Privacy policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide your data. Failure to provide it will have no consequences. This applies only as long as no other information is provided in the subsequent processing operations.

"Personal data" refers to any information relating to an identified or identifiable natural person.

Server Log Files

You can visit our websites without providing any personal information. Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your Internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.

The processing is carried out based on Art. 6 (1) lit. f GDPR out of our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our services.

Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission’s standard contractual clauses.

Contact

Controller

Feel free to contact us if you have any questions. The controller for data processing is:

Jonas Stöllnberger
Anton Schosserweg 2
4460 Losenstein, Austria
06769534547
jonas@stoellnberger.com

Customer-Initiated Contact via Email

If you initiate business contact with us via email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to process and answer your contact request.

If the contact initiation serves the implementation of pre-contractual measures (e.g., consultation in case of purchase interest, preparation of offers) or relates to an already concluded contract between you and us, this data processing is carried out based on Art. 6 (1) lit. b GDPR.

If the contact initiation is for other reasons, this data processing is based on Art. 6 (1) lit. f GDPR out of our overriding legitimate interest in processing and answering your request. In this case, you have the right to object to the processing of your personal data based on Art. 6 (1) lit. f GDPR at any time for reasons arising from your particular situation.

We use your email address only to process your request. Your data will then be deleted, subject to statutory retention periods, unless you have consented to further processing and use.

Orders

Collection, Processing, and Disclosure of Personal Data in Orders

When placing an order, we collect and process your personal data only as far as necessary for fulfilling and processing your order and handling your inquiries. Providing the data is necessary for concluding the contract. Failure to provide it will result in no contract being concluded. The processing is carried out based on Art. 6 (1) lit. b GDPR and is necessary for fulfilling a contract with you.

Your data is disclosed, for example, to the shipping companies and drop shipping providers selected by you, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.

Your data may be transferred to third countries outside the EU, particularly to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission’s standard contractual clauses.

Advertising

Use of Email Address for Sending Direct Advertising

We use your email address, obtained during the sale of a good or service, for the electronic transmission of advertisements for our goods or services similar to those you have already purchased from us, unless you have objected to this use. Providing the email address is necessary for concluding the contract. Failure to provide it will result in no contract being concluded. The processing is carried out based on Art. 6 (1) lit. f GDPR out of our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising the objection can be found in the imprint. You can also use the link provided in the advertising email. There are no other costs than the transmission costs according to the basic rates.

Use of Klaviyo

We use the services of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; "Klaviyo") for newsletter dispatch as part of order processing. The data you provide during newsletter registration (email address, optionally first and last name) is forwarded to Klaviyo. Data processing serves the purpose of sending newsletters and statistical analysis.

To evaluate newsletter campaigns, the sent newsletters contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This allows us to determine whether you have opened the newsletter and, if applicable, clicked on any integrated links. In this context, we collect personal data such as IP address, browser type and device, and timestamp. From this data, usage profiles can be created under a pseudonym. The collected data is not used to identify you personally. The data is used solely for statistical evaluation to improve newsletter campaigns.

Your data is generally transferred to and stored on servers of Klaviyo in the USA. For the USA, an adequacy decision by the EU Commission exists under the Trans-Atlantic Data Privacy Framework (TADPF). Klaviyo is certified under the TADPF and is committed to adhering to European data protection principles.

The processing of your personal data is based on Art. 6 (1) lit. f GDPR out of our overriding legitimate interest in a targeted, effective, and user-friendly newsletter system. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

Further information on Klaviyo’s privacy policy can be found at Klaviyo Privacy Notice and Klaviyo Data Processing Agreement.

Payment Service Providers

Use of PayPal Express

We use the PayPal Express payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal") on our website. Data processing serves the purpose of offering you the option to pay via PayPal Express. To integrate this payment service, PayPal collects, stores, and analyzes data during website access (e.g., IP address, device type, operating system, browser type, location of the device). Cookies may also be used for this purpose, enabling recognition of your browser.

Data processing is carried out based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in a customer-friendly offer of different payment methods. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. By selecting and using PayPal Express, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the chosen payment method. This processing is based on Art. 6 (1) lit. b GDPR. For more information about PayPal’s data processing, see the privacy policy at: PayPal Privacy Policy.

Cookies

Our website uses cookies. Cookies are small text files stored in your internet browser or by your internet browser on your computer system. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, and prevent the storage of cookies and transmission of the data they contain. Already stored cookies can be deleted at any time. However, we point out that this may prevent you from making full use of all website features.

More information on managing cookies for the most common browsers can be found here: