Data protection declaration & cancellation notice
Here we would like to describe to you whether and how we process your personal data. “We” as the person responsible within the meaning of the General Data Protection Regulation (“GDPR”) are Andreas Ecker, Hirseweg 13, 1220 Vienna, Austria, office@waldstueck.at .
-
General information on data processing and the legal basis
- This data protection declaration describes the type, scope and purpose of the processing of personal data within our range of services and the websites, functions and content associated with it (hereinafter collectively referred to as the “website”). This declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile or offline).
- The definitions of the terms used here, such as “personal data” or their “processing”, can be found in Art 4 GDPR.
- We only process personal data in compliance with legal provisions (in particular Article 6 Paragraph 1 GDPR). Accordingly, data will only be processed if there is legal permission; in particular if the data processing is necessary to fulfill our contractual services (e.g. processing orders) as well as our online service or is required by law or you have given your consent as a user or there is an overriding legitimate interest on our part (e.g. interest in analysis and optimization our online offer).
-
Categories of data processed and legal basis for processing
- The personal data you voluntarily provide when registering for our newsletter (namely your email address) will only be processed by us with your (revocable) consent in accordance with Article 6 Paragraph 1 lit a GDPR.
- Otherwise, as part of our offer, we process the following of your personal data to execute the contract (Article 6 Paragraph 1 lit b GDPR) or on the basis of our overriding legitimate interest (Article 6 Paragraph 1 lit f GDPR):
- Inventory data (e.g. names and addresses of customer contacts, telephone number, email address)
- Contract data (e.g. ordered goods, names of clerks, payment information)
- Usage data (e.g. the websites of our online offering visited, interest in our goods and services)
- Content data (e.g. entries in the contact form, photos, videos)
-
Purposes of data processing
- The personal data mentioned under point 2 will be processed for the following purposes:
- to carry out the order you have placed and the associated delivery of goods;
- to make this website and our online offering available to you and to further improve this website and make it more user-friendly for you;
- to be able to create usage statistics and range measurements;
- to increase the level of security both when using this website and when processing your orders.
- to respond to your inquiries.
- The personal data you use comes from the information you provided during the ordering process or is collected automatically when you visit the website (e.g. IP address). If data has obviously been entered incorrectly by mistake (e.g. gnx.at instead of gmx.at; gmaij.com instead of gmail.com), we will correct this in individual cases in order to ensure proper service processing.
- The personal data mentioned under point 2 will be processed for the following purposes:
-
Transfer of data to third parties and third parties and to third countries
- Data will only be passed on within the framework of legal requirements. Accordingly, we only pass on data if this is necessary for the execution of the contract, for example on the basis of Art. 6 Para. 1 lit. b GDPR or due to an overriding legitimate interest in accordance with Art. 6 Para. 1 lit.
- If we use subcontractors to fulfill our services and to maintain our company efficiently and effectively, they are located exclusively in countries with an appropriate level of data protection in accordance with the adequacy decision of the European Commission (Article 45 GDPR) (e.g. EU, EEA, Switzerland, within the framework of the EU US Privacy Shield Frameworks certified companies or based on officially recognized special contractual obligations, so-called “standard contractual clauses”). In addition, where necessary or required, we have corresponding contractual agreements with our service providers in order to ensure an appropriate level of data protection.
- For the purposes mentioned above, we transmit your personal data to the following recipients or categories of recipients, unless others are listed for the individual topics:
- IT service providers;
- logistics company;
- Payment service provider
- Service providers to support invoicing;
- Newsletter service provider
-
External payment service providers
- We use external payment service providers to handle the payment process. We and our customers can carry out payment transactions via their platforms. Here are some examples including the link to the corresponding data protection declaration:
- Paypal: http://www.paypal.com/at/webapps/mpp/ua/privacy-full
- Visa: http://www.visaeurope.at/datenschutz
- Mastercard: mastercard.at/de-at/datenschutz.html
- American Express: americanexpress.com/mn/en/network/content/privacy-policy.html
- Stripe: https://stripe.com/at/privacy
- In order to enable payment processing, the payment service providers process various data. This includes inventory data, e.g. name and address, bank details, e.g. account and credit card numbers, passwords, TANs, checksums. Payment processing is not possible without processing this data. However, this data is only processed by the payment service provider. We do not receive any account or credit card related information other than positive or negative payment confirmations. Please note the respective terms and conditions and data protection information of the provider used on their website. If you require further information in this regard or would like to assert your data subject rights (information, revocation, etc.), please contact the respective payment service provider directly.
