EU Dispute Resolution

In accordance with the Regulation on Online Dispute Resolution in Consumer Affairs (ODR Regulation), we would like to inform you about the Online Dispute Resolution Platform (OS Platform).
Consumers have the option to submit complaints to the European Commission’s Online Dispute Resolution Platform at https://ec.europa.eu/consumers/odr/. The necessary contact details can be found in our legal notice above.

However, we would like to point out that we are neither willing nor obligated to participate in dispute resolution proceedings before a consumer arbitration board.

​

Privacy Policy

​

Introduction and Overview

We have prepared this Privacy Policy (Version 29.10.2024-122898931) to explain to you, in compliance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as the controller—along with any processors we engage (e.g., service providers)—process, will process in the future, and what legal rights you have. All terms used are gender-neutral.
In short: We provide comprehensive information about the data we process concerning you.

Privacy policies often sound very technical and use legal terminology. This Privacy Policy, however, aims to describe the most important aspects as simply and transparently as possible. Where transparency is enhanced, technical terms are explained in reader-friendly language, links to further information are provided, and visuals are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible with overly brief, unclear, or legal-technical explanations, as is often the standard online regarding data protection. We hope you find the following explanations interesting and informative, and perhaps you will discover something new. If you still have questions, we kindly ask you to contact the responsible party listed below or in our legal notice, follow the provided links, or seek further information on third-party websites. Our contact details can, of course, also be found in the legal notice.

​

Scope

This Privacy Policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. Processing personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this Privacy Policy includes:

• All online presences (websites, online shops) we operate

• Social media presences and email communications

• Mobile apps for smartphones and other devices

In short: The Privacy Policy applies to all areas where personal data is processed in a structured manner within the company through the aforementioned channels. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

​

Legal Bases

In the following Privacy Policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the GDPR, that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Art. 6(1)(a) GDPR): You have given us consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.

2. Contract (Art. 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we conclude a purchase agreement with you, we need personal information in advance.

3. Legal Obligation (Art. 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.

4. Legitimate Interests (Art. 6(1)(f) GDPR): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently, which constitutes a legitimate interest.

Other conditions, such as the performance of tasks in the public interest or the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Should such a legal basis become relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz—DSG).

• In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz—BDSG) applies.

If additional regional or national laws apply, we will inform you in the following sections.

​

Retention Period

A general principle for us is that we only retain personal data for as long as is strictly necessary to provide our services and products. This means we delete personal data as soon as the reason for processing no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has lapsed, such as for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided no retention obligation exists.

We will inform you below about the specific duration of the respective data processing, where further details are available.

Rights Under the GDPR

In accordance with Articles 13 and 14 GDPR, we inform you about the following rights you are entitled to, ensuring fair and transparent data processing:

1. Right of Access (Art. 15 GDPR): You have the right to know whether we process data about you. If so, you have the right to receive a copy of the data and the following information:

   • The purpose of processing;

   • The categories of data processed;

   • Who receives the data, and if transferred to third countries, how security is ensured;

   • How long the data is stored;

   • The existence of the right to rectification, erasure, restriction of processing, and objection;

   • The right to lodge a complaint with a supervisory authority (links provided below);

   • The source of the data if not collected from you;

   • Whether profiling is conducted, i.e., automated evaluation to create a personal profile.

2. Right to Rectification (Art. 16 GDPR): You have the right to have incorrect data corrected.

3. Right to Erasure ("Right to Be Forgotten," Art. 17 GDPR): You may request the deletion of your data.

4. Right to Restriction of Processing (Art. 18 GDPR): You may request that we only store but no longer use your data.

5. Right to Data Portability (Art. 20 GDPR): Upon request, we will provide your data in a commonly used format.

6. Right to Object (Art. 21 GDPR): If processing is based on Art. 6(1)(e) (public interest) or Art. 6(1)(f) (legitimate interests), you may object. We will then promptly assess whether we can comply legally.

   • If data is used for direct marketing, you may object at any time, after which we may no longer use it for such purposes.

   • If data is used for profiling, you may object at any time, after which we may no longer use it for profiling.

7. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR): You may have the right not to be subject to decisions based solely on automated processing (e.g., profiling).

8. Right to Lodge a Complaint (Art. 77 GDPR): You may complain to a data protection authority if you believe the processing of your personal data violates the GDPR.

In short: You have rights—do not hesitate to contact the responsible party listed above!

If you believe the processing of your data violates data protection laws or your rights have been infringed, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority (https://www.dsb.gv.at/). In Germany, each federal state has a data protection officer. For more information, you may contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority

Leiter: Dr. Matthias Schmidl
Adresse: Barichgasse 40-42, 1030 Wien
Phone.: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

​

​

Explanation of Terms Used

We always strive to make our Privacy Policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (e.g., "personal data") or technical terms (e.g., "cookies," "IP address"). However, we do not want to use these without explanation. Below is an alphabetical list of important terms used that we may not have sufficiently explained in the Privacy Policy so far. Where these terms are taken from the GDPR and constitute definitions, we will also cite the GDPR text and add our own explanations if necessary.

​

Processor

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Explanation: As a company and website operator, we are responsible for all data we process about you. In addition to controllers, there may also be so-called processors. These include any company or person that processes personal data on our behalf. Processors may thus include service providers such as tax consultants, hosting or cloud providers, payment or newsletter services, or large companies like Google or Microsoft.

​

Consent

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Explanation: On websites, such consent is usually obtained via a cookie consent tool. You are likely familiar with this. Upon your first visit to a website, you are typically asked via a banner whether you agree to data processing. You can often adjust individual settings and decide which data processing you allow and which you do not. Without consent, no personal data may be processed. Consent can, of course, also be given in writing (i.e., not via a tool).

​

Personal Data

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Explanation: Personal data includes all data that can identify you as a person. Typically, this includes:

• Name

• Address

• Email address

• Postal address

• Phone number

• Date of birth

• Identification numbers (e.g., social security number, tax ID, passport number, student ID)

• Bank details (e.g., account numbers, credit information, balances)

According to the European Court of Justice (ECJ), your IP address also qualifies as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, you as the subscriber. Therefore, storing an IP address also requires a legal basis under the GDPR.

There are also "special categories" of personal data that are particularly sensitive, including:

• Racial or ethnic origin

• Political opinions

• Religious or philosophical beliefs

• Trade union membership

• Genetic data (e.g., from blood or saliva samples)

• Biometric data (information about physical, physiological, or behavioral characteristics that can identify a person)

• Health data

• Data concerning sexual orientation or sex life

​

Profiling

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. Online, profiling is often used for advertising or credit checks. Web or advertising analytics tools, for example, collect data about your behavior and interests on a website. This creates a specific user profile, enabling targeted advertising.

Controller

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data and thus the "controller." If we pass collected data to other service providers for processing, they are "processors." A "Data Processing Agreement (DPA)" must be signed for this purpose.

​

Processing

Definition per Article 4 GDPR

For the purposes of this Regulation:

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Note: When we refer to "processing" in our Privacy Policy, we mean any type of data processing. As mentioned in the original GDPR definition above, this includes not only collection but also storage and handling of data.

All texts are copyrighted.

Source: Created with the Austrian Privacy Policy Generator by AdSimple.