1. Information on the collection of personal data and contact details of the controller
- I am pleased that you are visiting the website and thank you for your interest
- For security reasons and to protect the transfer of personal data and other confidential content (e.g. orders or requests to the controller), this website uses an SSL or/or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.
2. Data collection when visiting our website
When you use our website only in an informative way, i.e. if you do not register or otherwise provide us with information, only such data that your browser transmits to our server (so-called “server log files” will be collected. When you visit the site, the following data is collected:
- Our website visited
- Date and time at the time of access
Amount of data sent in bytes - Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (possibly: in anonymized form)
The processing is carried out in accordance with Art. 1 lit. f GDPR based on the legitimate interest in improving the stability and functionality of the website. The data will not be passed on or otherwise used.
3. Cookies
In order to make the visit to the website attractive and to enable the use of certain functions, so-called cookies are used on some pages. These are small text files that are stored on your device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device. This will allow you to see a new visit on your part. When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. In some cases, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as individual cookies used by us also process personal data, the processing will be carried out in accordance with Art. 1 lit. b GDPR either for the implementation of the contract or in accordance with Article 6(3) 1 lit. f GDPR to safeguard my legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers under the following links:
Edge: https://support.microsoft.com/de-at/help/4027947/microsoft-edge-delete-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if cookies are not accepted, the functionality of our website may be limited.
4. Contact with form
Personal data is collected as part of the contact with us (e.g. via contact form or e-mail). The data collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 sec. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 1 lit. b GDPR. Your data will be deleted after your request is processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and that there are no statutory retention obligations.
5. Data processing at opening of a customer account and for contract ingenuis
In accordance with Art. 1 lit. b GDPR will continue to collect and process personal data if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to me. Your data for contract processing will be stored. After the complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and will be deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we inform you below.
6. Data processing for order processing
- To process your order, I work with the following service providers, who support me in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
- The collected personal data will be passed on to the transport company commissioned with the delivery in the course of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing process, if this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 1 lit. b GDPR.
- Disclosure of personal data to shipping service providers
- Austrian Post & DHL-Express: If the goods are delivered by the transport service provider Österreichische Post (Austrian Post Corporation, Rochusplatz 1, 1030 Vienna, Austria) or DHL Express, I will provide your e-mail address and Phone number to an international shipment outside the EU prior to delivery of the goods in accordance with Article 6(0). 1 lit. a GDPR for the purpose of coordinating a delivery date or announcing the delivery to Austrian Post / DHL-Express.. Otherwise, for the purpose of service, I shall give in accordance with Article 6(p). 1 lit. b GDPR only passes on the name of the recipient and the delivery address to Austrian Post. The transfer will only take place if this is necessary for the delivery of goods. In this case, it is not possible to coordinate the delivery date with The Austrian Post / DHL-Express in advance or to transmit status information of the shipment delivery. Consent may be revoked at any time with effect for the future against the controller designated above or against the transport service provider Austrian Post.
Use of payment service providers (payment services)
- Paypal
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer will take place in accordance with Art. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to provide credit card information via PayPal, direct debit via PayPal or , if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your solvency. The result of the credit check in relation to the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based in a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values, but not exclusively. Further data protection information, including the information agencies used, can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing. - Stripe
If you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we provide your information provided during the ordering process, together with the information about your order (name, address, account number, bank code, possible credit card number, invoice amount, currency and transaction number) in accordance with Art. b GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. For more information about Stripe’s privacy, see the URL https://stripe.com/de/privacy#translation.
7. Web analysis services
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, comcompile reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de
Use of cookies: Cookies are data sets that are sent by the web server to the user’s web browser and stored there for later retrieval. You decide for yourself whether cookies can be collected by setting your browser in such a way that you are informed before a cookie is stored and that storage takes place only if you expressly accept it. We use cookies only for the purpose of obtaining information about the use of our website and for statistical purposes. These records do not contain any personal information. Any personal data you provide will not be merged.
