Privacy Policy

1. General

The protection of your personal data is important to us. Your data will be processed exclusively in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Data Protection Act (DSG) and the Telecommunications Act (TKG).

In this privacy policy, we inform you about the scope and purpose of data processing, your rights and other important aspects.

1.1 Personal data

According to Art 4 line 1 DSGVO, personal data is given if there is information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly. Personal data includes, for example, name, address, IP address, e-mail address, etc.

1.2 Contact

Magu CBD Ltd.
Stiftgasse 19
1070 Vienna
+43 660 1929393

2. Collection and processing of your personal data

The purpose of processing your data is the operation of the website and the execution of contracts; this also includes related activities (administration of your account, processing of payment and shipping, etc.). Your personal data will only be used if the purpose requires it and there is a justification.

For the purpose of operating our website, the following data is stored and processed:

  • Browser type and version;
  • Operating system used;
  • Website from which you are visiting us;
  • Website you are visiting;
  • Date and time of your access;
  • Your Internet Protocol (“IP”) address.

For the purpose of contract initiation and fulfillment (and related activities), the following data is stored and processed:

  • Address
  • Payment data

The legal basis(s) of the processing of your personal data can be found under point 2.1. Your data will be disclosed to third parties in accordance with point 2.2.

2.1 Legal basis for the processing of personal data

Consent according to Art 6 para 1 lit a DSGVO

Consent on your part exists if you have given your prior consent to certain, clearly defined processing (esp. subscription to our newsletter or use of cookies). Your consent can be revoked at any time.

Fulfillment of the contract and initiation of the conclusion of the contract pursuant to Art 6 para 1 lit b DSGVO.

The processing of your personal data is permissible in order to initiate a business transaction and to process it after conclusion of the contract.

Fulfillment of legal obligations pursuant to Art 6 para 1 lit c DSGVO.

The processing of your personal data is permitted in order to comply with legal obligations. In particular, the Federal Tax Code and the Business Code stipulate retention obligations (7 years).

The deletion takes place after the expiry of these periods, the necessity of the retention of the data is reviewed every three years.

Legitimate interests pursuant to Art 6 para 1 lit f DSGVO.

The processing of your personal data is permissible if there is a legitimate interest on our part in the processing (e.g. answering your inquiries, etc.).

2.2 Passing on personal data to third parties

Your personal data will only be passed on if your consent exists, if it is necessary for the initiation or fulfillment of a contract or if there are legal obligations. In the further course you will find detailed information about these third parties.

2.3 Newsletter

Via our website we offer you the possibility to subscribe to our newsletter. If you subscribe to our newsletter, we will inform you about our offers at regular intervals. In order to offer this service, we use the services of CleverReach GmbH & Co KG.

The processing of your associated data (esp name, IP address and email address) is based on your consent pursuant to Art 6 para 1 lit b DSGVO. We will check the e-mail address you have entered to ensure that you are actually the owner of the e-mail address provided or that its owner has authorized the receipt of the newsletter.

You can cancel your subscription to this newsletter at any time. Details of this can be found in the confirmation email and in each individual newsletter.

2.4 Hosting

We use a so-called hosting service provider to operate our website. This provides us with computing power and storage space. This is Hetzner Online GmbH, which is based in Germany.

This service provider processes data exclusively in the European Union under the permissibility conditions of point 2.1.

Hetzner Online GmbH
Industrial road 25
91710 Gunzenhausen
Privacy policy available at:

3. Cookies

We use so-called cookies on our website. Cookies are small text files that your Internet browser places and stores on your computer. On the one hand, they serve to optimize our website and our offers. On the other hand, they serve to recognize users. These are mostly “session cookies”, which are deleted after the end of your visit. In individual cases, however, “permanent cookies” are also set, which are not deleted after the end of your visit.

For cookies that are not technically essential, you will be asked for your consent (see point 2.1.). Only if you consent to the processing, your cookies will be processed for the purpose of improving our website for a period of 120 days.

If cookies are functionally absolutely necessary, processing is also possible without your consent pursuant to § 96 TKG, Art 6 para 1 lit f DSGVO.

4. Matomo Analytics

We use the Matomo Analytics tool on our website. This is an open source software of the Matomo organization. Information is collected about your browser type and version, operating system used, the website accessed, date and time of your access and your IP address. This with the purpose of improving user experience and user friendliness.

5. Payment processing by Unzer Austria GmbH

To process your payments, we use the services of Unzer Austria GmbH. The processing of your personal (name, payment information, etc.) data is justified by Art 6 para 1 lit b DSGVO.

Privacy policy available at:

6. Shipment processing by Sendcloud GmbH

To process the shipment of your order, we use the services of Sendcloud GmbH. The processing of your personal (name, address, etc.) data is justified by Art 6 para 1 lit b DSGVO.

Privacy policy available at:

7. Third-party plugin

This website contains so-called plugins from third-party providers listed below. If you call up one of our sites that contains such a plugin (recognizable by the brand of the third-party provider), a direct connection is established with the provider of the plugin. This transmits your data to the third-party provider; as the operator of the website, we have no influence what personal data is transmitted; in any case, however, the third-party provider receives the information that you have visited our website. If you have an account with one of the third-party providers, your data may be linked.

7.1 YouTube

Google Ireland Limited

Gordon House, Barrow Street
Dublin 4

Privacy policy available at:

7.2 Google Maps

Google Ireland Limited

Gordon House, Barrow Street
Dublin 4

Privacy policy available at:

7.3 Trusted Shops

In order to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge of Trusted Shops GmbH is integrated on this website.

When you call up the Trustbadge, your IP address, the date and time of the call-up, the amount of data transferred, etc. are stored. This data is processed exclusively to ensure trouble-free operation and is automatically deleted no later than seven days after the end of your visit to the site (Art 6 para 1 lit f DSGVO).

Further personal data is only transferred if you have consented to this, have decided to use Trusted Shops products after completing an order, or have already registered to use them.

Trusted Shops GmbH
Subbelrather Street 15c
50823 Cologne

Privacy policy available at:

8. Your rights

The GDPR standardizes the following rights:

  • Information
  • Correction
  • Restriction of processing
  • Deletion
  • Data portability
  • Revocation
  • Objection to processing

If you wish to exercise any of these rights, please contact, providing proof of your identity (e.g. by means of a copy of your identity card).

You also have the right to lodge a complaint with the Austrian data protection authority if you are of the opinion that the processing of your data violates data protection regulations.

9. Data security

We continuously improve our security measures to protect your personal data from access by third parties. All personal data is transmitted in encrypted form.

Despite great care, Magu CBD GmbH is not liable for unlawful interference by third parties.