This privacy information applies to data processing by
Personal data is information that relates to an identified or identifiable person. This includes, above all, information that allows conclusions to be drawn about your identity, for example your name, telephone number, address or e-mail address. Statistical data which we collect which cannot be linked to your person, for example when you visit our website, does not fall under the concept of personal data.
When you visit our website, we collect data that your browser or terminal device automatically transmits to us. This includes various standard technical data (so-called log files) which is transmitted to our server:
- date and time of the request,
- address of the website searched as well as the requesting website,
- IP address of the requesting terminal device,
- details of the browser used and the operating system of the terminal device.
Data processing is necessary to enable you to visit our website and to ensure the permanent functionality and security of our systems. For this purpose, the above-mentioned data is temporarily stored in internal log files in order to compile statistical data on the use of our website, to develop it further with regard to the usage habits of our visitors and to maintain our website in general for administrative purposes. The legal basis is Art. 6 para. 1 p. 1 lit. b and f DSGVO. The information stored in the log files does not allow any direct conclusion about your person. In particular, we only store IP addresses in abbreviated form. The log files are stored for 30 days and archived after subsequent anonymisation.
If you order something on our website, we collect the following information for the contract processing:
- First and last name
address - Billing and shipping
address - Payment details (e.g. credit card or PayPal)
- Telephone number
Optional additional information (e.g., individual message regarding the order, inquiry for a specific product) is possible. The legal basis for this is the contract which you conclude with us by placing an order, Art. 6 para. 1 sentence 1 lit. b DSGVO.
There are several waya to get in contact with us, using our contact form or our e-mail address. If you contact us, we will record your contact data. Depending on the contact channel, your contact information may include your name, postal addresses, telephone numbers, email addresses, reason for contacting us, your individual message and details of your social networking profiles (for example, we receive your Facebook ID when you contact us through Facebook), as well as user names and similar contact details. You can also opt to provide the order number.
The legal basis is Art. 6 para. 1 sentence 1 lit. b DSGVO, insofar as the information is required to answer your enquiry or to initiate or implement a contract. On the other hand, Art. 6 para. 1 sentence 1 lit. f DSGVO is the legal basis insofar as the data is processed for advertising purposes.
If you are not a customer of ours, the aforementioned data will be deleted upon request within one year. If you are registered with us as a customer, this data is stored for the duration of your existing customer account. After cancellation of the customer account, only data for which a statutory retention period exists will continue to be stored.
You can subscribe to our marketing communications by email. For this purpose we collect the following data:
- E-mail address
- Domain used (website)
- Opt-in status
Cookies are small text files which are stored by your web browser and which store certain settings and data for exchange with our web server. There are basically two different types of cookies: so-called session cookies, which are deleted as soon as you close your browser and temporary/permanent cookies, which are stored for a longer period of time. This storage helps us to tailor our websites and services according to your interests and makes it easier for you to use them, for example by storing certain entries made by you in such a way that you do not have to constantly reenter them.
These services are based on our legitimate interest in enabling you to use our website more conveniently and individually. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO.
We process your data for the fulfilment of our contract and for the provision of our services, which include:
- the provision, personalization and needs-based design of our online service and online shop;
- the execution of sales contracts and customer service, including shipping and payment processing, as well as the handling of returns, complaints and warranty claims.
We offer payment by credit card and PayPal. We reserve the right not to offer individual payment methods or to offer them only for certain orders. Therefore we work together with different payment service providers:
- for payment by credit card: STRIPE
- for payment by PayPal: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
All information that you provide to the aforementioned service providers in the course of payment processing will not be passed on to us by them. We only receive the information that the payment has been made.
We use your data to communicate with you about specific products or marketing campaigns and to recommend products or services that may interest you. In particular for the following purposes:
- implementation of direct advertising, e.g. via our marketing communication
- analysis of how our services are used
You have the option to subscribe to our marketing communication by e-mail, in which we regularly inform you, for example, about updates to our products and offers.
We use the so-called double opt-in procedure for ordering our marketing communications, i.e. we will only send you emails after you have given consent to receiving the marketing communication and confirmed receipt of this marketing communication in a second e-mail. If you confirm your wish to receive the marketing communication, we will store the following data: Customer ID, timestamp, campaign ID, link ID and landing page information until you unsubscribe from our marketing communications. The sole purpose of this storage is to send you marketing communications and to verify your registration. You can unsubscribe from marketing communications at any time. An unsubscribe link is included in every email communication. A message to the contact data given above or by email (e.g. by email or post) is of course also sufficient for this. The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.
We use commercially available technologies in our emails to measure interactions with the emails (e.g. opening of emails, links clicked on). We use this data in pseudonymised form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This is done by means of small graphics embedded in the messages (so-called pixels). The data is collected exclusively in pseudonymised form, so the IDs are not linked to your other personal data. A direct personal reference is excluded. The legal basis for this is our legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. If you do not wish to allow analysis of email usage, you can unsubscribe from the emails. Through our marketing communication, we want to share content that is relevant to our customers and better understand what readers are actually interested in. The data on the interaction with our marketing communication is stored pseudonymously for up to 2 years and then completely anonymised.
