Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data in this context means all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Ann-Sophie Stampfer, Arsenal 5, 1030 Vienna, Austria.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Website visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to retrospectively review the server log files if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Shopify

For hosting our website and displaying page content, we use the system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).

Data is also transferred to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are deleted automatically when you close your browser (“session cookies”), while others remain on your device for a longer period and allow page settings to be saved (“persistent cookies”). In the latter case, you can find the storage duration in your browser’s cookie settings overview.

If personal data is processed by individual cookies used by us, processing is carried out in accordance with Art. 6(1)(b) GDPR for contract execution, in accordance with Art. 6(1)(a) GDPR on the basis of consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective website experience.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting Us

When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your inquiry is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred that the matter in question has been conclusively clarified and provided that no statutory retention obligations oppose this.

6) Data Processing When Creating a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data is collected and processed to the extent required when you provide such data when opening a customer account. The data required for account creation can be found in the input form on our website.

You may delete your customer account at any time by sending a message to the controller listed above. After deletion of your customer account, your data will be deleted provided that all contracts concluded via the account have been fully processed, no statutory retention periods apply, and no legitimate interest on our part justifies further storage.

7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally.

We use the double opt-in procedure to ensure that you only receive newsletters after explicitly confirming your consent by clicking on a verification link sent to your email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later time. The data collected during newsletter registration is used strictly for its intended purpose.

You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by contacting the controller mentioned above. After unsubscribing, your email address will be immediately deleted from our mailing list unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, as legally permitted and explained in this policy.

7.2 Email Newsletter for Existing Customers

If you provided your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. In accordance with Section 7(3) of the Austrian Unfair Competition Act (UWG), no separate consent is required.

Data processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, no emails will be sent.

You may object to the use of your email address for advertising purposes at any time with effect for the future by notifying the controller named above. After receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.

7.3 Product Availability Notification by Email

For temporarily unavailable products, you may subscribe to email notifications regarding product availability. We will send you a one-time email informing you of the availability of the selected product. The only mandatory information required is your email address.

The double opt-in procedure is used to ensure that notifications are only sent after your explicit confirmation. By activating the confirmation link, you grant your consent pursuant to Art. 6(1)(a) GDPR. The collected data is used strictly for its intended purpose.

You may unsubscribe from availability notifications at any time by contacting the controller named above. Your email address will then be immediately deleted unless further legally permitted use applies.

7.4 Shopping Cart Reminder Emails

If you cancel your purchase before completing the order, you may receive a one-time email reminder regarding the contents of your virtual shopping cart.

The only mandatory information required is your email address. The double opt-in procedure is used. By confirming, you grant consent pursuant to Art. 6(1)(a) GDPR. You may unsubscribe at any time, after which your email address will be deleted unless legally permitted further use applies.

8) Data Processing for Order Fulfillment

To the extent necessary for contract fulfillment and for delivery and payment purposes, personal data is transmitted to the commissioned transport company and financial institution pursuant to Art. 6(1)(b) GDPR.

Where we owe you updates for digital products or goods with digital elements, your contact details will be processed pursuant to Art. 6(1)(c) GDPR solely for the purpose of fulfilling our statutory information obligations.

We also cooperate with service providers who assist us in contract execution. Certain personal data is transmitted to them in accordance with the information below.

9) Tools and Other Services

Cookie Consent Tool

This website uses a cookie consent tool to obtain valid user consent for cookies requiring consent. The tool is displayed as an interactive interface when the website is accessed.

Technically necessary cookies are used to store cookie preferences. Personal user data is generally not processed.

If personal data (e.g. IP address) is processed in individual cases, processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in legally compliant cookie management and pursuant to Art. 6(1)(c) GDPR due to legal obligations.

10) Rights of the Data Subject

You have the following rights under GDPR:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to notification pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent pursuant to Art. 7(3) GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

Right to Object

If we process your personal data based on legitimate interests, you may object at any time for reasons arising from your particular situation. In the case of direct advertising, you may object at any time. Processing will then be discontinued for such purposes.

11) Duration of Storage of Personal Data

Personal data is stored for the duration determined by the respective legal basis, processing purpose, and statutory retention periods.

Data processed based on consent is stored until consent is withdrawn.
Data subject to statutory retention obligations is deleted after expiration of those periods.
Data processed on the basis of legitimate interests is stored until an objection is made, unless overriding legitimate grounds exist.

Unless otherwise stated, personal data will be deleted once it is no longer required for the purposes for which it was collected.

Item added to your cart