Data protection policy and consents
1. Setting of goals and responsible authority
This data protection policy explains the type, amount and purpose of the processing (e.g. collection, processing and use as well as obtaining of consents) of personal data within our online offer and associated webpages, features and content (hereinafter collectively as „online offer“ or „webpage“). Data protection policy applies regardless of the used domains, systems, platforms and devices (e.g. desktop or mobile) that are used for the online offer.
Provider of the online offer and authority responsible for data protection is Martina Stryckova, Schielegasse 1/4/3, 2301 Groß Enzersdorf, Austria (hereinafter as “Seller”, “we” or “us”). For contact details, please, see our legal information.
The term “User” includes all customers and visitors of our online offer. Used terms like e.g. “User” are to be understood as gender neutral.
2. Outline information on data processing
We process personal data of users only in compliance with relevant data protection provisions according to the requirements of data minimisation and data avoidance. This means that the user data are being processed only with existing authorisation by law, in particular if the data is necessary for fulfilment of our contractual obligations as well as online services or are required by law or with existing consent.
We take up-to-date organisatory, contractual and technical safety measures to ensure the compliance with the requirements of data protection act and to protect the data that we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
If content, tools or other sources of other vendors (hereinafter as “Third-Party Vendors”) are used within this data protection policy and they reside abroad, it is expected, that data transfer into the countries of residence of the third-party vendors is taking place. Provision of data to third-countries is taking place based on authorisation by law, user consent or special contractual provisions that guarantee data safety as required by law.
3. Processing of personal data
Personal data are being processed for the following purposes according to authorisation by law or user consent, as well as the purpose explicitly defined in this data protection policy:
- for making available, realisation, maintenance, optimisation and guarantee of our services,
- to ensure an effective customer service and technical support.
We provide the user data to third parties only if this is necessary for invoicing purposes (e.g. to a provider of payment method) or for other purposes if they are necessary for us to fulfil our contractual obligations towards users (e.g. provision of addresses to carriers).
If you contact us (per email or on-line form at our website), the user data are saved for the purpose of inquiry processing as well as should additional questions arise. Personal data will be deleted as soon as they fulfilled their purpose and they are not subject to any record keeping requirements by law.
4. Collection of access data
We collect data about every access to the server, where the service is located (so-called server logfiles). Access data includes name of the accessed website, file, date and time of access, transferred data volume, notification about successful access, type of browser and version, operation system of the user, referrer URL (previously visited site), IP address and requesting provider.
We are using the protocol data without matching them to a user person or other profile in compliance with legal requirements only for statistical assessment for the purposes of operation, safety and optimisation of our online offer. However, we reserve the right to proof the protocol data, if there is a reasonable suspicion of illegal usage based on concrete indications.
5. Cookies & reach measurement
Cookies are information from this website and/or third parties transferred from our webserver to the web browser of the user, where they are stored for a later use. Users are informed about the usage of cookies and have the ability to change their settings at any time.
The online offer can be viewed also with exclusion of cookies. If users do not wish to store cookies at their computer, they will be prompted to deactivate the particular feature in the system settings of their browser. Stored cookies can be removed through the system settings of the browser. Exclusion of cookies may lead to limited functionality of the online offer.
It is possible to administer many online-display-cookies of companies through US site http://www.aboutads.info/choices or EU-site http://www.youronlinechoices.com/uk/your-ad-choices/.
Cookie Consent Management
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
6. Google Analytics
Google is authorised by us to use this information to evaluate the usage of our online offer by the user, to create reports on activity within our online offer and to provide us with other services associated with usage of this online offer and internet usage. Pseudonym user profiles can be created during this process from the processed data.
We are using Google Analytics only with activated IP-anonymisation. This means, that the IP address of the user is shortened by Google within member states of the European Union or other states party to the Agreement of the European Economic Area. It is only exceptional, if the full IP address is transferred to the server of Google in the USA and shortened there.
