Data protection - VIVAMAYR Online Shop

Data protection preamble

We are pleased that you would like to find out more about the data protection issues on our website.

We are VIVAMAYR Marketing GmbH and we would like you to perceive our website and its data protection design as a customer-oriented, understandable quality feature.

You will then be informed about which of your personal data is processed in our systems.
Personal data is information that can be attributed to an individual, both directly and indirectly.

1st website visit

In order to access our website, various information is exchanged between your device and our server.

The information transmitted to the server of this website is as follows:

• IP address of the requesting device,


• Date and time of the call, time zone difference to Greenwich Mean Time (GMT)


• Name and URL of the retrieved file,
• Website/application from which access is made (referrer URL),


• content of the request


• access status / http status code


• Amount of data transferred each time


• website from which the request comes


• browser used


• operating system and its interface


• language and version of the browser software

These so-called log files are stored for the following purposes:

• Ensuring a smooth connection setup,


• Ensuring comfortable use of our website/application,


• Evaluation of system security and stability.

This legitimate interest constitutes the legal basis for processing in accordance with Article 6 (1) (f) GDPR.

Data transmission and storage period

Data will only be transferred to security authorities and relevant courts if illegal use occurs. In this case, the data will be stored for up to three years in accordance with Sections 1293 ff ABGB.

The server is provided to us by a service provider who has been contractually obliged to do so in accordance with Article 28 GDPR.

2. Online orders

Purpose of data processing, legal basis

We process your data on the legal basis of contract performance within the meaning of Art 6 Para 1 lit b GDPR in order to fulfil the following purposes:

• delivery of the products you requested


• Carrying out requests to interrupt delivery, recording and processing complaints, data updates, order changes


• Sending the order confirmation by post or email


• Creation and dispatch of invoices and enforcement of outstanding invoice amounts (dunning)

The following data is stored for contract processing, which is necessary for contract fulfillment: name, billing address, delivery address, product, delivery data, contact details, correspondence.

Addition for payment data

You can pay your invoice to us using various systems; the legal basis for the use of this data is Art 6 Para 1 lit b GDPR.

Your payment details are transmitted in encrypted form over the Internet during the ordering process. Due to a special integration into the ordering process, we do not have access to your payment details at any time and are therefore not processors of this data. This is processed exclusively by these payment service providers:

PAYPAL
PayPal (Europe) S.à rl et Cie, SCA
22-24 Boulevard Royal
L-2449 Luxembourg
Luxembourg
Privacy Policy and Terms and Conditions

MPAY24
mPAY24 GmbH
Grüngasse 16
A-1050 Vienna
Austria
Privacy Policy and Terms and Conditions

STRIPE
510 Townsend Street
San Francisco
CA 94103
USA
Privacy Policy and Terms and Conditions
Privacy Shield

Data transmission and storage period

The legal basis for the data transfer to the payment service provider you have chosen (for the purpose of debiting the purchase price) is regulated in Section 96 Paragraph 3 of the Telecommunications Act in conjunction with Article 6 Paragraph 1 Letters a and b of the GDPR. The legal basis for the transfer to the shipping company commissioned by us (for the purpose of delivering the goods) and to our tax advisor (to fulfil our
tax obligations) is regulated in Section 96 Paragraph 3 TKG in conjunction with Article 6 Paragraph 1 Letters b and f GDPR.

If you cancel the sales process, the data you provided will be deleted.

In the event of a contract being concluded, all data from the contractual relationship will be stored until the expiry of the tax retention period (7 years).

The data name, address, purchased goods and date of purchase are also stored until the product liability expires (10 years).

3. Newsletter distribution

Purposes of data processing/legal basis:

The contents of the newsletter include promotions as well as goods and services from VIVAMAYR Marketing GmbH and VIVAMAYR Maria Wörth BetriebsGmbH.

In order to receive our newsletter, you need a valid email address. We will check the email address you have entered (double opt-in) to see whether you are actually the owner of the email address provided or whether the owner has authorized you to receive the newsletter. When you register for our newsletter, we will save your IP address and the date and time of your registration. This is to protect you in the event that a third party misuses your email address and sends our newsletter without your knowledge.
subscribed, as a safeguard on our part. Only when you click on this confirmation link will your email address be added to our mailing list.

With your consent, we record your usage behavior on the websites we operate and the newsletters we send.

The legal basis for this is the existence of a corresponding consent in accordance with Art. 6 (1) (a) GDPR.

Consent

Consent to newsletter

With regard to the use of your personal data to receive our newsletter, you will be asked for your consent at the appropriate point as follows: “I agree to receive the newsletter, which contains information about VIVAMAYR’s offerings. You can find more information about sending newsletters in our privacy policy .”