- We use external payment service providers to handle the payment process. We and our customers can carry out payment transactions via their platforms. Here are some examples including the link to the corresponding data protection declaration:
-
E-commerce platform
- Shopify International Limited provides us with the online e-commerce platform that allows us to offer our products to you online. Your data is stored on Shopify servers. Shopify stores your data on servers secured by a firewall. If you have any further questions about data storage on Shopify-operated servers, please contact Shopify International Limited's data protection officer directly or visit www.shopify.com/legal/privacy. For consumers based in the EU: Shopify International Limited, Attn: Data Protection Officer, c/o Intertrust Ireland, 2nd Floor 1-2 Victoria Buildings Haddington Road, Dublin 4, D04 XN32 Ireland
-
Google Analytics
- On our website we use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheater Parkway, Mountin View, CA 94043, USA (“Google” for short). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. We use this analysis tool based on our overriding legitimate interest in having easy-to-use website access statistics in a cost-efficient manner in accordance with Art. 6 Para. 1 lit. f GDPR.
- Google is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law.
- On our website we use the IP anonymization option offered by Google Analytics. The IP address is shortened by Google within member states of the European Union or in other contracting states of the EEA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
- Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined by Google with other data.
- You can prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the online offering and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools. google.com/dlpage/gaoptout?hl=de .
- Further information about Google's use of data as well as settings and objection options can be found on Google's website: https://www.google.com/intl/de/policies/privacy/partners ("Use of data by Google when you use websites or apps from our partners"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google “used to show you advertising”).
-
Cookies & reach measurement
- We use so-called cookies on our website. A cookie is a small file or other form of information storage that may be stored on your computer when you visit a website. Basically, cookies are used to offer users additional functions on a website (e.g. facilitating navigation; finding pages that you have previously viewed; storing preferences for repeat visits) or to store the interests of our website users and these To use information for reach measurement and marketing purposes. Cookies cannot access, read or modify any other data on your computer.
- Most of the cookies on our website are so-called session cookies, which are only stored for the duration of the current visit to the website (e.g. to make it easier to use our shopping cart). They will be automatically deleted when you leave our website. Permanent cookies, however, remain on your computer until you delete them manually in your browser. We use such persistent cookies to recognize you the next time you visit our website.
- If you do not want cookies to be stored on your computer, please deactivate the corresponding option in the browser's system settings. You can also block or delete cookies that have already been saved in your browser. Especially with regard to tracking, you can find information on www.youronlinechoices.com, for example, explaining how you can generally object to the use of cookies for online marketing purposes. However, if you make use of this, there may be restrictions on your use of the website.
-
Google (Re)Marketing Services
- We use the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”) in the area of marketing and re-marketing (“Google Marketing Services” for short). We do this based on our legitimate interest (Article 6 Paragraph 1 lit f GDPR), namely our interest in the optimization, analysis and economic operation of our online offering.
- Google is certified under the Privacy Shield Agreement and thereby offers an appropriate guarantee of compliance with European data protection law.
- By using Google Marketing Services, we can display advertisements for and on our website in a more targeted manner. We only want to present you with advertisements that are particularly interesting or might interest you. For example, if you are shown advertisements for products that you were interested in on other websites, this is usually referred to as “remarketing”.
- For these purposes, when you visit our and other websites on which Google Marketing Services are activated, Google immediately executes a code from Google and so-called (re-)marketing tags are then integrated into the website. These (re-)marketing tags are invisible codes or graphics and are also called “web beacons”. These usually set an individual cookie, i.e. a small file, on the user's device.
- The cookies can be set by different domains (e.g. google.com, googleadservices.com, googlesyndication.com, admeld.com, doubleclick.net, invitemedia.com). The cookie records which websites you have visited and what content you have chosen interested and which offers you clicked on. Technical information about the browser and operating system, referring websites, the time of visit and other information about the use of the online offer are also noted.
- Your IP address is also recorded. With regard to the use of Google Analytics, the IP address is shortened within the EU or EEA and only in exceptional cases is transmitted without authorization to a Google server in the USA and only then shortened there. Your IP address will not be linked to your data within other Google offerings. The information presented above can also be combined by Google with such information from other sources. If you then visit other websites, you may be shown advertisements tailored to your interests.