IP address provided by the user browser is not put together with other data from Google. Users can avoid storage of cookies though particular setting of their browser software. Users can avoid also the collection of data established by cookie that are related to their usage of the online offer to Google as well as processing of this data by Google by downloading and installing of the browser plug-in available by clicking on this link: http://tools.google.com/dlpage/gaoptout?hl=de.
Other information on data usage for marketing purposes by Google, options for setting and revocation are available on the website of Google:
https://www.google.com/intl/de/policies/privacy/partners („Data usage by Google when you use website or apps of our partners”), http://www.google.com/policies/technologies/ads („Data usage for marketing purposes“), http://www.google.de/settings/ads („Administration of information used by Google to blend in adverts for you“) and http://www.google.com/ads/preferences („Choose which adverts will be shown to you by Google”).
We are using marketing and remarketing services (shortly as “Google marketing services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).
Google marketing services enable for us better targeting of adverts for and on our webpage in order to show users only adverts that are of their potential interest. If the user gets e.g. an advert for a product that they were interested in on other website, it is called „re-marketing“. For this purpose, when visiting our or other webpages that have activated Google-Marketing-Services, Google immediately applies a code and implements in this website a so-called Re-marketing-tag (invisible graphics or code, also called web beacons). They help to store a personalised cookie on the device of the user, i.e. a small file (instead of cookies also a comparable technology can be used). Cookies can be implemented by various domains, for instance by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file is storing information about what webpages has the user visited, what content are they interested in and on which offers they clicked, technical information about the browser and operation system, referrer websites, duration of the visit as well as other data on usage of the online offer. It is also collected the IP address of the user, however as we inform in the section of Google Analytics, the IP address of the user is shortened by Google within member states of the European Union or other states party to the Agreement of the European Economic Area. It is only exceptional, if the full IP address is transferred to the server of Google in the USA and shortened there. IP address will not be put together by Google with data of the user from other offers. The above-mentioned information can be connected with such information from other resources. If the user visits afterwards other webpages, they will get shown personalised adverts according to their interests.
User data are being processed by the Google marketing services as pseudonym, i.e. Google saves and processes e.g. not the name or e-mail of the user, however processes the relevant data from the cookie collected from the pseudonym user profile. This means, that from the point of view of Google, the adverts are not being administered and shown to a specific identified person, but for the cookie owner regardless of who the cookie owner is. This is not the case if the user explicitly authorised Google to process the data without pseudonymisation. Information about users collected by “DoubleClick” are provided to Google and are stored on Google servers in the USA.
Google marketing services that we use also include the online marketing programme “Google AdWords“. In case of Google AdWords, each customer of AdWords receives a different “Conversion cookie”. This means, the cookies cannot be tracked outside the websites of AdWords customers. Information collected by this cookie is used to establish conversion statistics for AdWords customers that decided for Conversion-tracking. AdWords customers are informed about the total number of users who clicked on the advert und were lead to a page with implemented conversion tracking tag. However, they get no information that could be potentially used to identify the user.
We are implementing the adverts “DoubleClick” of third parties based on Google marketing services. DoubleClick is using Cookies that enable to Google and their partner websites the placing of adverts based on user visits on this webpage or other webpages in internet.
We are also implementing the adverts “AdSense” of third parties based on Google marketing services. AdSense is using Cookies that enable to Google and their partner websites the placing of adverts based on user visits on this webpage or other webpages in internet.
Another Google Marketing service we use is the “Google tag manager” that helps us implement other services for Google analysis and marketing services on our webpage (e.g. AdWords, DoubleClick or Google Analytics).
You can find more information on data usage for marketing purposes by Google on: https://www.google.com/policies/technologies/ads, data protection policy of Google is available at https://www.google.com/policies/privacy.
If you wish to withdraw from the data collection performed by Google-Marketing-Services, you can use the settings provided by Google for Opt-out option: http://www.google.com/ads/preferences.
8. Facebook Social Plugins
Our online offer is using Social Plugins (“Plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). You can recognize the plugin by Facebook Logos (white „f“ on a blue tile, terms like “Like”, or “thumbs-up” symbol) or they are marked with amendment “Facebook Social Plugin. You can find the list of Facebook Social Plugins and how they look like here: https://developers.facebook.com/docs/plugins/.
