Skip to content

Privacy Policy

1. General Information and Mandatory Information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., communication by e-mail) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

1.1 Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. The responsible party for data processing on this website is:

regrow shop – Inhaber Sascha Baumann
Kreuzborn 15
57299 Burbach
Germany

Email: info@regrowitself.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

1.2 How do we collect your data?

Your data is collected, on the one hand, by you providing it to us. This can be data that you enter into a contact form, for example.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.

1.3 What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

2. What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for further questions regarding data protection, you can contact us at any time using the address provided in the legal notice. Furthermore, you have a right to lodge a complaint with the competent supervisory authority.

You also have the right, under certain circumstances, to demand the restriction of the processing of your personal data. For details, please refer to the privacy policy under “2.6 Right to Restriction of Processing.”

2.1 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. An informal notification by e-mail to us is sufficient for this purpose. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

2.2 Right to object to data collection in special cases and to direct marketing pursuant to Art. 21 GDPR

If data processing is based on Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims (objection under Art. 21 Para. 1 GDPR).

If your personal data is processed to conduct direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Art. 21 Para. 2 GDPR).

2.3 Right to lodge a complaint with the supervisory authority

In the event of a breach of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

2.4 Right to Data Portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to third parties. The provision is made in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

2.5 Right to Information, Correction, Blocking, Deletion

You have the right at any time within the framework of the applicable legal provisions to free information about your stored personal data, the origin of the data, their recipients, and the purpose of data processing, and, if applicable, a right to correction, blocking, or deletion of this data. In this regard, as well as for further questions regarding personal data, you can contact us at any time using the contact options provided in the legal notice.

2.6 Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time using the address provided in the legal notice. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was or is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have objected pursuant to Art. 21 Para. 1 GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may – apart from their storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

3. Hosting und Content Delivery Networks (CDN)

3.1 External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the host. This may mainly include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data.

3.2 Conclusion of a Contract for Order Processing

To ensure data protection-compliant processing, we have concluded a contract for order processing with our host.

4. Data Collection on this Website

4.1 Evaluation of Visitor Behavior

In the following privacy policy, we inform you whether and how we evaluate data of your visit to this website. The evaluation of the collected data is usually anonymous, and we cannot draw any conclusions about your person from your behavior on this website. You can find out more about options to object to this evaluation of visitor data above in this privacy policy.

4.2 TLS encryption with https

We use https to transmit data securely on the Internet (privacy by design Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our internet address.

4.3 Server log files

The provider of the website automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

  • Visited page on our domain
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • IP address

These data will not be merged with other data sources. The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

4.4 Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us to make our offer more user-friendly, effective, and secure.

Some cookies are “session cookies.” Such cookies are deleted automatically at the end of your browser session. However, other cookies remain on your device until you delete them yourself. Such cookies help us to recognize you when you return to our website.

With a modern web browser, you can monitor, restrict, or prevent the setting of cookies. Many web browsers can be configured to delete cookies automatically when the program is closed. Disabling cookies may limit the functionality of our website.

The setting of cookies that are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you (e.g., shopping cart) is based on Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies (e.g., for analysis functions) are set, these will be treated separately in this privacy policy.

4.5 Inquiry via Email, Telephone, or Fax

When you contact us via email, telephone, or fax, your inquiry including all resulting personal data (e.g., name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested.

The data sent to us via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

4.6 Newsletter Privacy Policy

When you subscribe to our newsletter, you provide the above-mentioned personal data and give us the right to contact you by email. We use the data stored during the registration for the newsletter exclusively for our newsletter and do not pass it on.

If you unsubscribe from the newsletter – you will find the link for this at the bottom of each newsletter – we will delete all data stored with the registration for the newsletter.

4.7 Jetpack

4.7.1 What is Jetpack?

We use “Jetpack” (formerly “WordPress.com-Stats”), a web analytics service provided by Automattic Inc., 6029th Street #343, San Francisco, CA 94110, USA (hereinafter referred to as “Automattic”) on our website. Jetpack uses, among other things, cookies, which are small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website. The information collected in this way is stored on a server in the USA. Our website uses Jetpack with an extension that processes IP addresses directly after collection, which prevents any personal reference.

4.7.2 Why do we use Jetpack on our website?

We use Jetpack for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offering and make it more interesting for you as a user. Furthermore, we use Jetpack for measures to protect the security of the website, such as detecting attacks or viruses. This also constitutes our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 Para. 1 S. 1 lit. f) GDPR.

4.7.3 How can I delete my data or prevent data storage?

You can prevent the evaluation by deleting existing cookies and preventing the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of this website to their full extent. Preventing the storage of cookies is also possible by clicking the “Click here to Opt-out” button at https://www.quantcast.com/opt-out.

4.7.4 Further information on Jetpack

In order to ensure that Automattic processes the transmitted data only in accordance with our instructions and in compliance with the applicable data protection regulations, we have concluded a contract with Automattic for order processing. In addition, Automattic has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. By doing so, Automattic undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following link: https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active

Third-party information: Automattic Inc., 6029th Street #343, San Francisco, CA 94110-4929, USA. Further information from the third-party provider on data protection can be found on the following Automattic website: https://automattic.com/privacy

Information from the third-party provider of tracking technology: Quantcast International Limited, Beaux Lane House, Lower Mercer Street, 1st Floor, Dublin 2, Ireland. Further information from the third-party provider of tracking technology on data protection can be found on the following website: https://www.quantcast.com/privacy

4.8 WooCommerce

We have integrated the open-source shop system WooCommerce as a plugin on our website. This WooCommerce plugin is based on the WordPress content management system, which is a subsidiary of Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). Through the implemented functions, data is sent to, stored, and processed by Automattic Inc. In this privacy policy, we inform you about the types of data involved, how the network uses this data, and how you can manage or prevent data storage.

4.8.1 What is WooCommerce?

WooCommerce is an online shop system that has been part of the WordPress directory since 2011 and was specifically developed for WordPress websites. It is a customizable, open-source eCommerce platform based on WordPress and has also been integrated into our website as a WordPress plugin.

4.8.2 Why do we use WooCommerce on our website?

We use this practical online shop solution to offer you our physical or digital products or services in the best possible way on our website. The goal is to provide you with easy and quick access to our offerings so that you can easily and quickly find your desired products. With WooCommerce, we have found a good plugin that meets our requirements for an online shop.

4.8.3 What data is stored by WooCommerce?

Information that you actively enter into a text field on our online shop can be collected and stored by WooCommerce or by Automattic. So when you sign up with us or order a product, Automattic may collect, process, and store this data. This may include, in addition to email address, name, or address, credit card or billing information. Automattic may subsequently use this information for its own marketing campaigns.

Additionally, Automattic automatically collects information about you in so-called server log files:

  • IP address
  • Browser information
  • Default language setting
  • Date and time of web access

WooCommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons) to clearly identify you as a user and potentially offer interest-based advertising. WooCommerce uses a variety of different cookies, which are set depending on user actions. That means, for example, if you add a product to the shopping cart, a cookie is set to keep the product in the cart even if you leave our website and come back at a later time.

4.8.4 How long and where are the data stored?

Unless there is a legal obligation to store data for a longer period, WooCommerce deletes the data when it is no longer needed for the purposes for which it was stored. For example, server log files containing technical data about your browser and IP address are deleted after about 30 days. Automattic uses the data to analyze traffic on its own websites (for example, all WordPress sites) and to identify and fix any potential issues. The data is stored on Automattic’s servers in the United States.

4.8.5 How can I delete my data or prevent data storage?

You have the right to access your personal data at any time and to object to their use and processing. You can also lodge a complaint with a supervisory authority at any time.

You can prevent the analysis by deleting existing cookies and preventing the storage of cookies in your web browser settings. However, please note that deactivated or deleted cookies may have possible negative effects on the functionality of our WooCommerce online shop. Depending on which browser you use, managing cookies works slightly differently. You can also prevent the storage of cookies by clicking the “Click here to Opt-out” button at https://www.quantcast.com/opt-out.

4.8.6 Further information about Automattic

Automattic is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. More information can be found at https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC. For more details on the privacy policy and what data WooCommerce collects and how, please visit https://automattic.com/privacy/, and for general information about WooCommerce, visit https://woocommerce.com/.

To ensure that Automattic processes the transmitted data only in accordance with our instructions and in compliance with applicable data protection regulations, we have concluded a contract with Automattic for order processing. In addition, Automattic has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. By doing so, Automattic undertakes to comply with the standards and regulations of European data protection law. More information can be found in the following link: https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active

Third-party information: Automattic Inc., 6029th Street #343, San Francisco, CA 94110-4929, USA. For further information on third-party data protection, please refer to Automattic’s website at https://automattic.com/privacy

Third-party tracking technology provider information: Quantcast International Limited, Beaux Lane House, Lower Mercer Street, 1st Floor, Dublin 2, Ireland. For further information on third-party tracking technology data protection, please refer to the following website: https://www.quantcast.com/privacy

4.9 Data Processing for Order Processing

To process your order, we work with the following service providers, who support us in whole or in part in executing concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

We pass on your payment data to the contracted credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you about this explicitly below. The legal basis for the transfer of data is Art. 6 Para. 1 lit. b GDPR.

4.9.1 Use of PayPal Payment Service Provider

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer is made in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for the payment processing.

For payment methods such as credit card via PayPal, direct debit via PayPal, or, if offered, “purchase on account” or “installment payment” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transferred to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, among other things, but is not limited to, address data. For further data protection information, including the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

4.10 Registration and Contract Processing

4.10.1 Data Processing for Customer Account Registration and Contract Processing

You can register on our website by providing personal data. The personal data processed for registration is determined by the input mask used for registration. We use the so-called double-opt-in procedure for registration, i.e., your registration is only complete once you have confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 48 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory; all other information can be provided voluntarily by using our website.

