Data privacy statement

This Data Privacy Statement provides an overview of the nature, scope and purposes of the processing of personal data during visits to our website. Personal data means all information by means of which you can be identified personally, among other things also your IP address.

This Data Privacy Statement also includes a further section containing general information about data processing, which applies to all our processing activities.

The terms used in this Statement are aligned with the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

INFORMATION FOR USERS OF OUR Website

Controller for the data collection on this website:
HIRSCH Armbänder GmbH, Hirschstraße 5, 9020 Klagenfurt am Wörthersee, Austria

Data collection on our website
Your data are collected on the one hand when you provide them to us, and on the other hand data, in particular technical data, are collected automatically when you visit our website. Some of the data are collected to ensure that our website functions faultlessly. Other data can be used for analysis. You can find out more about this in the next point.

Webshop

We process our customers’ data, especially their master data, communication data, payment data and contractual data within the framework of implementing payment processes in our webshop. This takes place for the purpose of selecting and ordering the chosen products and/or services, as well as for paying for them and delivering or implementing them.

The purpose of the processing is the provision of contractual services within the framework of operating our webshop, invoicing deliveries and services, delivering products and implementing services. In this we use session cookies for storing the content of shopping baskets, and permanent cookies for storing the login status.

The processing takes place on the basis of Art. 6 Para. 1 (b) GDPR for processing orders, and in addition in accordance with Art. 6 Para. 1 (c) GDPR for compliance with our legal retention obligations on the basis of trade and tax regulations. The details that are obligatory for the performance of the contract are identified as such when they are entered in our shop system. We transmit the data to third parties only for the implementation of the delivery, payment or within the framework of the legal rights and duties, and to legal advisers and authorities where required within the framework of our legitimate interest in asserting our rights in accordance with Art. 6 Para. 1 (f) GDPR. The data are only processed in third countries if this is absolutely necessary for the performance of the contract (e.g. if the customer so wishes for delivery or payment).

Users can set up a user account, in which for example they can see their orders. User accounts are not visible publicly. If users have terminated their user account, their data in respect of the user account are deleted, unless it is obligatory to retain these data for reasons of trade or tax law in accordance with Art. 6 Para. 1 (c) GDPR, or it is necessary on the basis of our legitimate interest in asserting our rights in accordance with Art. 6 Para. 1 (f) GDPR. It is the responsibility of the users to secure their data before the end of the contract once they have given notice of termination.

Within the framework of registration and in the event of re-registrations, as well as when our online services are used, we store the IP address and time of the respective user actions. This storage takes place on the basis of our legitimate interests in accordance with Art. 6 Para. 1 (f) GDPR, and also in the legitimate interest of the users themselves in protecting their data against misuse and other unauthorised use. These data are strictly not forwarded to third parties, unless this is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 (c) GDPR.

The data are erased after the expiry of the legal warranty and compensation periods or of other contractual or legal periods, in particular the retention periods required by tax law.


Modules, Plug-Ins or third-party suppliere Tools used


Hosting and Sending E-Mails

Within the framework of hosting our website, all the data to be processed in connection with the operation of our website are stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in optimising our website offering. To provide our online content we use services of web hosting providers, to whom we make the above-mentioned data available within the context of processing on our behalf in accordance with Art. 28 GDPR.

Internet Presence on social media

We have internet presences on social media such as Facebook, Instagram and You Tube so that we can communicate there with active users and inform them there about our services.

Within the framework of our social media presence, the users’ data can be processed for advertising and market research purposes. Among other things, dedicated usage profiles can be created from various interests of the users. The usage profiles can subsequently be used, for example, to show targeted advertising within and outside the social media. For these purposes, the social medium also uses cookies in which the usage behaviour and the users’ interests are stored. In addition, these usage profiles can also contain data about the users as members of the respective social media if they are logged in to these.

Our processing of the users’ personal data takes place on the basis of our legitimate interest in extensive information and communication with the users in accordance with Art. 6 Para. 1 (f) GDPR. If the users are asked by the respective providers of social media to provide their consent to the data processing, the legal basis of the processing is Art. 6 Para. 1 (a) GDPR.

For a detailed description of the respective processing and the possibilities of objection or withdrawal, we refer to the data privacy statements of the respective social media.

In the case of requests for information and the assertion of the rights of the data subject otherwise, we would like to point out that these should best be directed to the social media themselves. Only the provider concerned has access to the users’ data and can take measures directly.

We would like to point out that some social media may process user data outside the European Union and pass on data to third parties in countries that do not have an adequate level of data protection, e.g. the USA.