If a user uses the feature of the online offer which includes this plugin, their device establishes direct connection to the servers of Facebook. Content of the plugin will be provided directly from Facebook to the device of the user and from this implemented into the online offer. It is possible to create user profiles for users from the processed data. Therefore, we cannot influence the amount of data collected by Facebook with this plugin and that is why we inform users according to our current knowledge.
With implementation of the plugin, Facebook receives information, that the user visited the particular site of the online offer. If the user is logged in to Facebook, Facebook can match the visit to their Facebook account. If users are interacting with the plugin, e.g. click on the Like button or comment, the particular information will be sent from their device directly to Facebook and saved there. If the user is not registered at Facebook, it cannot be excluded, that Facebook will use their IP address and store it. According to Facebook, only anonymised IP Address is stored in Slovakia.
Purpose and volume of the data collection and further processing and usage of the data by Facebook as well as associated rights and settings options for privacy protection of the users can be found in the data protection policy of Facebook: https://www.facebook.com/about/privacy/.
If the user is registered on Facebook and does not wish that Facebook collects their data regarding the online offer and matches it to their user profile data saved on Facebook, they must be logged out from Facebook before viewing our online offer and delete their cookies. You can find other settings and revocation options regarding data usage for marketing purposes under profile settings on Facebook: https://www.facebook.com/settings?tab=ads or at the American site http://www.aboutads.info/choices/ or EU-site http://www.youronlinechoices.com/. Settings are applied regardless of the used platform, i.e. for all devices like desktop computers or mobile devices
9. Twitter buttons
We are using buttons of Twitter service. These buttons are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They can be recognized by text like “Twitter” or “Follow” or are in connection with stylised blue bird. Through this button, it is possible to share a post or webpage of the online offer on Twitter.
If user visits a webpage of the online offer which includes such button, their browser establishes a direct connection with servers of Twitter. Content of the Twitter button is provided by Twitter directly to the browser of the user. Therefore, we have no influence on the data volume Twitter is collecting with this plugin and we are informing users according to our current knowledge. As far as we know, when clicking the button only the IP Address of the user and URL of the webpage will be provided, however only for the purpose of showing the button. More information about this is available in the data protection policy of Twitter at http://twitter.com/privacy.
10. Pinterest buttons
We are using button Pin It of Pinterest service, http://pinterest.com. Through this button, it is possible to share a post or webpage of the online offer on Pinterest boards.
If user visits a webpage of the online offer which includes the button Pin It, their browser establishes a direct connection with servers of Pinterest. Content of the button Pin It is provided by Pinterest directly to the browser of the user. Therefore, we have no influence on the data volume Pinterest is collecting with this button and we are informing users according to our current knowledge. As far as we know, when clicking the button only the IP Address of the user and URL of the webpage will be provided, however only for the purpose of showing the button Pin It and to share the content. More information about this is available in the data protection policy of Pinterest at http://pinterest.com/about/privacy/.
This page uses the services of Cloudflare, Inc. 101 Townsend St San Francisco, CA 94107 (hereinafter as CloudFlare). We use these services to provide the full functionality of our webpage. According to the GDPR, we have signed an Agreement on order processing with Cloudflare. Applicable legal provisions for data processing are defined in Art. 6 sec.1 letter f of the GDPR. Cloudflare is a certified member of the EU-US Privacy Shield Frameworks. Cloudflare is obliged to process all included personal Data from member states of the European Union (EU) according to the rules and regulations of the Privacy Shield Framework.
The following information describes the content of our newsletter as well as process of registration, sending and statistical analysis as well as right of withdrawal. By subscribing to our newsletter, you agree to receive the newsletter and with the described process.
Content of newsletter: we send out newsletter, e-mails and other electronic notifications with marketing information (hereinafter as “newsletter) only with consent of the recipient or with authorisation by law. Our newsletter includes information such as our products, offers, special sales and news.