When you use our website, we store your data required for contract fulfillment, including any payment method information, until you finally delete your access. Furthermore, we store the voluntary data provided by you for the duration of your use of the website, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 lit. f GDPR. Furthermore, we store all content published by you (such as public posts, reviews, guestbook entries, etc.) to operate the website. The provision of the website with complete user-generated content is our legitimate interest; the legal basis for this is Art. 6 para. 1 lit. f. GDPR. If you delete your account, your public statements, especially comments and reviews, will remain visible to all readers, but your account will no longer be accessible. All other data will be deleted in this case. If you also want your comments and uploaded media to be deleted, please indicate this.

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the above address of the controller. We store and use the data you provide us with for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes legally permitted by us, about which we inform you below accordingly.

4.11 Comment Function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose will be stored and published on the website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in the event that the affected person violates the rights of third parties or posts illegal content through a submitted comment. We require your email address to contact you in case a third party objects to your published content as unlawful. The legal basis for storing your data is Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.

5. Social Media

5.1 Profiles on Social Media & Links on Our Website

Profiles on Social Media Platforms

We maintain online presences on social media platforms (social networks). In order to interact with active users there or to provide information about us, we process data of the respective users within this framework.

We would like to point out that the data of users may be processed outside the European Union. This may result in increased risks for the users, as, for example, the enforcement of users’ rights could be more difficult.

In addition, the data of users within social networks are processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the interests indicated by users. These user profiles can be used to display personalized advertisements within and outside the networks, which are likely to correspond to the interests of the users. For these purposes, cookies containing the behavior and interests of users are stored on users’ computers. Data can also be stored independently of the devices used by users (especially if users are registered members of the respective platforms and are logged into them).

For a detailed presentation of the respective processing methods and the options to object, we refer to the data protection declarations and information provided by the respective networks.

In the event of requests for information and the assertion of data subject rights, we would like to point out that these are best addressed to the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly.

Links from social media:

We promote presences on the following social networks on our website. The integration is done via a linked graphic or a link of the respective network. By using a linked graphic, it is prevented that when a website with social media promotion is called up, a connection to the respective server of the social media network is automatically established in order to display the graphic of the respective network. Only by clicking on the linked graphic or the link, the user is redirected to the service of the respective social media network.

After the user has been redirected, information about the user is collected by the respective social network. It cannot be ruled out that the data collected in this way will be processed outside the scope of the European Union.

The data initially includes the IP address, date, time, and visited page. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information about the specific visit and redirection of the user to the personal account of the user. If the user interacts via a “share” button of the respective network, this information can be stored in the personal user account of the user and possibly published. If the user wishes to prevent the collected information from being assigned to his user account, he must log out before clicking on the graphic. In addition, there is the possibility to configure the respective user account accordingly.

The legal basis for the processing of personal data described above and subsequently is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales, and promotion of our products and services.

Below you will find a list of all our online presences, as well as the links through graphics and links:

5.1.1 Instagram

We maintain an online presence on Instagram to present our website and services and to communicate with interested parties. Instagram is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that the data of users may also be processed outside the European Union, especially in the United States. This may result in increased risks for the users, as, for example, later access to the user data may be more difficult. Furthermore, we do not have access to this user data. The access possibility lies exclusively with Instagram.

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Website: https://www.instagram.com;
Privacy policy: https://instagram.com/about/legal/privacy.

5.1.2 Facebook

We maintain an online presence on Facebook to present our website and services and to communicate with interested parties. Facebook is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that the data of users may also be processed outside the European Union, especially in the United States. This may result in increased risks for the users, as, for example, later access to the user data may be more difficult. Furthermore, we do not have access to this user data. The access possibility lies exclusively with Facebook.

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Website: https://www.facebook.com;
Privacy policy: https://www.facebook.com/about/privacy;

5.1.3 X

We maintain an online presence on X to present our website and services and to communicate with interested parties. Twitter is a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We would like to point out that the data of users may also be processed outside the European Union, especially in the United States. This may result in increased risks for the users, as, for example, later access to the user data may be more difficult. Furthermore, we do not have access to this user data. The access possibility lies exclusively with Twitter .

Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

5.1.4 LinkedIn

We maintain an online presence on LinkedIn to present our website and services and to communicate with interested parties. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland.

We would like to point out that the data of users may also be processed outside the European Union, especially in the United States. This may result in increased risks for the users, as, for example, later access to the user data may be more difficult. Furthermore, we do not have access to this user data. The access possibility lies exclusively with LinkedIn.

Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland Website: https://www.linkedin.com;
Privacy policy: https://www.linkedin.com/legal/privacy-policy;
Data Processing Agreement: https://legal.linkedin.com/dpa;
Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5.1.5 Pinterest

We maintain an online presence on Pinterest to showcase our website and services and to communicate with interested parties. Pinterest is a service provided by Pinterest Inc., located at 635 High Street, Palo Alto, CA, 94301, USA.

We would like to point out that user data may be processed outside the European Union, particularly in the United States. This may pose increased risks for users, such as potentially complicating access to user data at a later time. Additionally, we do not have access to this user data. Access to this data is solely managed by Pinterest.

Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Website: https://www.pinterest.com;
Privacy Policy: https://about.pinterest.com/de/privacy-policy;
Data Exchange – Appendix A: https://business.pinterest.com/de/pinterest-advertising-services-agreement/.