Privacy Policy
This privacy policy informs you in accordance with Art. 13 GDPR about the processing of personal data when visiting this online shop and placing orders. The controller has its seat in Austria; the primary supervisory authority is therefore the Austrian Data Protection Authority.
1. Controller
Controller within the meaning of Art. 4 (7) GDPR is:
Mountain Green GmbH
- Authorized representative
- Dietmar Wurzer
- Address
- Zwatzhof 8 9362 Metnitz, AT
- office@mountaingreen.at
- Phone
- 04266 20055
- VAT ID
- ATU78748018
- Company register
- FN 591530 y, HG Wien
- Trade
- Gewerbe gem. GewO
- Supervising authority
- Bezirksverwaltungsbehoerde Klagenfurt
- Chamber
- WKO-Fachgruppe / Kammer
2. Cookies and similar technologies
We use only the following cookies. Marketing cookies (affiliate tracking) are set exclusively after explicit consent via the consent banner.
| Name | Purpose | Legal basis |
|---|---|---|
| mg_cart | Shopping-cart session. | Art. 6 (1) b GDPR – contract performance. |
| mg_locale | Language preference. | Art. 6 (1) f GDPR – legitimate interest in UX. |
| mg_currency | Display currency (display only, not settlement). | Art. 6 (1) f GDPR – legitimate interest in UX. |
| mg_age_18plus | Age confirmation (CBD compliance). | Art. 6 (1) c GDPR – legal obligation. |
| mg_consent | Stores the consent choice. | Art. 6 (1) c GDPR – proof of consent. |
| mg_aff (Affiliate) | Affiliate attribution (30 days, last-cookie-wins). | Art. 6 (1) a GDPR – only after consent. |
3. Recipients and processors
Segpay LLC (USA)
Payment processing via an externally hosted payment page. Order amount, order number, email and billing address are transferred to Segpay. Card data is processed exclusively by Segpay and never reaches our servers.
Amazon Web Services EMEA SARL (hosting, AWS region eu-central-1)
Server hosting, database (RDS PostgreSQL), file storage (S3), caching (ElastiCache), email sending (SES). All processing takes place in Frankfurt, Germany.
Sentry GmbH (EU region Frankfurt)
Error monitoring (stack traces, anonymized request data). PII is stripped prior to transmission (cookies, email, auth headers).
frankfurter.app
Daily ECB-based exchange rates for the display-currency feature. Only public rate tables are queried – no personal data is transmitted.
4. Transfer to third countries
Data is transferred to Segpay LLC in the USA. Legal basis is Art. 49 (1) lit. b GDPR (contract performance with the customer when the order is placed). All other processors are seated or process within the EU/EEA.
5. Your rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21). Consents (e.g. marketing cookies) can be revoked at any time with effect for the future.
6. Right to lodge a complaint
You have the right to lodge a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at) or another supervisory authority in your country of residence.