GopeTech is responsible for data processing in connection with the store functions of Farm Fresh.
Privacy inquiries, access requests, and other communications regarding personal data may be sent to
privacy@farm-fresh.de.
A postal address is currently not provided on this page. This version therefore serves as a provisional technical privacy policy and not as a final fully drafted legal document.
Personal data is processed only to the extent necessary to provide the platform, manage user accounts, display store listings, enable favorites features, and maintain the technical security and stability of the service.
The specific scope of processing depends on whether the platform is visited only for information purposes, whether browser functions such as geolocation are enabled, or whether a user account is created and used.
When the website is accessed, technical connection data may be processed to the extent necessary for delivering the page, analyzing errors, detecting misuse, and operating the service securely. This may include in particular the IP address, date and time of access, requested resources, status codes, browser and device information, and, where applicable, referrer data.
Processing is carried out for the technically necessary provision of the website and on the basis of legitimate interests in operational security, stability, and prevention of misuse.
The platform is currently hosted by Hetzner in Germany.
The platform uses technically necessary mechanisms, in particular Django session and security functions. These may include authentication, session, and CSRF-related cookies or comparable technical storage mechanisms.
These functions are required to enable logins, process forms securely, assign requests to a user account, and protect the platform against abusive requests.
At present, no analytics, marketing, or advertising cookies are used.
When registering and using an account, the platform processes in particular first name, last name, email address, password, selected user type, and optionally a profile picture.
This data is used to create accounts, enable logins, manage profiles, assign permissions, and provide the platform on a user-specific basis.
Processing is carried out for the performance of the user relationship and additionally on the basis of legitimate interests in the security and administrability of the platform.
Users may voluntarily provide additional information, in particular a profile picture. Sellers may also decide whether an existing profile picture should be displayed in connection with their store.
If a seller activates this visibility, the relevant profile picture may be shown to other users together with publicly visible store information.
Users remain responsible for content that they voluntarily upload or release for publication.
Sellers may enter and manage data relating to their stores. This includes in particular the store name, exact location coordinates, opening hours, payment method, store images, and product data including product images and descriptions.
This data is processed in order to publish listings on the platform, display them in map and detail views, and make them discoverable for other users.
Information entered for the publication of a store is by its nature intended to be displayed to other users.
Logged-in users can save stores as favorites. In particular, the link between the user account and the selected store is processed for this purpose.
This processing serves exclusively to provide the personal favorites overview and make saved stores accessible again.
When a search is performed or a store listing is viewed, an anonymous record is created. This record contains the search term or the store accessed, a timestamp, and an approximate area. No user account or any identifying information is ever attached to these records, there is no way to trace any record back to an individual person. No third-party analytics tools are involved.
Exact coordinates are processed for store listings where sellers provide or update them. These coordinates are stored server-side and used for map, search, and detail functions.
In addition, the platform may request the browser's voluntary geolocation function on supported pages. Such location sharing takes place exclusively through the relevant device or browser permission and can be denied or withdrawn there.
Based on the currently apparent technical implementation, the browser-provided position is used for convenience functions such as map centering, radius search, and location-based display. Continuous background tracking is not described.
The platform currently integrates only those external services that are technically used for hosting, map functions, or delivery of frontend libraries. These include in particular Hetzner, unpkg, Leaflet, OpenStreetMap, CARTO, Esri, and BigDataCloud.
Where map tiles, libraries, or geocoding requests are loaded directly in the browser, users' technical connection data may be transmitted to the respective providers. This concerns in particular the use of map views, reverse geocoding functions, and externally delivered libraries.
In some places, the platform may also link to external destination pages such as Google Maps when users call up a route function. In that case, further data processing only takes place after switching to the external page of the respective provider.
Personal data is generally stored only for as long as necessary for the respective purpose or as long as statutory retention obligations require longer storage.
Account data and profile data are generally stored for as long as the user account exists. Store data and published content are generally retained for as long as the relevant listing or the associated account exists, or until removal takes place.
Favorites are generally stored until they are removed by the user or the associated account is deleted. In addition, individual data may be retained temporarily in backups or for legal reasons where necessary.
Under the current product design, users can delete their account via the profile area.
When an account is deleted, the user account together with associated content is generally removed. Technical cleanup of individual files or backup copies may take place with a delay where required for system reasons.
Where personal data is processed for the provision of accounts, profiles, stores, and favorites, this is generally done for the performance of the user relationship or the implementation of pre-contractual measures.
Where data is processed for technical provision, security, prevention of misuse, or stable operation of the platform, this is done on the basis of legitimate interests.
Where browser-based location sharing or comparable device permissions are used, this is done on the basis of the respective consent or voluntary release by the user. Statutory obligations remain unaffected where individual processing operations should exceptionally be required due to mandatory legal requirements.
Within the scope of the statutory requirements, data subjects may request access to the personal data processed, rectification of inaccurate data, erasure, restriction of processing, data portability, and objection to certain processing operations.
Where processing is based on consent, any consent granted may be withdrawn with effect for the future. There is also a right to lodge a complaint with a competent data protection supervisory authority.
This Privacy Policy may be amended with effect for the future if legal requirements, technical processes, or product functions change.
The current version is always available
here. Version date of this text: March 11, 2026.
The only legally applicable version of this Privacy Policy is in English. Other languages are provided for convenience only and have been translated automatically using artificial intelligence. Any deviation is not legally binding.