Contacting us (Contact Form)

When you contact us, your details are used for processing your contact enquiry and dealing with it within the framework of the fulfilment of precontractual rights and duties in accordance with Art. 6 Para. 1 (b) GDPR. The processing of your data is necessary for dealing with and answering your enquiry, otherwise we are unable to answer your enquiry, or can only do so at most to a limited extent.

We will delete your enquiry and your contact details as soon as your enquiry has been completely answered and provided deletion is not prevented by any statutory retention periods, for example within the framework of the subsequent performance of a contract. Deletion usually takes place when there has been no further contact with you for three consecutive years.

Newsletter

You have the option of subscribing to our newsletter via our website. Our newsletter contains information about our products and services as well as accompanying information, offers and / or promotions.
We use the provider Mailchimp for this purpose. We cannot exclude that Mailchimp transfers data to the USA. To ensure an appropriate level of data protection, we have concluded the EU standard contractual clauses with Mailchimp. You can find further information on data protection by Mailchimp under the following link (https://mailchimp.com/de/help/mailchimp-european-data-transfers/#Europ%C3%A4ische_Datenexport-Compliance_bei_Mailchimp).

The consent to our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with a foreign e-mail address. Subscriptions to the newsletter are logged in accordance with Art 6 (1) (f) DSGVO on the basis of our legitimate interest in traceability. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your stored data are also logged.

The sending of the newsletter and the performance measurement associated with it are based on consent pursuant to Art. 6 para. 1 letter a DSGVO or, if consent is not required, on our legitimate interests in direct marketing for similar products and services pursuant to Art. 6 para. 1 letter f DSGVO.

Objection/revocation - You can unsubscribe from receiving our newsletter at any time by revoking your consent with effect for the future in accordance with Art. 7 (3) DSGVO or by objecting to the processing. You will find an option for this in the respective newsletter itself or simply contact us by email. The data provided for the HIRSCH newsletter will be stored by us until you unsubscribe from the newsletter and beyond that only as long as we need data to enforce or defend legal claims.

Server Log Files

For technical reasons, especially to guarantee a functional and secure internet presence, we process technically necessary data on access to our website in server log files, which your browser transmits to us automatically.
The following data are logged:

  • website visited
  • browser type/version used
  • operating system used
  • the site visited previously
  • hostname of the accessing computer
  • time of the server request
  • volume of data sent
  • hostname of the accessing computer (IP address used)

These data are not attributed to any natural person and serve solely for evaluations to improve our website. These data are transmitted only to our website providers. These data are not combined or merged with other data sources. If unlawful use of our website takes place, we reserve the right to subsequently scrutinise these data. The data processing is based on our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in displaying our website free from technical faults and in optimising our website.

The data are deleted again shortly after the purpose has been accomplished, but mostly after several days, provided no further retention is necessary for evidentiary purposes. Otherwise the data are stored until any incident has been definitively clarified.

Data security

On the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in using suitable encryption techniques, when you visit our website we use the widespread SSL (Secure Socket Layer) process in combination with the highest level of security supported by your browser. This is usually 256 bit encryption. If your browser does not support 256 bit encryption, we resort to 128 bit v3 technology instead. You can recognise when an individual page of our website is being transmitted encrypted by the fact that the closed padlock symbol is shown in the lower status bar of your browser.

Otherwise we use suitable technical and organisational measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved and kept consistent with the state of the art in accordance with technological development.

Email

When you send us enquiries by email, we store your details including the contact details you have provided, for the purpose of processing your enquiry and in case there are follow-up questions. We would like to expressly point out that data transmission on the internet (e.g. during email communication) can exhibit security gaps and cannot be totally protected against access by third parties.

Commercial Advertising

We expressly do not wish the contact details in our legal information or on our website to be used for commercial advertising, unless we have consented to this in writing. All the persons named on this website hereby object to any commercial use and disclosure of these data.


GENERAL Information ON data protection FOR DATA SUBJECTS

Controller for data protection:
HIRSCH Armbänder GmbH, Hirschstraße 5, 9020 Klagenfurt am Wörthersee, Austria

HANDLING personal data:
The protection of your personal data matters greatly to us.
Personal data means information that can be individually attributed to you. Examples of this include your address, name, postal address, email address or phone number. Details such as the number of users visiting a website are not personal data, because they are not attributed to one person.

We handle personal data in accordance with the legal data protection regulations, in particular the EU GDPR, and in accordance with this Data Privacy Statement, as well as the respective data protection laws in force nationally.