Further information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
Google Fonts
I use “Google Fonts” on my site, i.e. fonts that are loaded via the content delivery network of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Only data that is required to retrieve the font used is transmitted to specific domains such as fonts.googleapis.com or fonts.gstatic.com. Google does not combine this data with other data. More info: https://developers.google.com/fonts/faq. Google’s general data protection declaration applies: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
YouTube
I use the YouTube service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on my website. Processing also takes place in a third country for which there is no adequacy decision by the Commission. Therefore, the level of protection customary for the GDPR cannot be guaranteed during transmission, since it cannot be ruled out that authorities in third countries, for example, can access the data collected.The legal basis for the transmission of personal data is your consent in accordance with Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 Letter a GDPR, which you have given on our website. Videos from the YouTube platform are integrated on our website via the YouTube service. The integration allows videos to be displayed directly on my website. These are mostly product videos. For the processing itself, the service collects the following data: data for viewing the stream, data on videos clicked on, playlists created, ratings and comments, information on the end device used, the IP address and the browser of the user and other data from Google services to provide the Videos according to the Google privacy policy
If YouTube is activated on my website and a video is played, our website establishes a connection to the servers of Google Ireland Limited and transmits the data required to display the stream or video. As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheater Parkway, 94043 Mountain View, United States. The processing then also takes place in a third country for which there is no adequacy decision by the Commission. Therefore, the standard level of protection for the GDPR cannot be guaranteed when the data is transmitted, since it cannot be ruled out that authorities in third countries, for example, can access the data collected. When the YouTube videos are displayed on our website, information from other Google services may be transmitted and processed by YouTube in order to provide background services for the video, such as streaming data. For this purpose, data may also be transmitted to the Google services Google Fonts, Google Apis, Google Video, Doubleclick. You can revoke your consent at any time. You can find more detailed information on how to revoke your consent either with the consent itself or at the end of this data protection declaration. You can find further information on the handling of the transmitted data in the data protection declaration of the provider at https://policies.google.com/privacy. The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
8. Newsletter – Subscription
If you would like to register for the newsletter, I need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this reason, the registration takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address. In addition, only the first name is collected. I use this data exclusively for sending the requested information and do not pass it on to third parties. The processing of the data entered in the form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke your consent to the storage of your first name and e-mail address and their use for sending the newsletter at any time. A revocation can be made via the corresponding link (unsubscribe) in the newsletter. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you have canceled the newsletter.
9. Mailchimp
This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), this will be stored on the MailChimp servers in the USA. MailChimp is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA. With the help of MailChimp I can analyze my newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the MailChimp servers in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients. If you do not want an analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted both from our servers and from the servers of MailChimp after you have canceled the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the members’ area) remain unaffected. For more information, see MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/
10. Rights of the subject
The applicable data protection law grants you comprehensive data subjects’ rights (information and intervention rights) with regard to the processing of your personal data, about which I inform you below:
- Right of access pursuant to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or become disclosed, the planned storage period or the criteria for determining the retention period, the existence of a right to rectification, deletion, restriction of processing of the data. , opposition to the processing, complaint to a supervisory authority, the origin of your data, if not collected by us from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and impact of such processing, and your right to be informed of the guarantees provided for in Article 46 GDPR when your data is transferred to third countries;
- Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of any inaccurate data concerning you and/or completion of your incomplete data stored by us;
- Right to erasure in accordance with Article 17 GDPR: You have the right to delete your personal data if the conditions of Article 17(1) are met. 1 GDPR. However, this right does not exist, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restrict processing in accordance with Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to improper data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims , since we no longer need this information after the purpose has been achieved, or if you have objected on the grounds of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. They have the right to be informed of these recipients.
- Right to data portability in accordance with Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible;
- Right to revoke consents given in accordance with Art. 3 GDPR: You have the right to revoke once consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for non-consent processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
- Right to appeal under Article 77 GDPR: If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
11. Right to object
- You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We no longer process the personal data.
12. Duration of the storage of personal data
- The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and, if relevant, additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).
- When processing personal data on the basis of express consent in accordance with Article 6 sec. 1 lit. a GDPR, this data is stored until the data subject withdraws his consent.
- There are legal retention periods for data that is set out in the context of legal or legal business-like obligations on the basis of Article 6 paragraph. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest in further storage on our part.
- When processing personal data on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 1 GDPR, unless we can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
- When processing personal data for the purpose of direct marketing on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 2 GDPR.
- Moreover, unless otherwise provided in this declaration about specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.
13. WordPress Supplements
Comments
When visitors post comments on the website, we collect the data displayed in the comment form, as well as the visitor’s IP address and the user agent string (which identifies the browser) to support spam detection. An anonymized string (also called hash) can be created from your email address and passed to the Gravatar service to verify that you are using it. The privacy policy of the Gravatar service can be found here: https://automattic.com/privacy/. After your comment is shared, your profile picture is publicly visible in the context of your comment.