in place.
5.4 Hotjar
We use Hotjar to better understand user behavior:
Hotjar Ltd
Level 2, St Julian's Business Centre
3, Elia Zammit Street
St Julian's STJ 1000
Malta
Hotjar helps us analyze:
Mouse movements and clicks
Scroll behavior
Heatmaps (which parts of the site are viewed most)
Time spent on pages
Where users abandon forms (conversion funnels)
Direct on-page feedback (surveys or feedback tools)
Hotjar uses cookies and similar technologies to recognize users across sessions.
Legal basis:
Art. 6(1)(a) GDPR + §25 TDDDG (consent)
If no consent is present, it is not activated.
You can disable Hotjar tracking at any time via:
https://www.hotjar.com/policies/do-not-track/
A DPA with Hotjar is in place.
5.5 Google Ads
We use Google Ads, an online advertising service from:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Google Ads allows us to place adverts in Google search results and on third-party websites. In doing so, we can measure how many people click our ads and what actions they perform on our site.
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (marketing consent)
Data may be transferred to the USA, protected via SCCs and the DPF.
5.6 Google Ads Remarketing
We use Google Ads Remarketing to show users who have previously interacted with our website targeted ads on Google or partner sites.
Based on your previous activity on our site (eg product pages visited), Google places you into interest-based audiences.
If you are logged into a Google account, cross-device remarketing is also possible.
You can opt out of personalized advertising via:
https://adssettings.google.com/
5.7 Google Conversion Tracking
We use Google Conversion Tracking to measure how many users who clicked one of our ads perform specific actions on our site (purchases, registrations, etc.).
We only receive aggregated, anonymous statistics – not personal profiles.
Legal basis for all Google Ads / Remarketing / Conversion tools:
Art. 6(1)(a) GDPR + §25(1) TDDDG (consent)
5.8 Klaviyo
We use Klaviyo as our email and marketing automation platform:
Klaviyo Inc.
125 Summer Street, Floor 6
Boston, MA 02110
USA
Klaviyo is used for:
Sending email newsletters and flows
SMS (if used)
Segmenting customers and subscribers
Tracking email opens, clicks and conversions
Managing consent
Data processed may include:
name
Email address
Phone number (if SMS used)
IP address
Order history
Device information
Interaction with our emails and website
Legal basis:
Art. 6(1)(a) GDPR (newsletter consent)
Art. 6(1)(f) GDPR (legitimate interest in effective marketing)
Klaviyo uses SCCs and is DPF certified. A DPA is in place.
5.9 Meta Pixels (Facebook & Instagram)
We use the Meta Pixel and related technologies provided by:
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland
The Meta Pixel allows us to:
Track user actions after clicking our ads (conversions)
Measure ad performance
Build custom audiences and lookalike audiences
Meta may connect this data with user accounts on Facebook and Instagram and use it for its own advertising purposes under Meta's Data Policy.
We use the “Advanced Matching” feature to better match conversions with users (hashed email, name, etc., where available).
Where data is jointly processed with Meta, we have a Joint Controller Agreement under Art. 26 GDPR in place (Meta Controller Addendum).
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (marketing consent)
Meta uses SCCs and is DPF certified.
5.10 Meta Conversion API
In addition to the Pixel, we use the Meta Conversion API to send server-side events (such as purchases) to Meta.
Data processed may include:
Timestamp
Visited page / URL
IP address
User agent
Products purchased, order values, currency
We and Meta are joint controllers for this initial data collection and transfer as per Art. 26 GDPR.
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (consent)
5.11 Meta Custom Audiences
Where you have provided consent, we may upload certain customer data (eg hashed email addresses) to Meta to create Custom Audiences or Lookalike Audiences for targeted advertising.
This is done only under:
Article 6(1)(a) GDPR (consent)
Meta processes this data under a data processing / custom audiences agreement and SCCs.
5.12 TikTok Pixel
We use the TikTok Pixel:
TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380
Ireland
The TikTok Pixel allows us to:
Track conversions and user behavior
Measure the performance of TikTok ads
Build targeted audiences
Data processed can include:
IP address
Device information
Pages visited
Actions taken (e.g. purchases)
Referrer URL
Legal basis:
Art. 6(1)(a) GDPR + §25(1) TDDDG (consent)
TikTok uses SCCs for transfers to third countries.
A DPA is in place.
5.13 Pinterest Day
We use the Pinterest tag:
Pinterest Europe Ltd.