Recipients/categories of recipients

Eyepin has been contractually obliged to carry out the newsletter dispatch as an external processor in accordance with Article 28 GDPR.

Storage period/criteria for determining the storage period

The storage period is until the consent is revoked or at the latest after 3 years if you are no longer a customer of ours.

Termination/revocation

You can cancel or revoke your subscription to our newsletter at any time and free of charge. Details on how to unsubscribe can be found in the individual newsletters. Unsubscribe here.

If you object, the contact address in question will be blocked for any further data processing for advertising purposes.

Due to technical circumstances and the lead time required for advertisements, it may happen that advertising material is sent to you even though you have lodged an objection. This does not mean that we will not implement your objection, but rather that the advertising mailing was processed at the same time. We thank you for your understanding.

4. Cookies

General information

We use cookies that are technically necessary within the meaning of Section 96 Paragraph 3 TKG and these in accordance with Art. 6 Paragraph 1 Letter a and f GDPR in order to optimize our website.

Cookies are small files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. These are harmless to your device and do not cause any damage (unlike Trojans, viruses and other malware). The use of cookies does not mean that we can identify you, but rather that we can make our service more pleasant for you.

• We use session cookies to recognize which pages of our website you have already visited or whether you have logged in with your customer account.
• Temporary cookies are used to improve user-friendliness and are stored on your device for a specific period of time. When you visit our website again, your previous entries/settings are automatically recognized so that you do not have to enter them again.


• Static cookies are used to optimize our offering, for static purposes and to display customer-specific information. This allows users of our website to be recognized when they visit again.

Cookies are usually accepted automatically by your browser. If you do not want to accept cookies or would like to be informed when a new cookie is created, you can configure this in your browser.

We would like to point out that the complete deactivation
of cookies may result in our website not being able to be fully used.

An overview of the cookies used with further information (e.g. storage period) and objection options can be found in our cookie overview.

Data transfer to the USA:

The following data categories are transmitted in a pseudonymized form to the recipients, all of whom have an EU-US Privacy Shield certification :

• browser type/version,


• operating system used,


• Referrer URL (the previously visited page),


• Hostname of the accessing computer (IP address),


• Time of the server request.

The legal basis for this processing is your consent to the use of the cookies or analysis tools described in accordance with Art. 6 (1) (a) GDPR.

You can object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation pages of the Network Advertising Initiative and additionally on the US website or the European website .

Google Analytics

Purposes of data processing/legal basis:

We use Google Analytics, a web analysis service from Google Inc. ( Google ), to design our websites to meet your needs and to continuously optimize them. The legal basis for this is your consent in accordance with Art. 6 (1) lit. a GDPR. Pseudonymized user profiles are created and cookies are used. The following information is collected based on the cookies:

• browser type/version,


• operating system used,


• Referrer URL (the previously visited page),
• Hostname of the accessing computer (IP address),


• Time of the server request.

This information is used to evaluate the use of the website, to compile reports on website activities and, where appropriate, to request services and tailor the website to your needs.

Due to a shortened representation of your IP address, it is not possible to assign it to you personally.

You can prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing this browser add-on. For mobile devices, you can use this link to prevent Google Analytics from collecting cookies. However, we would like to point out that in this case some functions of this website may not be fully available.

For more information about data protection in connection with Google Analytics, please visit the Google Analytics website.

Data transfer to the USA:

The information generated by the cookie is transferred to a Google server in the USA and stored there. Your IP address will not be merged with other data held by Google. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

Storage period:

The statistically processed data is stored anonymously, so it is no longer possible to trace your IP address. Google Analytics reports do not contain any personal references.

YouTube components with enhanced privacy mode

Purposes of data processing/legal basis:

We use YouTube, a web service provider of Google Inc. ( Google ), to design and display videos in line with your needs. Our legitimate interest is based on Art. 6 (1) (a) and (f) GDPR.

The following information is provided based on the cookies:

• browser type/version,


• operating system used,


• Referrer URL (the previously visited page),


• Hostname of the accessing computer (IP address),


• Time of the server request.

Data transfer to the USA:

The information generated by the cookie is transferred to a Google server in the USA and stored there. Your IP address will not be merged with other data held by Google. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

On our website we use components (videos) from YouTube , a company of Google Inc. We use the “ enhanced data protection mode ” option provided by YouTube.

When you visit a page that allows you to watch a video, a connection to the YouTube servers is established. YouTube collects which of our
Internet pages you have visited when you watch the video. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
log out.

Storage period:

The cookies used here and the information they contain are stored in accordance with the cookie policy and deleted immediately upon objection.

use of reCAPTCHA

Purposes of data processing/legal basis

To protect our input forms, we use reCAPTCHA in accordance with Art. 6 (1) (f) GDPR. The use of this service prevents abusive machine processing.