Double-Opt-In and protocol creation: Subscription for our newsletter is performed through a so-called Double-Opt-In-process. After registration you receive an email asking you to confirm your registration. This confirmation is necessary, so no one else can register with your email address. Subscription to newsletter is stored into a protocol in order to prove the subscription process according to legal requirements. This includes saving the time of subscription and confirmation as well as IP address. The same method will be used to store changes of your saved data with the provider of email marketing services.
Provider of email marketing services: Sending of newsletter is ensured by mailchimp.com owned by Rocket Science Group , 675 Ponde de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter as “Provider of email marketing services”). For data protection policy of the provider of email marketing services click here: https://mailchimp.com/legal/privacy/
E-mail address of the newsletter recipient as well as other data described within this policy are stored on servers of the provider of email marketing services. Provider of the email marketing services uses this information for sending and analysing newsletter based on our agreement. Furthermore, provider of the email marketing services is entitled to use this data for optimisation and improvement of their own services, e.g. technical optimisation of sending and showing of the newsletter or for economic purposes to define from what countries the recipients come from. However, the provider of the email marketing services is not using the data of the newsletter recipient to contact them or to provide them to third party.
Register data: In order to subscribe to newsletter, you need to provide your email address.
Statistics collections and analyses – Newsletter includes a so-called “web-beacon”, i.e. pixel size file, that is accessed from the server of the provider of email marketing services when opening the newsletter. When accessing the file, it collects technical information like browser information and information about your system, as well as your IP Address and time of access. This information is used for technical improvement of the service based on technical data or target groups and their reading patterns based on accessed places (that can be identified based on the IP Address) or time of access.
Collection of statistics also includes the fact, if the newsletter was opened, when it was opened and what links are being clicked on. This information can be matched due to technical reasons to individual newsletter recipients, however, we neither the provider of the email marketing services wants to monitor individual users. The analyses aim to identify the reading patterns of our users in order to adjust the content for our users.
Cancellation/Withdrawal: You can cancel the subscription to our newsletter anytime, i.e. withdraw your consent. At the same time your consent forms will be deleted at the provider of email marketing services and the statistical analyses. A separate withdrawal from the newsletter sent by provider of email marketing services or statistical analysis is not possible. Link to cancel your subscription to newsletter can be found at the end of each newsletter.
13. Integration of services and content of third parties
Content of third party vendors can be implemented in our online offer, e.g. city plans or fonts. Implementation of content of third party vendors always assumes, that the third-party vendor identifies IP address of the user, because they cannot send content to the browser of the user without IP address. Therefore, the IP address is necessary for showing the content. Furthermore, the providers of third party content may implement their own cookies und process the user data for their own purposes. It is possible to create user profiles from the processed user data. We will use this content in a way, that we provide as little data as possible and we will choose only third-party vendors with reliable data protection policy.
The following sections are an overview of the third-party vendors as well as their content, together with links to their data protection policy that include further information on processing of data, also partially listed here, and withdrawal options (Opt-Out):
External Fonts of Google, Inc., https://www.google.com/fonts („Google Fonts“). Implementation of Google Fonts is made through server access by Google (usually in the USA). Data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Maps of the service „Google Maps“ provided by third party vendor Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Videos of the platform “YouTube” of the third-party vendor Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
14. User rights and data deletion
Upon request, users have the right to receive information about the personal data that we store about them free of charge. Additionally, the users are entitled to correction of false data, withdrawal of their consents, blocking and removal of their personal data as well as have the right to submit a complaint at the responsible authority in case of illegal data processing.
We delete all data stored by us as soon as they are not necessary anymore for their purpose and are not a subject to any record keeping required by law.
To request an overview of your personal data, withdraw consent or delete all personal data send an email with your request to: [email protected].
15. Amendments to the Data protection policy
We reserve the right to amend the data protection policy in order to comply with amended laws or change of our services as well as data processing. However, this applies only to declaration for data processing. If user consent is necessary or parts of the data protection policy include provisions of the contractual relationship with the user, the changes are possible only with consent of the user. Users are kindly asked to regularly read the content of the data protection policy.
Updated: Feb. 2024