- As part of Google Marketing Services, user data is processed pseudonymously. For example, Google does not store and process your name or email address, but rather processes the relevant data related to the cookies within the framework of pseudonymous user profiles. This means that, from Google's perspective, the advertisements are not managed and displayed for a specifically identified person, but only for the cookie holder, so to speak. Who this owner is is irrelevant. The situation is different if you have expressly permitted Google to process your data without this pseudonymization. When you use Google Marketing Services, the information collected about you is transmitted to Google and stored on Google's servers in the USA.
- We also use another Google marketing service, namely “Google AdWords”, an online advertising program from Google. Here, each AdWords customer receives a different “conversion cookie”. This means that cookies cannot be tracked across AdWords customers' websites. With the help of the information collected via the cookies, conversion statistics can be created for AdWords customers, namely for those customers who have opted for conversion tracking. As an AdWords customer, we learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information from which individual users could be identified.
- Further information on Google's use of data for marketing purposes can be found here: https://www.google.com/policies/technologies/ads . Google's privacy policy can be found at https://www.google.com/policies/privacy .
- To object to interest-based advertising by Google Marketing Services, please use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences .
-
Facebook social plugins
- Based on our legitimate interests (in particular interest in analyzing and optimizing our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR) we use social plugins (“plugins”) from the social network facebook.com. This is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook” for short). The plugins can display interaction elements or content (e.g. text articles, videos or graphics). They can be recognized by one of the Facebook logos (white “f” on a blue field, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. You can view the list and appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/ ".
- Facebook is certified under the Privacy Shield Agreement. As a result, it offers a guarantee of complying with the “adequate level of protection” required by European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).
- If you access a function of this online offer that contains such a plugin, your device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly to your device by Facebook and integrated into the online offering. User usage profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects using this plugin. We therefore inform you as a user according to our level of knowledge.
- By integrating the plugins, Facebook receives the information that you as a user have accessed the corresponding page of the online offering. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information will be transmitted from your device directly to Facebook and stored there. If you are not a member of Facebook, there is still the possibility that Facebook will find out and store your IP address. Facebook states that only an anonymized IP address is stored in Austria.
- To find out the purpose and scope of data collection, the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect your privacy as a user, please see Facebook's data protection information: https://www.facebook.com /about/privacy/ .
- If you are a member of Facebook and do not want Facebook to collect data about you via this online offer and link it to the member data stored on Facebook, you must log out of Facebook and delete your cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices / or the EU site http://www.youronlinechoices.com/ . The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices.
-
Facebook, Custom Audiences and Facebook Marketing Services (“Facebook Pixel”)
- Within our online offering, due to our legitimate interests in the analysis, optimization and economic operation of our online offering and for these purposes, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") is used.
- Facebook is certified under the Privacy Shield Agreement. As a result, it offers a guarantee that the “adequate level of protection” required by European data protection law is met.
- With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain products, which are determined based on the websites visited which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).
- The Facebook pixel is integrated directly by Facebook when you visit our website and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our online offering will be noted in your profile. The data collected about you is anonymous to us and does not allow us to draw any conclusions about your identity as a user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, it will be encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of comparing data with the same data encrypted by Facebook.
- The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, please note general information on the display of Facebook ads in Facebook's data usage policy: https://www.facebook.com/policy.php . Specific information and details about the Facebook page pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616 .
- It is possible to object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of advertisements are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads . The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices.
- You can also use cookies to measure reach and for advertising purposes via the deactivation page of the Network Advertising Initiative ( http://optout.networkadvertising.org/ ) and also the US website ( http://www.aboutads.info/ choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).
-
Our social media channels
- We are very active in our social networks and try to stay in touch with our customers, interested parties and users and inform them about our offers. If you access the respective network or platform, the terms and conditions and data protection guidelines of the respective operator apply.
- Unless we state otherwise, we process users' data when they communicate with us there, for example when they write posts or send us messages.
-
Integrated third-party services and content (e.g. YouTube, Google Fonts)
- On our website and to supplement our online offerings, we use content and service offerings from third parties to integrate their content and services, such as videos or fonts. We do this on the basis of our legitimate interests (Article 6 Paragraph 1 lit f GDPR), e.g. our interest in the optimization and economic operation of our online offerings.
- These services always require that the third-party providers perceive the IP address of website visitors. Without the IP address, you would not be able to send the content to their browser. Some providers use “pixel tags” (invisible graphics, also known as “web beacons”). These are used for statistical or marketing purposes. This “pixel tag” allows information such as visitor traffic on the website to be evaluated. Pseudonymous information can also be stored in cookies on the visitor's device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information about the use of our online offerings. In some cases this information is also linked to other sources.
