Privacy Policy

Last updated: 30 September 2025

1) Who we are (Controller)

WE-NO

Owner: Zohir Memmou

Breisgaustraße 25, 76532 Baden-Baden, GERMANY

Email: info@we-no.com

For the purposes of the EU General Data Protection Regulation (“GDPR”), WE-NO is the data controller for personal data processed via we-no.com (the “Site”) and our online shop (the “Services”).

If you reside in the UK, references to GDPR include the UK GDPR and the Data Protection Act 2018.

2) What data we collect

We collect the following categories of personal data, depending on how you interact with us:


  • Identity & contact details: name, billing and shipping address, email, phone.

  • Order & payment data: items purchased, order totals, currency, payment method, partial card details (tokenized by our payment processor), transaction IDs, refund data.

  • Account data: account credentials (hashed), order history, wishlists, saved addresses.

  • Customer support data: messages, attachments, return/exchange details.

  • Device & usage data: IP address, device type, browser, operating system, referral URLs, pages viewed, time stamps, approximate location (derived from IP), Site interactions.

  • Cookie & similar technologies data: identifiers, consent preferences, session data (see Cookies below).

  • Marketing preferences: newsletter opt-in/out, SMS consent, ad preferences.

  • Fraud prevention signals: risk scores, chargeback history, velocity checks.

  • Social/ads & analytics data: where you consent, we receive pseudonymous identifiers and event data (e.g., from Google Analytics, Meta/Instagram, etc.).

We do not intentionally collect sensitive categories of data.

3) Why we process your data (Purposes & legal bases)

We process personal data only where a legal basis applies (Art. 6 GDPR):


  1. To operate our store and fulfill contracts (Art. 6(1)(b)):


    Create and manage your account


    Process orders, payments, shipping, returns & refunds


    Provide customer support



  2. Legitimate interests (Art. 6(1)(f)):


    Secure and improve the Site and Services (debugging, analytics in aggregate, service quality)


    Prevent abuse and fraud (including risk scoring)


    Defend legal claims and ensure network/security integrity


    Personalize content (non-essential personalization only with consent where required)



  3. Consent (Art. 6(1)(a)):


    Non-essential cookies/trackers for analytics & advertising


    Email/SMS marketing (where consent is required)



  4. Legal obligations (Art. 6(1)(c)):


    Tax, accounting, consumer protection, product safety, and regulatory compliance


You can withdraw consent at any time (see Your rights).

4) Cookies & similar technologies

We use cookies, pixels, local storage, and similar technologies:


  • Strictly necessary cookies (essential for the Site and checkout)

  • Performance/analytics cookies (e.g., to understand traffic and improve the Site)

  • Functional cookies (remember choices, e.g., language/currency)

  • Advertising/targeting cookies (to deliver relevant ads and measure campaigns)

Consent: On your first visit, our cookie banner lets you accept, reject, or customize non-essential cookies. You can change your choices at any time via Cookie Settings (footer link). Essential cookies cannot be disabled.

Examples (non-exhaustive):


  • cart, checkout_token, shop_session (essential)

  • _ga* (Google Analytics; analytics)

  • _fbp (Meta; advertising)

  • _shopify_y, _shopify_s (platform/session/analytics)

Retention: Session cookies expire when you close your browser; others persist for a defined period (typically 1–24 months) unless you delete them earlier.

5) How we share data (Recipients & processors)

We share data only as necessary and under appropriate safeguards (including data processing agreements):


  • E-commerce platform & hosting: Shopify (storefront, checkout, hosting, security, fraud prevention).

  • Payment processors: e.g., Shopify Payments, Stripe, PayPal (they process payment data on our behalf or as independent controllers per their policies).

  • Fulfillment, logistics & carriers: to ship orders and manage returns.

  • Customer service & communications: email/SMS providers (e.g., transactional emails, newsletters where consented).

  • Analytics & advertising partners: e.g., Google Analytics, Meta/Instagram Ads—only with consent for non-essential tracking.

  • IT/security providers: cloud, backup, monitoring, anti-fraud tools.

