1. Information on the collection of personal data and contact details of the controller
- I am pleased that you are visiting the website and thank you for your interest
- For security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or requests to the controller), this website uses an SSL or/or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.
2. Data collection when visiting our website
When you use our website only in an informative way, i.e. if you do not register or otherwise provide us with information, only such data that your browser transmits to our server (so-called “server log files” will be collected. When you visit the site, the following data is collected:
- Our website visited
- Date and time at the time of access
Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (possibly: in anonymized form)
The processing is carried out in accordance with Art. 1 lit. f GDPR based on the legitimate interest in improving the stability and functionality of the website. The data will not be passed on or otherwise used.
In order to make the visit to the website attractive and to enable the use of certain functions, so-called cookies are used on some pages. These are small text files that are stored on your device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device. This will allow you to see a new visit on your part. When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. In some cases, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as individual cookies used by us also process personal data, the processing will be carried out in accordance with Art. 1 lit. b GDPR either for the implementation of the contract or in accordance with Article 6(3) 1 lit. f GDPR to safeguard my legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers under the following links:
Please note that if cookies are not accepted, the functionality of our website may be limited.
4. Contact with form
Personal data is collected as part of the contact with us (e.g. via contact form or e-mail). The data collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 sec. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 1 lit. b GDPR. Your data will be deleted after your request is processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and that there are no statutory retention obligations.
5. Data processing at opening of a customer account and for contract ingenuis
In accordance with Art. 1 lit. b GDPR will continue to collect and process personal data if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to me. Your data for contract processing will be stored. After the complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and will be deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we inform you below.
6. Data processing for order processing
- To process your order, I work with the following service providers, who support me in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
- The collected personal data will be passed on to the transport company commissioned with the delivery in the course of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing process, if this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 1 lit. b GDPR.
- Disclosure of personal data to shipping service providers
- Austrian Post
If the goods are delivered by the transport service provider Österreichische Post (Austrian Post Corporation, Rochusplatz 1, 1030 Vienna, Austria), I will provide your e-mail address to an international shipment outside the EU prior to delivery of the goods in accordance with Article 6(0). 1 lit. a GDPR for the purpose of coordinating a delivery date or announcing the delivery to Austrian Post. Otherwise, for the purpose of service, I shall give in accordance with Article 6(p). 1 lit. b GDPR only passes on the name of the recipient and the delivery address to Austrian Post. The transfer will only take place if this is necessary for the delivery of goods. In this case, it is not possible to coordinate the delivery date with The Austrian Post in advance or to transmit status information of the shipment delivery. Consent may be revoked at any time with effect for the future against the controller designated above or against the transport service provider Austrian Post.
Use of payment service providers (payment services)
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer will take place in accordance with Art. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to provide credit card information via PayPal, direct debit via PayPal or , if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your solvency. The result of the credit check in relation to the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based in a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values, but not exclusively. Further data protection information, including the information agencies used, can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
If you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we provide your information provided during the ordering process, together with the information about your order (name, address, account number, bank code, possible credit card number, invoice amount, currency and transaction number) in accordance with Art. b GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. For more information about Stripe’s privacy, see the URL https://stripe.com/de/privacy#translation.
7. Web analysis services
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, comcompile reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de
Further information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
8. Rights of the subject
The applicable data protection law grants you comprehensive data subjects’ rights (information and intervention rights) with regard to the processing of your personal data, about which I inform you below:
- Right of access pursuant to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or become disclosed, the planned storage period or the criteria for determining the retention period, the existence of a right to rectification, deletion, restriction of processing of the data. , opposition to the processing, complaint to a supervisory authority, the origin of your data, if not collected by us from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and impact of such processing, and your right to be informed of the guarantees provided for in Article 46 GDPR when your data is transferred to third countries;
- Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of any inaccurate data concerning you and/or completion of your incomplete data stored by us;
- Right to erasure in accordance with Article 17 GDPR: You have the right to delete your personal data if the conditions of Article 17(1) are met. 1 GDPR. However, this right does not exist, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restrict processing in accordance with Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to improper data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims , since we no longer need this information after the purpose has been achieved, or if you have objected on the grounds of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. They have the right to be informed of these recipients.
- Right to data portability in accordance with Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible;
- Right to revoke consents given in accordance with Art. 3 GDPR: You have the right to revoke once consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for non-consent processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
- Right to appeal under Article 77 GDPR: If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
9. Right to object
- You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We no longer process the personal data.
10. Duration of the storage of personal data
- The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and, if relevant, additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).
- When processing personal data on the basis of express consent in accordance with Article 6 sec. 1 lit. a GDPR, this data is stored until the data subject withdraws his consent.
- There are legal retention periods for data that is set out in the context of legal or legal business-like obligations on the basis of Article 6 paragraph. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest in further storage on our part.
- When processing personal data on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 1 GDPR, unless we can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
- When processing personal data for the purpose of direct marketing on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 2 GDPR.
- Moreover, unless otherwise provided in this declaration about specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.
13. WordPress Supplements