Hälssen & Lyon Logo

The Tea Catalogue
Assortment for specialised tea shops


The Tea Catalogue
Assortment for specialised tea shops


With this privacy policy, we would like to inform you about the processing of your data. With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Our websites are not aimed at children and young people under the age of 16.

Responsible for processing

Hälssen & Lyon GmbH
Pickhuben 9
20457 Hamburg

represented by its Managing Directors Christian Meckel (Chairman) and Dietmar Scheffler

Phone  +49 40-36 14 3-0 

How to contact our data protection officer?
The contact details of our external company data protection officer (DPO) are as follows: Mauß Datenschutz GmbH, Neuer Wall 10, 20354 Hamburg, Germany. You can reach our DPO by mail (see above) or by phone: +49 40 999 99 52-0 and via e-mail: datenschutz@datenschutzbeauftragter-hamburg.de.


How do we process your data?

In the following, you will learn which data is collected when, how it is used (type, scope and purpose of the processing of personal data) as well as the legal basis and the duration of storage.

Operation of the web server, delivery of the web pages

All the data you enter on our sites is transmitted to us in encrypted form. The same applies for the delivery of our web pages. It applies even when you access the site without specifying encryption (using http protocol instead of https); the site’s response to such unencrypted access is automatically encrypted.

When do we use your personal information?

When you visit our websites, we automatically process the following data from you in order to be able to provide our websites and the services provided via them:

  • Date and time of access
  • Your IP address
  • The URL of the website from which you came to us
  • The URLs you visit on our site
  • Information about your Internet browser (browser type and version)
  • The operating system of the device with which you access our website
  • Your Internet service provider

For security reasons, we store this information in log files and automatically delete it after 60 days. The data in the log files is stored separately from other data about you.

Longer storage only takes place in justified individual cases (e.g. in the event of suspected abuse or fraud or in the event of attacks on our web server). In these cases, the respective log files are stored until the facts of the case have been clarified and the resulting measures have been completed.

In order to be able to provide you with our website and the services provided via them, we use a ser-vice provider (web hoster) who processes your data on our behalf and exclusively in accordance with our instructions.

Mittwald CM Service GmbH & Co.KG
Königsberger Straße 4-6
32339 Espelkamp

The legal basis for the processing of your data is Art. 6 Par. 1 lit. f GDPR. We have a legitimate inter-est in processing your data so that we can offer you our websites and the services provided via them in a technically flawless, secure manner and optimized for your needs. In addition, our other legitimate interest is to detect and prevent fraud attempts or attacks on our websites.

Storage and retrieval of data in your device

In order to provide the functionalities you have requested, including the provision of the website, we store data in your browser in accordance with § 25 TDDDG and also access it afterwards. For this purpose, we use so-called cookies as well as the session memory and the local memory of the browser. Without this storage and retrieval of data, our website will not function correctly.

The legal basis for the storage and retrieval of data from your browser is our legitimate interest pursuant to Art. 6 Par. 1 lit. f GDPR in conjunction with § 25 TDDDG to implement our websites in an appealing and secure manner and to comply with your wishes regarding the usability and functionality of the pages.

Below you will find a tabular list of cookies and similar technologies used on this website. The expiration time indicates the time after which your browser automatically deletes the relevant data. Session means that the data is only stored until the end of the current page visit. 

Cookie name


Expiration time


Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.


Contact requests

When you send us a message, we use the data you provide to process your request. The legal basis for this is our legitimate interest in responding to your request, in accordance with Art. 6 para. 1 lit. f GDPR. If your request serves to conclude a contract with us to which you as a person are a contracting party, further legal basis for the processing is provided by Art. 6 para. 1 lit. b GDPR. The data will be deleted after your request has been processed. If we are obliged by law to store data for a longer period of time, the data will be deleted after expiry of such period.

User account

The use of our online catalogue is open only to commercial customers and resellers and requires a one-time registration on our website. To verify your eligibility, please provide your full contact details. The data will be used to contact you by e-mail and to provide you with a personalized login. Your name, e-mail, customer number and login are stored in the system so that we can manage you as a user.

With this processing, we pursue our legitimate interest in protecting our tea catalogue from unauthorized access. The legal basis for this is Art. 6 para. 1 lit. f GDPR, and for contacting you by e-mail it is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be stored as long as your access to the tea catalogue is not revoked. In the event that we refuse or withdraw your registration for access to the tea catalogue, your data will be deleted immediately.

Automated decision making

We refrain from any automated decision-making.

Transfer of personal data to non-EU countries, server location

We do not transfer any personal data to non-European countries within the scope of our website. The web servers we use are located in Germany.

Obligation to provide data

You are under no legal or contractual obligation to provide us with personal data when using our web-site. However, our pages cannot be accessed without providing your IP address. You will only receive login credentials if you provide us with the above-mentioned (see "User account") personal data.

Your rights

If you wish to exercise any of your rights, please contact us as the controller at the contact details provided above or use one of the other methods we offer to send us this notice.

Right of access

According to Art. 15 GDPR, you have the right to request confirmation from us whether personal data concerning you is being processed by us. If this is the case, you have a right to information about this personal data and to further information mentioned in Art. 15 GDPR.

Right to rectification

According to Art. 16 GDPR, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

Right to erasure

You have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay, provided that the relevant requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.

Right to restriction of processing 

In accordance with Art. 18 GDPR, you have the right under certain conditions to demand that we re-strict the processing of your personal data.

Right to data portability

According to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machinereadable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or on a contract pursuant to Art. 6 Par. 1 lit. b GDPR or the processing is carried out with the help of automated processes.

Right to revoke consent

According to Art. 7 GDPR, you have the right to revoke your consent at any time and without giving reasons. Please note that a revocation applies exclusively to the future and does not affect the lawfulness of processings carried out in the past.

Right to object

If we name our legitimate interest according to Art. 6 Par. 1 lit. f GDPR as the legal basis, you have the following right of objection according to Art. 21 GDPR.

According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you that is based on Article 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 of the GDPR, without prejudice to any other administrative or judicial remedy. This right exists in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.

Subject to change

We reserve the right to change the security and data protection measures at any time. Please therefore note the current version of this data protection notice.