  • Professional advisors & authorities: accountants, auditors, legal advisors; regulators or law enforcement where legally required.

We do not sell your personal data.

6) International transfers

Some recipients are located outside the European Economic Area (EEA)/UK. Where personal data is transferred internationally, we use appropriate safeguards such as:


  • Adequacy decisions by the European Commission/UK Government; and/or

  • Standard Contractual Clauses (SCCs) and, where required, UK International Data Transfer Addendum; and

  • Supplementary measures following transfer impact assessments.

You can request a copy of relevant transfer safeguards (redactions may apply).

7) Retention

We keep personal data only as long as necessary for the purposes described or as required by law:


  • Orders & invoices: up to 10 years (tax/accounting laws may require this).

  • Customer accounts: until you delete your account, then limited archival for legal claims (usually up to 3 years).

  • Marketing data: until you unsubscribe or withdraw consent.

  • Support tickets: typically 24 months after resolution, unless longer needed for legal reasons.

  • Cookie identifiers: per cookie lifetime or until deletion/withdrawal of consent.

8) Your rights (EU/EEA & UK)

Subject to legal conditions/exceptions, you have the right to:


  • Access your data and obtain a copy

  • Rectify inaccurate or incomplete data

  • Erase data (“right to be forgotten”)

  • Restrict processing

  • Object to processing based on legitimate interests (including profiling) and to direct marketing at any time

  • Data portability (receive your data in a structured, commonly used format)

  • Withdraw consent at any time (affects future processing)

To exercise your rights, email info@we-no.com. We may verify your identity before responding.

Complaints: You can lodge a complaint with your local data protection authority. Our local authority is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), Germany.

9) Children

Our Services are not directed to children. We do not knowingly collect personal data from individuals under the age required by local law (typically 16 in the EU, 13 in some jurisdictions). If you believe a child provided data, contact us to delete it.

10) Marketing communications


  • Email/SMS: We send marketing only with your consent (where required) or as permitted by law. You can unsubscribe at any time via the link in our messages or by contacting us.

  • Ads & tracking: Where you consent to advertising cookies, you may see our ads on other platforms. You can change your Cookie Settings at any time.

11) Automated decision-making & profiling

We may use limited automated processing (e.g., fraud-prevention risk scoring during checkout) to protect our business and customers. This processing is necessary to enter into or perform a contract, is based on our legitimate interests, and/or your consent where required. You can request human review and challenge a decision by contacting us.

12) Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, least-privilege permissions, logging/monitoring, and staff confidentiality. No system is 100% secure; please protect your account credentials and use a strong, unique password.

13) Third-party links & apps

Our Site may contain links to third-party websites or apps (e.g., social media, payment providers). Their privacy practices are governed by their own policies. Please review those policies before providing any data.

14) Changes to this Policy

We may update this Policy from time to time. Material changes will be indicated by updating the “Last updated” date above. Continued use of the Site after changes means you accept the revised Policy.

15) Contact

For questions or to exercise your data rights, contact:

WE-NO – Privacy

Breisgaustraße 25, 76532 Baden-Baden, GERMANY

Email: info@we-no.com

Cookie Disclosure (example overview)

The exact cookies depend on your current apps/integrations. Your cookie banner’s “Details” page should list the current set. Below is a representative outline:

CategoryExamplesPurposeTypical lifetimeEssentialcart, checkout_token, shop_sessionEnable cart/checkout, keep you signed in, load pagesSession–2 yearsAnalytics (consent)_ga, _ga_*, _gidUnderstand visits, improve performance1 day–24 monthsAdvertising (consent)_fbp, fr, gclid, _tt_enable_cookieShow/measure relevant ads on Meta/Google/TikTok1 day–90 daysFunctionality (consent)preferred_currency, localeRemember choices (currency/language)Session–12 months

Platform-specific notes (Shopify)

Our store is hosted by Shopify. Shopify provides the online e-commerce platform that allows us to sell our products and services to you and acts as a processor and/or independent controller for certain operations (e.g., payments, fraud prevention). For details on Shopify’s own data handling, please refer to Shopify’s privacy documentation and policies provided in your region.