Valid as of 15. 1. 2019
2. Data Protection
Data protection is a very important topic to us and we want to give you (the user/visitor of our website) information about which data we collect, process or store when you visit our website, as well as the purpose for which this data is used.
2.1. Personal Data (User Data)
Personal data is information related to a natural person from which this natural person can be identified, e.g. that persons name, address or telephone number. Such data will only be collected, processed and/or stored by us via our website if this is permitted by law or with explicit consent of the website user (you).
Information which is not related to a dedicated person and/or anonymized personal data from which it is not possible to clearly identify a natural person is not considered as personal data.
2.2. Data Collection
Most of our website can be used without providing any personal data but by only providing the following technical data which is automatically transmitted to the technical provider of our website via the user‘s browser:
- Browser type/version
- Operating system
- Referer URL (this is the website from which the user was redirected/forwarded to our website, e.g. by clicking on a result from a search engine)
- Pages visited on our website
- Date and time of visit
- Anonymized IP address of the user’s computer.
Such technical data is stored in log-files and it is used only for statistical purposes and/or for optimization of our website.
Cookies While you visit our website cookies (tiny text files) will be temporarily stored on your computer if this is allowed by your browser. These cookies are only used in order for being able to provide all our available services (e.g. to keep your order stored in the cart while you visit our website) and once you close your browser they will automatically be deleted from your computer again. This because they are so-called session cookies, i.e. they are only present during one browser session.
2.3. Data Processing and Data Use
We only process and/or use your personal data if you contact us and all provided personal data will then only be processed for providing the requested service.
This especially means that you will never receive any offers, advertisements, customer satisfaction surveys, newsletters or any other communication from us, except for communication which is directly related to your request, e.g. for answering your request and/or for sending an order confirmation.
The type of personal data we then process and/or use depends on how you contact us.
2.3.1 Contact via our Website
If you contact us via our website, the following personal data is processed:
- Name title, first name, last name
- Company name (optional)
- Physical address country, postcode/ZIP, town/city, street
- Virtual address email, phone number (optional)
- Additional data that you submit, e.g. by filling out provided text forms (optional)
We process this personal data solely on the basis of legal provisions (article 6, GDPR) and/or with your explicit consent given during the contact process.
The provided personal data is then processed in order to answer your request and/or for sending an order confirmation. Such answers/confirmations will be sent unencrypted via email.
2.3.2. Contact via any other Means
If you contact us by any other means, e.g. via email or postal service, we process all personal data provided by you and which is necessary to process your request.
2.4. Duration of Data Storage
Independent of how we collected your personal data (website, email or postal letter) we will always only store it for as long as necessary. This means that all your personal data will be
- deleted if, for any reason, we were not able to process your request within one month from the date of the request/order (e.g. because of an unexpected high volume of contact requests).
- deleted one month after your request has been processed but this did not result in a contractual relationship (e.g. because no payment was made).
- kept if processing your request results in a contractual relationship.
How long your personal data will then be kept depends on the kind of contractual relationship that arises from your request and it also depends on legal retention periods which might apply in those respective cases (e.g. name and address will be stored for at least 10 years in case of a payment).
2.5. Data Security
Data security is a very important topic to us and therefore we handle your personal data with great care to protect your privacy.
In accordance with article 25 of the GDPR (data protection by design) we have implemented technical data security means, e.g. fully encrypted and redundant data storages to protect your personal data against unauthorized access and/or loss.
Additionally we use the latest technological transmission standards (https with TLS-encryption) to ensure safe transmission of your personal data via our website.
In case you contact us via email or postal service this secure transmission does not apply.
2.6. Data Transfer to Third Parties
No personal data provided by you is forwarded to any third party, except in the following cases:
- In the context of processing your request collected personal data is forwarded to a secure data center (as defined in article 4, GDPR) of our website provider. This website provider is under contractual obligation to adhere to our data protection standards and he obtains access to your personal data only to technically support us for fulfilling your request, only for the short period of time which is necessary to technically process the request, and only within the scope for which you have consented to the data processing and use, or
- If we are obliged to transfer such personal data to domestic or foreign courts and/or authorities, or
- If you give your explicit consent for doing so.
3. Hyperlinks to external Websites
4. Your Rights
It is not only important for us to make clear how, why and what kind of personal data we collect, process and/or store, it is also important to let you know which rights you have with respect to that personal data according to the GDPR:
- Access to your personal data (article 15, GDPR)
- Rectification of your personal data (article 16, GDPR)
- Erasure of your personal data (article 17, GDPR): Please note that personal data will only be erased if this is accordance with other legal regulations, e.g. if the retention period for keeping data (e.g. billing statements) is already expired.
- Restriction of your personal data (article 18, GDPR)
- Notification with respect to modification and/or deletion of your personal data (article 19, GDPR)
- Transmission of your personal data (article 20, GDPR)
- Withdrawal of your consent to store your personal data (article 21, GDPR): Please not that, personal data which is no longer required to be stored will automatically be deleted from our database within one month and because by law processing such a request for withdrawal is permitted to take up to one month from the time of the request, such a request is therefore actually not necessary.
In any of the above cases you have to submit your request with sufficient proof of your identity (e.g. by submitting your request via the same email-address that is already known to us) in writing to email@example.com.
If you believe that processing your data is against data protection law or that your right of protecting your data is being infringed in some other way you can also contact us under the email given above.
Independently of contacting us with your concern you always have the right to complain to the Austrian Data Protection Authority.
If you have any additional questions about collection, processing, storage or use of your personal data please contact us at firstname.lastname@example.org.