Rights of data subjects
You have the right:

  • in accordance with Art. 15 GDPR to request information about the personal data concerning you that are processed by us. In particular you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if they were not collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this if applicable.
  • in accordance with Art. 16 GDPR to request the rectification of inaccurate personal data concerning you without undue delay or the completion of personal data concerning you that we have stored.
  • in accordance with Art. 17 GDPR to request the erasure of the personal data concerning you that we have stored, provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  • in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as you contest the accuracy of the data, the processing is unlawful but you oppose the erasure of the data and we no longer require them, however you require the data for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
  • in accordance with Art. 20 GDPR to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of those data to another controller.
  • in accordance with Art. 21 GDPR, insofar as your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data insofar as there are reasons that derive from your particular situation or your objection is against direct marketing. In the latter case you have a general right of objection that will be implemented by us without your stating a particular situation.
  • in accordance with Art. 7 Para. 3 GDPR the right at any time to withdraw a consent you have issued to us. The result of this will be that we are no longer permitted to continue the data processing based on this consent.
  • in accordance with Art. 77 GDPR the right to lodge a complaint with a supervisory authority in respect of the unlawful processing by us of your data. Generally, you can approach the supervisory authority for your habitual residence, your place of work or our registered office.

The competent supervisory authority for HIRSCH Armbänder GmbH is the Austrian data protection authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of the rights of dasta subjects:
You yourself decide on the use of your personal data. Therefore if you wish to exercise one of your rights as stated above against us, please contact us via the contact form. Please assist us in ascertaining your enquiry by answering the questions from our responsible employees about the processing of your personal data. In your enquiry please state in which role you were in contact with us (employee, applicant, supplier, customer, etc.) and during what period. This will enable us to process your concern promptly.

Storage Period (Deletion Deadlines):
In accordance with Art. 5 Para. 1 (e) GDPR we are obliged to erase personal data as soon as the purpose of processing has been dealt with. The erasure of the data takes place after the expiry of the legal warranty and compensation periods, or of other contractual or legal periods, in particular retention periods under tax law. In this context we wish to point out that legal retention obligations and periods represent a legitimate purpose for the storage and retention of personal data.

In addition, we store and retain data in personalised form until the ending of any legal disputes in which the data are required as proof, or in any event until the expiry of the third year after the last contact with a business partner.

Forwarding of data
No transmission of your personal data to third parties takes place for purposes other than those stated below.

We only forward your personal data to third parties if:
You have issued your express consent to this in accordance with Art. 6 Para. 1 (a) GDPR, the forwarding is necessary in accordance with Art. 6 Para. 1 (f) GDPR for the safeguarding of commercial interests, as well as for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest which requires protection in the non-disclosure of your data, in the event of there being a legal obligation for such forwarding in accordance with Art. 6 Para. 1 (c) GDPR, and this is legally permitted and in accordance with Art. 6 Para. 1 (b) GDPR is necessary for the performance of contractual relations with you.

Cooperation with processors
Insofar as we instruct third parties to process data on the basis of a contract for processing on our behalf, this takes place on the basis of Art. 28 GDPR.

Forwarding to third countries
If we process data in a third country, or this takes place within the framework of the use of the services of third parties or disclosure or transmission of data to other persons or companies, this takes place only for the reasons stated above for the forwarding of data. Subject to express consent or contractual necessity, we process the data or have them processed only in third countries with a recognised level of data protection, or on the basis of particular guarantees, such as contractual obligation through standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 – 49 GDPR).

However, we expressly point out that with some third-party services that are used on our website and for which we require your express consent, user data may be processed outside the European Union and data may be passed on to third parties in countries that do not have an adequate level of data protection.

We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the ‘EU-US Data Privacy Framework’ (DPF) or has suitable additional guarantees.

Security measures
In accordance with Art. 32 GDPR we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking account of the state of the art, the implementation costs, and the nature, scope and purposes of the processing, as well as the risk of varying likelihood and severity of the risk for the rights and freedoms of natural persons.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the system access concerning it, input, forwarding, securing the availability and its separation. In addition, we have set up procedures that guarantee the protection of the rights of data subjects, the erasure of data and the response to threats to data. We also take account of the protection of personal data when developing or selecting hardware, software and processes, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

Up-to-dateness and changes to this data privacy statement
Due to the development of our website and the offers we provide via the website, or on the basis of changed legal or official requirements, it can become necessary to change this Data Privacy Statement. You can access and print the respective current Data Privacy Statement on our website at any time.