Responsible party for data processing at our company
Responsible for data processing:
Innere Klosterstrasse 11
To maintain our online presence, we use an Internet Service Provider (ISP). The ISP stores our website on their server (hosting) and makes our website available on the Internet. In doing so, the ISP processes contact data, content data, contract data, usage data, inventory data as well as meta and communication data on our behalf. Legal basis: The legal basis for the aforementioned processing is our legitimate interest in an efficient and secure provision of our online offering, Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (commissioned-processing contract).
If you use our website for information purposes only, our ISP will only collect the personal data that the browser you are using transmits to its server. This is the following data:
• IP address
• Date and time of access to our website
• Time zone difference from Greenwich Mean Time (GMT)
• Access status (HTTP status)
• Amount of data transferred
• Internet service provider of the accessing system
• The type of browser you are using and its version
• The operating system you are using
• The website from which you may have accessed our website
• The pages or sub-pages that you visit on our website.
The aforementioned data is stored as log files on the servers of our ISP. This is necessary to display the website on the device you are using and to ensure stability and security. Our legitimate interest in data processing lies in the above purposes. Legal basis: The legal basis is Art. 6 (1) (1) (f) GDPR. Duration: The above data for the provision of our website will be stored for the duration of 7 days and then deleted. Prevention: Since the processing of the above data is absolutely necessary for the provision of our Internet presence, there is no right of objection.
Cookies are used to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after changing pages. In particular, information on language settings or log-in information may be stored in these cookies.
Our legitimate interest in data processing lies in the above purposes. The legal basis is Art. 6 (1) (1) (f) GDPR.
We delete or block your personal data as soon as the purpose of storage has been achieved or no longer applies. Any further storage will only take place if it is required by national or European regulations. In this case, the data will be blocked or deleted when the storage period prescribed in the respective regulations has expired, unless we need your data to fulfill a contract concluded between us or if this is necessary to assert, exercise or defend legal claims.
How can I configure my browser's cookie settings?
Each browser differs in the way it manages cookie settings. This is described in the Help menu of each browser, which explains how to modify your cookie settings. These can be found for each browser under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymisation is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing: https://tools.google.com/dlpage/gaoptout?hl=en.
Contacting us via contact form, e-mail, social media or telephone
If you use the contact form offered on our website, send us an e-mail, or contact us by phone or social media and provide us with personal data, this data will be automatically stored and further processed in our company for processing your inquiry. This data is only processed for correspondence with you. The data transmission via our contact form is carried out via an encrypted SSL connection. We do not disclose your personal data to third parties. Purpose: We need your name to contact you in our reply. We need your e-mail address to be able to answer your inquiry. We need your telephone number in order to respond to your callback request. Legal basis: The legal basis for the above-mentioned use of your data is Art. 6 (1) (a) GDPR. Deletion: The personal data collected by us will be deleted if it is no longer required. We review this requirement every two years. You can also revoke data processing at any time.
If you use our webshop to place orders, we need certain data in order to process your order. This includes, in particular, your name as well as your address and electronic contact data, information to process the payment, and the services used. These data are stored by us. In particular, we use the data transmitted to us in order to:
• identify you as our customer;
• to process, fulfill and complete your order;
• to get in touch with you;
• to invoice you;
• to be able to handle any liability claims;
• to be able to assert contractual claims against you.
We will only disclose your personal data to third parties if:
• disclosure is necessary in accordance with Art. 6 (1) (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
• that there is a legal obligation to do so according to Art. 6 (1) (1) (c) GDPR,
• according to Art. 6 (1) (1) (b) GDPR, it is required for the execution of the contract concluded with you (for example passing on the data to the logistics company entrusted with the delivery or for the purpose of payment processing).
Furthermore, your personal data will not be passed on to third parties without your express consent. If we pass on your personal data to third parties, the amount of data we disclose is limited to the minimum necessary.
You can voluntarily create a user account where you can view your orders. We store the data entered by you when creating the user account until revoked. If you have terminated your account, your data will be deleted, subject to retention for commercial or tax reasons, in accordance with Art. 6 (1) (c) GDPR. Data in customer accounts remain up to its deletion with subsequent archiving in the case of a legal obligation. It is up to the users to save their data before the end of the contract if they have given notice of termination. We use transient cookies (see above under cookies) to store the contents of the shopping cart and persistent cookies (see above under cookies) to store the login status.
We may also use the information you provide to inform you by mail or e-mail about other interesting products and/or services.
When you place an order, register for a user account or log in again, we store your IP address and the time of the respective user action. The purpose of the storage is our as well as your legitimate interests in the protection against misuse and other unauthorized use. The legal basis is Art. 6 (1) (c) GDPR. A transfer of this data to third parties does not take place, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with the law, in accordance with Art. 6 (1) (c) GDPR.
Purpose: The processes and interests described above represent the purpose of data storage. Legal basis: We base the processing of your data in the processes described above on the following legal basis:
• Insofar as we obtain your consent for processing, Art. 6 (1) (a) GDPR applies as the legal basis.
• In the case of processing for the fulfillment of a contract concluded with you, Art. 6 (1) (b) GDPR applies as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
• Insofar as processing is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR applies as the legal basis.
• In the event that vital interests make you or any other natural person subject to processing, Art. 6 (1) (d) GDPR applies as the legal basis.
• If the processing is necessary to safeguard one of our legitimate interests or a third party and your interests, fundamental rights and fundamental freedoms do not outweigh the former interest, Art. 6 (1) (f) GDPR applies as the legal basis for processing.
Deletion: Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of 10 years. After expiry of the legal warranty rights (2 years), however, we limit the processing to the effect that your data will only be used to comply with legal obligations.
