Privacy Policy

1. Information on the collection of personal data and contact details of the controller

• Thank you for visiting our website and for your interest in our products and services.
• For security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or requests to the controller), this website uses an SSL or/or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.

2. Data collection when visiting our website

When you use our website only in an informative way, i.e. if you do not register or otherwise provide us with information, only such data that your browser transmits to our server (so-called “server log files” will be collected. When you visit the site, the following data is collected:

• Our website visited
• Date and time at the time of access
  Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (possibly: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on the legitimate interest in improving the stability and functionality of the website. The data will not be passed on or otherwise used.

3. Cookies

In order to make the visit to the website attractive and to enable the use of certain functions, so-called cookies are used on some pages. These are small text files that are stored on your device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device. This will allow you to see a new visit on your part. When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. In some cases, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as individual cookies used by us also process personal data, the processing will be carried out in accordance with Art. 6(1)(b) GDPR for the performance of a contract or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the optimal functionality and user-friendly design of the website

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers under the following links:

Edge: https://support.microsoft.com/de-at/help/4027947/microsoft-edge-delete-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if cookies are not accepted, the functionality of our website may be limited.

4. Contact with form

Personal data is collected as part of the contact with us (e.g. via contact form or e-mail). The data collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing isArt. 6(1)(b) GDPR. Your data will be deleted after your request is processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and that there are no statutory retention obligations.

5. Data Processing When Opening a Customer Account and for Contract Fulfilment

In accordance with Art. 6(1)(b) GDPR, we collect and process personal data that you provide when opening a customer account or for the purpose of fulfilling a contract.

The data collected can be seen from the respective input forms. The processing of this data is necessary to create and manage your customer account and to process and fulfil your orders.

You may request the deletion of your customer account at any time by contacting us. Following the deletion of your customer account or the completion of a contract, your data will be restricted with regard to statutory retention obligations under tax and commercial law and deleted after the applicable retention periods have expired, unless you have expressly consented to further use of your data or we are legally permitted to continue processing such data.

The legal basis for the processing of this data is Art. 6(1)(b) GDPR.

6. Data processing for order processing

• To process your order, I work with the following service providers, who support me in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
• The collected personal data will be passed on to the transport company commissioned with the delivery in the course of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing process, if this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.
• Disclosure of personal data to shipping service providers
• Austrian Post & DHL-Express: If the goods are delivered by the transport service provider Österreichische Post (Austrian Post Corporation, Rochusplatz 1, 1030 Vienna, Austria) or DHL Express, I will provide your e-mail address and Phone number to an international shipment outside the EU prior to delivery of the goods in accordance with Article Art. 6(1)(a) GDPR
  for the purpose of coordinating a delivery date or announcing the delivery to Austrian Post / DHL-Express.. Otherwise, for the purpose of service, I shall give in accordance with Art. 6(1)(b) GDPR
  only passes on the name of the recipient and the delivery address to Austrian Post. The transfer will only take place if this is necessary for the delivery of goods. In this case, it is not possible to coordinate the delivery date with The Austrian Post / DHL-Express in advance or to transmit status information of the shipment delivery. Consent may be revoked at any time with effect for the future against the controller designated above or against the transport service provider Austrian Post.

Use of payment service providers (payment services)

• Paypal
  In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer will take place in accordance with Art. 6(1)(b) GDPR and only to the extent that this is necessary for payment processing.
  PayPal reserves the right to provide credit card information via PayPal, direct debit via PayPal or , if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your solvency. The result of the credit check in relation to the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based in a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values, but not exclusively. Further data protection information, including the information agencies used, can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
  You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
• Stripe
  If you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we provide your information provided during the ordering process, together with information relating to your order and the selected payment method, insofar as this is necessary for payment processing in accordance with Art. 6(1)(b) GDPR.
  The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. For more information about Stripe’s privacy, see the URL https://stripe.com/de/privacy#translation.

7. Web analysis services

Google Analytics

Subject to your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze how visitors use the website. The information collected may include:

• IP address (in shortened or anonymized form)
• Information about the device and browser used
• Pages visited and interactions on the website
• Referral source
• Date and time of the visit

Processing takes place solely on the basis of your consent pursuant to Article 6(1)(a) GDPR.

The information generated by Google Analytics may be transferred to and processed on servers operated by Google. This may involve the transfer of personal data to the United States.

Google is certified under the EU-U.S. Data Privacy Framework and applies appropriate safeguards where required under Article 46 GDPR.

You may withdraw your consent at any time with future effect through the cookie settings available on this website.

Further information can be found in Google’s Privacy Policy:
https://policies.google.com/privacy

10. Rights of the subject

The applicable data protection law grants you comprehensive data subjects’ rights (information and intervention rights) with regard to the processing of your personal data, about which I inform you below:

• Right of access pursuant to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or become disclosed, the planned storage period or the criteria for determining the retention period, the existence of a right to rectification, deletion, restriction of processing of the data. , opposition to the processing, complaint to a supervisory authority, the origin of your data, if not collected by us from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and impact of such processing, and your right to be informed of the guarantees provided for in Article 46 GDPR when your data is transferred to third countries;
• Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of any inaccurate data concerning you and/or completion of your incomplete data stored by us;
• Right to erasure in accordance with Article 17 GDPR: You have the right to delete your personal data if the conditions of Article 17(1) are met. 1 GDPR. However, this right does not exist, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• Right to restrict processing in accordance with Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to improper data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims , since we no longer need this information after the purpose has been achieved, or if you have objected on the grounds of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
• Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. They have the right to be informed of these recipients.
• Right to data portability in accordance with Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible;
• Right to revoke consents given in accordance with Art. 3 GDPR: You have the right to revoke once consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for non-consent processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
• Right to appeal under Article 77 GDPR: If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

11. Right to object

12. Duration of the storage of personal data

• The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and, if relevant, additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).
• When processing personal data on the basis of express consent in accordance with Article 6 sec. 1 lit. a GDPR, this data is stored until the data subject withdraws his consent.
• There are legal retention periods for data that is set out in the context of legal or legal business-like obligations on the basis of Article 6 paragraph. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest in further storage on our part.
• When processing personal data on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 1 GDPR, unless we can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
• When processing personal data for the purpose of direct marketing on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 2 GDPR.
• Moreover, unless otherwise provided in this declaration about specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.