Here, the referrer URL, the IP address, the behavior of website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, the user's input behavior and mouse movements in the area of ​​the "reCAPTCHA" checkbox are transmitted to "Google".

Data transfer to the USA:

The information generated by the cookie is transferred to a Google server in the USA and stored there. Your IP address will not be merged with other data held by Google. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

If you want to prevent “Google” from transmitting and storing data about you and your behavior on our website, you must log out of “Google” before visiting our site or using the reCAPTCHA plug-in.

The information obtained through the use of the “reCAPTCHA” service is processed in accordance with the Google Terms of Use: https://www.google.com/intl/de/policies/privacy/ .

Storage period:

The cookies used here and the information they contain are stored in accordance with the cookie policy below and deleted immediately upon objection.

5. Security measures

In accordance with Art. 32 GDPR, technical and organizational security measures are taken to safeguard the rights and freedoms of individuals.

6. Your rights

According to the General Data Protection Regulation and the Data Protection Act, you as the person affected by our data processing are entitled to the following rights and legal remedies:

Right to information (Article 15 EU GDPR)

You have the right to request information from us as to whether and, if so, which personal data about you is processed in our systems. For your own protection, you may be required to reveal your identity in an appropriate manner to ensure that no third parties receive information about your data.

You will receive the following information, among others:

• the categories of personal data being processed;


• the recipients or categories of recipients to whom
  the personal data concerning you have been or will be disclosed;


• the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;


• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;


• all available information as to their origin, if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 GDPR in connection with the transfer.

Right to rectification (Article 16) and erasure (Article 17 EU GDPR)

If we process incorrect data about you, you have the right to have this data corrected immediately. Taking into account the purposes of the data processing, you can request that incomplete personal data be completed and that your data be deleted, provided that the criteria of Art. 17 EU GDPR are met.

If the following reasons apply, the data will be deleted immediately:

• You withdraw your consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and
  there is no other legal basis for the processing;


• You object to the processing of your personal data pursuant to Art. 21 Paragraph 1 or Paragraph 2 GDPR.
  processing and there are no overriding legitimate grounds for the processing within the meaning of Art 21 Para 1 GDPR;


• the personal data were processed unlawfully;


• the deletion of personal data is necessary to fulfill a legal obligation;


• the personal data were collected in relation to information society services offered in accordance with Art 8 Para 1 GDPR.

If we have made the personal data public and are obliged to delete it, we will take appropriate measures, taking into account the available technology and the implementation costs, to inform the third parties processing your data that you also request that they delete all links to this personal data or copies or replications of this personal data.

Right to restriction of processing (Article 18 EU GDPR)

Under the statutory requirements, you have the right to restrict the processing of all personal data collected. This data will only be processed with your consent or to enforce legal claims.

• The prerequisites in this regard are:


• you contest the accuracy of the personal data;
• the processing is unlawful and you request the restriction of the use of personal data;


• We no longer need the personal data for the purposes of the processing, but we must retain it for the establishment, exercise or defence of legal claims or


• You object to the processing pursuant to Art. 21 Paragraph 1 GDPR, as long as it has not yet been determined whether our legitimate reasons outweigh yours.

Right to data portability (Article 20 EU GDPR)

You can request the unhindered and unrestricted transmission of data to third parties; in this case, only the data that you have provided yourself will be transferred.

This is only possible if

• the processing is based on consent pursuant to Art 6 Para 1 lit a or Art 9 Para 2 lit a GDPR or on a contract pursuant to Art 6 Para 1 lit b GDPR and


• the processing is carried out using automated procedures.

Right of objection (Article 21 EU GDPR)

You have the right to object to the processing of your personal data free of charge. We can only process the data despite the objection if we can present compelling legitimate grounds for the processing that outweigh your interests, freedoms and rights. The assertion,
Exercise and defense of our legal claims with the help of your
personal data, you cannot object. You can object to data processing for the purpose of direct advertising at any time with effect for the future.

Revocation of consent

You have the right to withdraw your consent to the processing of your data at any time. The data processed by us before the withdrawal is permitted in our systems, the withdrawal
only takes effect after receipt of consent; processing until revocation remains lawful.

Take action to enforce your rights listed above
Rights under the GDPR, VIVAMAYR shall have the right to exercise its right of withdrawal without delay, but no later than
within one month of receipt of your application, for the requested
to comment on the measure or to comply with the application.

We will respond to all reasonable requests within the legal framework free of charge and as promptly as possible.

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can contact theComplain to the supervisory authority. In Austria, the data protection authority is responsible.

We would like to point out that a statutory retention period may prevent deletion or revocation.