We regularly send out newsletters to inform our customers, business partners and interested parties about our offers and related news. You have the opportunity to register for our newsletter on our website and to agree the receipt of the newsletter within the scope of the registration. When you subscribe to our newsletter, you must provide your e-mail address. We save the e-mail address in order to be able to send you the newsletter. We use the so-called double opt-in procedure for subscribing to our newsletter. As soon as you subscribe to our newsletter, an e-mail is sent to the e-mail address provided. This e-mail contains a link. By clicking on this link, you are confirming that you would like to receive the newsletter. This ensures that your e-mail address was not misused by a third party during registration. For the same reason, we store the date and time of registration and the IP address assigned to you at registration. The aforementioned data will not be passed on to third parties. Purpose: The processes and interests described above represent the purpose of data storage. Legal basis: The legal basis for processing is your consent, according to Art. 6 (1) (a) GDPR. Deletion: The e-mail address will be deleted if you have not clicked on the confirmation link in the double opt-in process 1 month after the confirmation e-mail was sent or immediately after you have unsubscribed from our newsletter. Revocation: You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. We offer the following possibilities by which you can declare your revocation:
• clicking on the link provided in the newsletter for this purpose
• form on our website
• by e-mail to: [email protected]
• through the contact data provided in the imprint of our website
Evaluation of user behavior
If you have consented to this, we will evaluate your user behavior when sending the newsletter. Our newsletter contains tracking pixels for this purpose. This enables us to recognize if and when you have opened the newsletter and whether you have clicked any links in the newsletter. This enables us to statistically evaluate the success or failure of our newsletter. In addition, it enables us to identify which articles and topics appeal to you in particular and adapt our content to your interests. Purpose: The processes and interests described above represent the purpose of data storage. Legal basis: The legal basis for processing is your consent, according to Art. 6 (1) (a) GDPR. Restriction: You can revoke your consent to receive the newsletter at any time using the above options. Deletion: We will delete your data after revocation.
Your rights as a user of our online presence according to the GDPR
• Right to information: According to Art. 15 GDPR, you can request a confirmation as to whether and which personal data we process from you. In addition, you may request from us free of charge information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed or the planned storage period, the right to rectification, deletion, limitation of processing or opposition, the existence of a right of appeal and the origin of their data, if they were not collected from us. You also have the right to know whether your personal data has been transmitted to a third country or to an international organization. If so, you have the right to obtain information about the appropriate guarantees in connection with the transfer.
• Right to correction: According to Art. 16 GDPR, you may request the correction of incorrect or complete incomplete personal data stored with us about you.
• Right to cancellation: According to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless further processing is necessary to
o fulfill a legal obligation,
o assert, exercise or defend legal claims,
o exercise the right to freedom of expression and information; or
o for the reasons of the public interest referred to in Article 17 (3) (c) and (d) GDPR.
• Right to restriction: According to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if
o the accuracy of the data is disputed by you for a period of time that allows us to verify the accuracy of your personal information,
o the processing of your data is unlawful, but you reject its deletion and instead demand the restriction of the use of the data,
o we no longer need your personal information for processing purposes, but you do need the information to assert, exercise or defend your rights,
o you have lodged an objection against the processing of your data in accordance with Art. 21 GDPR, but it is not yet certain whether the legitimate reasons that justified us to further processing despite your objection outweigh your rights.
• Right to information: If you have exercised your right to have us correct, delete or limit the processing of your data, we are obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. It is your right to be informed regarding such recipients by us.
• Right to data portability: In accordance with Art. 20 GDPR, you may request that we obtain the personal data relating to you which you have provided to us in a structured, standard and machine-readable format or to request the transfer to another person responsible.
• Right to appeal: According to Art. 77 GDPR you have the right to complain to a supervisory authority. For this you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
Right of withdrawal
According to Art. 7 (3) GDPR, you have the right to revoke your consent to the processing of your data at any time from us. The revocation you have declared does not alter the legality of the processing of your personal data until the revocation
Right of objection
You have the right at any time to object to the processing of your personal data, which is based on a balance of interests (Art. 6 (1) (f) GDPR) for reasons that arise from your particular situation. This is especially the case if the data processing is not required to fulfill a contract. If you exercise your right of objection, we ask you to explain the reasons. We will then no longer process your personal data, unless we can prove to you that compelling legitimate reasons for data processing outweigh your interests and rights.
Regardless of the above, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please address your objection to the above contact address of the person responsible.
We use components of YouTube on this website, a service operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
YouTube is a video portal where users can watch videos for free. YouTube offers website operators the possibility to integrate videos on their own website. YouTube provides a code snippet that displays the video in a so-called inline frame. After a page or subpage of our website is called up on which such an embedding has taken place, the Internet browser you use will cause video components of the embedded video or clip to be downloaded. This process requires YouTube to read the IP address assigned to you; otherwise YouTube could not transmit the video to your browser. YouTube may recognize that you have visited one of our sites where we have included a YouTube video when you are logged in to YouTube. This information is transmitted to YouTube even if you do not click on the YouTube video. Both YouTube and Google collect this information and associate it with your YouTube account. Prevention: You can prevent this data transfer at any time by logging out of your YouTube account or setting an opt-out cookie by clicking the link https://adssettings.google.com/authenticated after logging into your Google account. Legal basis: The legal basis for the above-mentioned use of your data is Art. 6 (1) (f) GDPR.
Based within the EU: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
We use the Facebook Pixel, Custom Audiences and Facebook Conversion functions of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
Based within the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
• Data Policy: https://www.facebook.com/policy.php
• Facebook Pixels: https://www.facebook.com/business/help/651294705016616
We offer payment processing on our website via the payment service provider PayPal (PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg).
In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
We also take technical and organizational security measures in accordance with the state of the art in order to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.
Updating and amendment of this data protection declaration