The automatically generated information you provide (in particular your e-mail address, the website you last visited, all data from previous orders, status of your consent to our marketing communication, reaction behaviour in published campaigns) is used to make advertising tailored to you and your interests more useful and interesting for you (interest-based advertising). We use this information exclusively in pseudonymised form. In some cases, we also transfer the data to third parties (e.g. to social networks). By analysing and evaluating this information, we are able to improve our website and online services, and to present you with individual advertising on our website. This means advertising that recommends products that might actually interest you. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO. We have a legitimate interest in offering you personalized advertising.
In order to improve our website, we use various technologies to analyse user behaviour and evaluate the associated data. The data collected may include, in particular, the IP address of the terminal device, the date and time of access, the identification number of a cookie, the device identification of mobile terminals and technical information about the browser and operating system. However, the data collected is stored exclusively under a pseudonym, so that no direct conclusions can be drawn about the persons involved. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. In this way we want to enable you to use our website conveniently and individually.
In the following section we would like to explain the technologies and the providers used for the analysis and advertising measures on our website in more detail.
Our website uses for marketing purposes so-called remarketing tags (also called "Facebook pixels") of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). We use these remarketing tags without the so-called extended matching. When you visit our website, the remarketing tags establish a connection between your browser and a Facebook server. Facebook thereby receives the information that our website was called up with your IP address. In the event that personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield. Facebook uses this information on one hand to provide us with statistical and anonymous data on the general use of our website and the effectiveness of our Facebook advertising ("Facebook Ads"). If you are a member of Facebook and have allowed Facebook to do so through your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook Ads. You can view and change the privacy settings of your Facebook profile at any time. If you deactivate data processing by Facebook, Facebook will only display general Facebook Ads that are not selected on the basis of the information collected about you. See Facebook's data policy.
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from dangers during data transfers and from third parties gaining knowledge of them. These measures are updated to the current state of the art technology. To secure the personal data you provide, we use Transport Layer Security (TLS), which encrypts the information you enter.
As a matter of principle, we process your data in Austria, in the EU or within the European Economic Area ("EEA"). In some cases, your data is processed on servers located outside the EU, in particular in the USA. In order to ensure the continued protection of your data in this case, we make sure that sufficient guarantees are available. Therefore, the providers we use either participate in the EU-US Privacy Shield or we have established contracts (EU standard contract clauses) with these providers.
As a matter of principle, we only store personal data for as long as necessary to fulfill contractual or legal obligations for which we have collected the data. Afterwards, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for evidence purposes, for civil law claims or because of statutory storage obligations. For evidence purposes, we must retain contractual data for a further three years from the end of the year in which the business relationship ends. Any claims shall become statute-barred after the statutory standard period of limitation at this point in time at the earliest. Even after this period, we still have to store your data in part for accounting reasons. We are obliged to do so because of statutory documentation obligations which may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the Money Laundering Act and the Securities Trading Act. The periods stipulated there for the retention of documents range from two to ten years.
In principle, we store your data from your existing customer account as long as the business relationship with us exists. Should you have requested the deletion or cancellation of your customer account, we will delete it. Data which we still need until the expiry of the statutory period of limitation for the purpose of providing evidence for civil law claims or because of statutory storage obligations will be deleted after the expiry of these periods.
In accordance with the Data Protection Basic Regulation and the Data Protection Act, you, as a data subject of our data processing, are entitled to the following rights and remedies:
As a data subject of the above and other data processing operations, you have the right to obtain information as to whether and, if so, which personal data concerning you are being processed. For your own protection - so that no unauthorised person can obtain information about your data - we will check your identity in a suitable form before providing information.
You have the right to request without delay the rectification of incorrect personal data or - taking into account the purposes of the data processing - the completion of incomplete personal data and the deletion of your data, provided that the criteria of Art. 17 EU-DSGVO are met.
You have the right to restrict the processing of all personal data collected, subject to legal requirements; these data will only be processed with your individual consent or for the assertion and enforcement of legal claims.
You may request the unimpeded and unrestricted transfer of personal data that you have provided to you or to a third party.
You may at any time, for reasons arising from your particular situation, object to the processing of personal data concerning you which is necessary to protect our legitimate interests or those of a third party. Your data will no longer be processed after opposition, unless there are compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. You may object to data processing for the purpose of direct marketing at any time.
If you have separately given your consent to the processing of your data, you can revoke this consent at any time. Such a revocation influences the permissibility of processing of your personal data after you have given it to us. If you take a measure to enforce your above-mentioned rights under the DSGVO, we must comment on the requested measure or comply with the request without delay, but at the latest within one month of receipt of your request.
We will respond to all reasonable requests within the legal framework free of charge and as soon as possible. You have the right to information, correction, blocking and deletion of your stored data at any time, without cost. You can contact us regarding this matter via e-mail at firstname.lastname@example.org or by post to the company location stated in the imprint. This right is limited only insofar as we can suspend the deletion to protect our claims. The data protection authority is responsible for requests concerning violation of the right to information, violation of the rights to confidentiality, correction or deletion. Their contact details are as follows: Austrian Data Protection Agency, Wickenburggasse 8, 1080 Vienna.