- Youtube: We integrate videos from the “Youtube” platform. The provider is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. You can find their privacy policy here: www.google.com/policies/privacy/. An opt-out would be possible here: https://adssettings.google.com/authenticated .
- Google Fonts: We also integrate the “Google Fonts” fonts. The provider is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. You can find their privacy policy here: www.google.com/policies/privacy/. An opt-out would be possible here: https://adssettings.google.com/authenticated
-
Newsletter & Mailchimp
- You have the option of subscribing to our newsletter via our website. For this we need your email address and your (revocable at any time) declaration that you agree to receive the newsletter.
- The newsletter contains in particular information about our products, new developments regarding the products we offer, new product introductions, promotions, competitions and events both from our company and from our partner companies or suppliers.
- The final registration takes place via a double opt-in: As soon as you have registered for the newsletter, we will send you a confirmation email with your link to confirm your registration (double opt-in). This procedure prevents anyone else from registering with your email address. We store the data from registration for the newsletter (e.g. registration and confirmation time, IP address) in order to be able to provide proof of the registration process (Article 6 Paragraph 1 lit f GDPR). Any changes to your data stored by the shipping service provider will also be logged.
- As an existing customer, you can receive newsletters and other information (direct advertising) from us in accordance with Section 107 Paragraph 3 TKG without registering separately. However, you have the option, for example, of refusing to receive direct advertising during the ordering process.
- Cancellation/revocation: You can cancel our newsletter at any time or revoke your consent to receive it. To do this, simply use the “Unsubscribe” button at the end of each newsletter or write us an email ( office@waldstueck.at ). After that, your email address will no longer be used for advertising purposes.
- We can store unsubscribed email addresses for 3 years in order to be able to prove the lawfulness of the processing that took place before revocation (Article 6 Paragraph 1 lit f GDPR). If you expressly confirm your previous consent to us, we will be happy to delete the email before the end of the three years.
- Mailchimp: We send our newsletter via the shipping service provider “MailChimp”, a newsletter delivery platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Mailchimp's privacy policy can be found here: https://mailchimp.com/legal/privacy/ ". The Rocket Science Group LLC is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will maintain a level of data protection appropriate to European standards. The shipping service provider is used on the basis of our legitimate interests (Article 6 Paragraph 1 lit f GDPR). In addition, we have concluded an order processing contract in accordance with Article 28 GDPR.
- Mailchimp may use the data of newsletter recipients in a pseudonymized form, i.e. without assignment to a specific recipient, to optimize or improve its own services (e.g. technical optimization of sending and display of newsletters or creation of statistics). However, the data will not be used by Mailchimp to send messages to the recipients themselves or to pass on the data.
-
Right to object
- You can object to the future processing of your personal data at any time in accordance with legal requirements; In particular, this option exists against processing for direct advertising purposes. To do this, please simply send us an email to office@waldstueck.at .
-
Duration of storage
- The data we store will be deleted as soon as it is no longer required for its intended purpose and deletion does not conflict with any legal retention obligations.
- For example, according to Section 132 BAO, we are legally obliged to store accounting documents (e.g. invoices, receipts) for a period of at least 7 years (longer in the case of legal disputes).
-
Your rights in relation to the processing of personal data
- You have the right to access or obtain information about your personal data stored by us at any time (right to information), to correct or complete incorrect or incomplete personal data (right to rectification), to access your stored personal data delete it (right to deletion) or restrict it or transfer it to a third party – if permitted – (right to data transfer).
- In addition, you can revoke any declaration of consent you have given (e.g. for the newsletter) at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of consent and the subsequent removal of the declaration of consent does not make it unlawful.
- If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, please contact us ( office@waldstueck.at or 0043 650 783 2634) and we will try to clarify this . Alternatively, you also have the right to complain directly to the Austrian data protection authority (www.dsb.gv.at) at any time.
-
Changes to the privacy policy
- Since, for example, the legal situation or our services and the associated data processing may change, we reserve the right to adapt this data protection declaration accordingly. However, this only applies to declarations on data processing. If we need your consent for data processing or parts of this data protection declaration contain regulations of the contractual relationship with users, the changes will only be made with your consent.
- Please check regularly for the current content of our data protection declaration.
As of: March 28, 2019