The world of tea under one roof

Privacy Policy

Protecting your personal information during its collection, processing, and use when you visit our homepage is an important concern for us. In the following, we would like to inform you that – and  how – we query, electronically store, and process your personal information.

Entity responsible for processing

The legal entity responsible for processing your data/information is  Hälssen & Lyon GmbH Pickhuben 9 20457 Hamburg Germany represented by the Managing Directors Andrew Bergmann and Dietmar Scheffler, who can be reached at +49 40-36 14 3-0 or

Data Protection Officer

Mauß Datenschutz GmbH ensures professional data protection for our company. You can contact our external Data Protection Officer at Tel: +49 40 999 99 52 – 0 Mailing address: Mauß Datenschutz GmbH Datenschutz Hälssen & Lyon Neuer Wall 10 20354 Hamburg

Personal data

Personal data is information about your person. This includes your name, address, telephone number and email address, but also data such as your location, IP address or bank details. You do not have to disclose personal information to use our website. However, in certain cases, we need your name and address as well as other information so that we can provide the requested information or services.

Encrypted transmission

The information that we collect on our homepage is only passed on to us in encrypted form. The same goes for the delivery of our web pages. This applies even if you access our website without encryption; the response from our web server is already encrypted. 

When do we process personal information?

We process personal information that you actively submit to us when you enter it. We also automatically process personal information resulting from the use of our website. So your personal information may be processed in the following cases in particular:

  • When you visit our website;
  • When you contact us;
  • In analyses of why visitors come to our website, who they are, and how they use it;
  • When external tools are used (e.g. web fonts);
  • To repel attacks on technical infrastructure

For details, please refer to the following explanations.

Visiting our website

When you access our website, the company we have commissioned to operate the website processes and stores technical information about the device you are using (operating system, screen resolution and other, non-personal characteristics) as well as the browser (version, language settings), and in particular the public IP address of the computer you are using to visit our website, including the date and time of access. The IP address is a unique numerical address under which your end device sends or retrieves data online. Usually, we/our service provider do not know who is behind an IP address, unless you provide us with information that enables us to identify you while you are using our website.

Our service provider uses the processed data in a non-personalised manner, for statistical purposes, so that we can trace which end devices and settings were used for visiting our website in order to optimise them for this purpose if necessary. These statistics contain no personal information. The legal basis for compiling the statistics is Art. 6 para. 1 (f) GDPR.

The IP address is also used so that you can technically access and use our website, and to detect and repel attacks against our service provider or website. Such attacks would impair the proper functioning of the data centre of the company commissioned by us, the use of our website or its functionality as well as the security of visitors to our website. The IP address, including the time of access, is processed to defend against such attacks. By processing this data through our service provider, we are pursuing the legitimate interest of ensuring the functionality of our website and fending off illegal attacks against us and against visitors to our website. The legal basis for this processing is Art. 6 para. 1 (f) GDPR.

The stored IP data is deleted by anonymisation when it is no longer needed for detecting or repelling an attack.

Contact enquiries

When you send us a message using one of the contact options offered, we will use the information you provide to process your enquiry. The legal basis for this is our legitimate interest in responding to your enquiry in accordance with Art. 6 Para. 1 (f) GDPR. If your enquiry serves to conclude a contract with us to which you as a person are a contracting party, a further legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The data is deleted after your enquiry has been dealt with. If we are legally obliged to store the data for a longer period of time, the data will be deleted after expiry of that period of time.

Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface, and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to analyse user access to our website.

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimising our services in accordance with Art. 6 para. 1 (f) GDPR. We have no influence over the actual storage period of the processed data; this is determined by Google Ireland Limited. You will find further information in the Google Tag Manager Use Policy:

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (‘Google’).

The Google Analytics service is used to analyse usage behaviour on our website. The legal basis is Art. 6 para. 1 (f) GDPR. Our legitimate interest lies in the analysis, optimisation and commercial operation of our website.

Usage- and user-related information, such as IP address, place, time, and frequency of visits to our website, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the anonymisation function, which means that Google already shortens the IP address in the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an analysis of your visit to our website and usage activities there. This data can also be used to provide other services related to the use of our website and the internet.

Google states that it will not link your IP address with other data. Google also provides further information on data protection law at, for example on the options for preventing the use of your information.

In addition, at Google also provides a deactivation add-on, along with further information about it. 

This add-on can be installed with all common internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the Google Analytics JavaScript (ga.js) that information about your visit to our website should not be passed on to Google Analytics. However, this does not prevent information from being passed on to us or to other web analysis services. Whether we use  other web analysis services, and which ones, is of course also explained in this privacy statement.


Cookies are small text files which are sent by us to your end device’s browser and are stored there during your visit to our website. As an alternative to the use of cookies, information can also be stored in your browser’s local storage. Some of our website’s functions cannot be provided without the use of cookies or local storage (technically necessary cookies). Other cookies, meanwhile, allow us to carry out various analyses, so that we are able, e.g., to recognise the browser you are using when you re-visit our website and to send various information to us (non-essential cookies). Among other things, using cookies enables us to make our website more user-friendly and effective for you, for example by tracking your use of it and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs and cannot contain viruses.

Most of the browsers used by our users allow you to set which cookies should be stored and enable you to delete certain cookies.  If you restrict the storage of cookies to certain websites or do not allow cookies from third-party websites, this may under certain circumstances mean that you can no longer use our website to its full extent. For information on how to adjust the cookie settings for some common browsers, please go to the following links: 

  • Google Chrome (
  • Internet Explorer (
  • Firefox (
  • Safari ( 

Transmission of personal information to non-EU countries, server location

With the exception of the above-mentioned transmissions to Google in connection with the use of Google Maps and Google Analytics, we do not forward any personal information to non-European countries. The web servers we use are all located in the EU.

Social media

We do not use any social media plug-ins or widgets on our website. Accordingly, we do not pass on any personal information to these providers.

Amendment of the privacy policy

We reserve the right to amend our security and data protection measures at any time, especially if this becomes necessary due to technological developments. In such cases, we will also amend our privacy policy accordingly, if necessary. Therefore, please always refer to the latest version of this privacy policy.

Your rights

If you wish to exercise any of your rights, please contact us as the responsible entity using, the contact details above, or use one of the other methods we provide for sending us this message. 

Right to information

In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether any personal information concerning you is being processed by us. If this is the case, you have the right to obtain this personal information and receive further information as mentioned in Art. 15 GDPR.

Right of rectification

In accordance with Art. 16 GDPR, you have the right to ask us to promptly correct any incorrect personal information concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal information, including by means of a supplementary declaration.

Right to erasure

You have the right to request that we immediately erase personal information concerning you. We are obliged to erase personal information immediately, provided that the relevant requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR. 

Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right, under certain conditions, to request us to restrict the processing of your personal information.

Right to data portability

In accordance with Art. 20 GDPR, you have the right to obtain the personal information concerning you which you have supplied to us in a structured, common and machine-readable format and you have the right to transmit such information to another responsible entity without hindrance from us, provided that the processing is based on consent pursuant to Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR or a contract pursuant to Art. 6, para. 1 (b) GDPR and that the processing is carried out using automated means.

Right to objection

In accordance with Art. 21 GDPR, you have the right to object to the processing of personal information concerning you that is based on Art. 6(1) e or (f) GDPR, including profiling based on these provisions.

If we process your personal information for direct marketing purposes, you have the right to object at any time to the processing of your personal information for the purpose of such marketing, including profiling, to the extent that it relates to such direct marketing.

Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, in particular in the Member State you are resident in, your place of work, or the place where the alleged infringement took place, if you are of the opinion that the processing of personal data concerning you infringes on the GDPR.