Palmerston House
2nd Floor, Fenian Street
Dublin 2, Ireland
The Pinterest Tag allows us to:
Track actions taken after a user interacts with our Pinterest ads
Build audiences and optimize campaigns
Data processed:
Tag ID
Location and referrer
Order values and items purchased
Page visits
Legal basis is consent under Art. 6(1)(a) GDPR + §25 TDDDG.
Pinterest applies SCCs for international transfers. A DPA is in place.
6. Newsletter
Newsletter Data
If you subscribe to our newsletter, we collect:
Email address
Any additional optional data (eg name)
Consent and double opt-in logs
Interaction data (opens, clicks, unsubscribes)
We use this data exclusively to send newsletters and track performance.
Legal basis:
Article 6(1)(a) GDPR (consent)
You can unsubscribe at any time via the “unsubscribe” link in any email or by contacting hello@fjuled.com
.
After unsubscribing, we may retain your email address in a suppression list (blacklist) to prevent future mailings, based on Art. 6(1)(f) GDPR.
7. Plugins and Tools
7.1 Google Fonts (local hosting)
We use Google Fonts to ensure consistent typography.
Fonts are hosted locally on our servers; no connection to Google servers is established when loading fonts.
Further details on Google Fonts:
https://developers.google.com/fonts/faq
Google Privacy Policy:
https://policies.google.com/privacy
8. Online Marketing and Affiliate Programs
Affiliate Programs
We participate in affiliate programs to promote our products via partner websites. When you click on an affiliate link and make a purchase, the affiliate network needs to attribute the sale to the correct partner. For this, cookies or similar recognition technologies may be used.
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in correct commission allocation)
Art. 6(1)(a) GDPR + §25(1) TDDDG if consent is required for cookies
We use, among others:
UpPromote Affiliate Marketing
(Shopify app – see provider privacy policy on the Shopify App Store)
9. eCommerce and Payment Providers
9.1 Processing of Customer and Contract Data
We process personal customer and contract data to establish, execute and terminate contractual relationships. This includes:
name
Address
Order details
Invoice data
Legal basis:
Art. 6(1)(b) GDPR – contract performance
Legal retention obligations (tax, commercial law)
Data is deleted after legal retention periods expire.
9.2 Data Transfer in Case of Online Orders and Shipping
When you place an order, we share relevant data with:
Shipping providers (DHL, DPD, UPS, etc.)
Payment service providers
Fulfillment partners (if used)
Data includes:
name
Shipping address
Email address
Order details
Legal basis:
Art. 6(1)(b) GDPR (required for contract performance)
If you have consented to receive shipping notifications by email/SMS from carriers, this is based on Art. 6(1)(a) GDPR.
9.3 Payment Service Providers
We integrate the following payment services:
PayPal
Provider:
PayPal (Europe) S.à rl et Cie, SCA
22–24 Boulevard Royal
L-2449 Luxembourg
Details on privacy:
https://www.paypal.com/webapps/mpp/ua/privacy-full
Transfers to the USA may be based on SCCs.
Apple Pay
Provider:
Apple Inc.
One Apple Park Way
Cupertino, CA 95014
USA
Privacy Policy:
https://www.apple.com/legal/privacy/
Google Pay
Provider:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland
Privacy Policy:
https://policies.google.com/privacy
Klarna (including Sofort)
Provider:
Klarna Bank AB (publ)
Sveavägen 46
111 34 Stockholm
Sweden
Klarna may use cookies and perform credit checks. Details:
https://www.klarna.com/privacy/
Instant (instant bank transfer)
Part of Klarna; detailed information under Klarna's privacy policy.
Shopify Payments
Providers in the EU:
Shopify International Ltd.
2nd Floor, 1-2 Victoria Buildings
Haddington Road
Dublin 4, D04 XN32
Ireland
Privacy:
https://www.shopify.com/legal/privacy
American Express
Provider:
American Express Europe SA
Theodor-Heuss-Allee 112
60486 Frankfurt am Main
Germany
Privacy:
https://www.americanexpress.com/
Transfers to the USA secured by Binding Corporate Rules.
Mastercard
Provider:
Mastercard Europe SA
Chaussée de Tervuren 198A
B-1410 Waterloo
Belgium
Privacy:
https://www.mastercard.com/privacy/
VISA
Provider:
VISA Europe Services Inc.
1 Sheldon Square
London W2 6TT
United Kingdom
Privacy:
https://www.visa.com/privacy/
UK is considered a safe third country with an adequacy decision.
Legal basis for all payment providers:
Art. 6(1)(b) GDPR (payment processing as part of contract)
Art. 6(1)(f) GDPR (fraud prevention, secure payment flow)
Art. 6(1)(a) GDPR where explicit consent is requested