DATA PRIVACY STATEMENT
This Data Privacy Statement provides an overview of the nature, scope and purposes of the processing of personal data during visits to our website. Personal data means all information by means of which you can be identified personally, among other things also your IP address.
This Data Privacy Statement also includes a further section containing general information about data processing generally, which applies to all our processing activities.
The terms used in this Statement are aligned with the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).
INFORMATION FOR USERS OF OUR WEBSITE
Controller for the data collection on this website:
HIRSCH Armbänder GmbH, Hirschstraße 5, 9020 Klagenfurt am Wörthersee, Austria
Data collection on our Website
Your data are collected on the one hand when you provide them to us, and on the other hand data, in particular technical data, are collected automatically when you visit our website. Some of the data are collected to ensure that our website functions faultlessly. Other data can be used for analysis. You can find out more about this in the next point.
We process our customers’ data, especially their master data, communication data, payment data and contractual data within the framework of implementing payment processes in our webshop. This takes place for the purpose of selecting and ordering the chosen products and/or services, as well as for paying for them and delivering or implementing them.
The purpose of the processing is the provision of contractual services within the framework of operating our webshop, invoicing deliveries and services, delivering products and implementing services. In this we use session cookies for storing the content of shopping baskets, and permanent cookies for storing the login status.
The processing takes place on the basis of Art. 6 Para. 1 (b) GDPR for processing orders, and in addition in accordance with Art. 6 Para. 1 (c) GDPR for compliance with our legal retention obligations on the basis of trade and tax regulations. The details that are obligatory for the performance of the contract are identified as such when they are entered in our shop system. We transmit the data to third parties only for the implementation of the delivery, payment or within the framework of the legal rights and duties, and to legal advisers and authorities where required within the framework of our legitimate interest in asserting our rights in accordance with Art. 6 Para. 1 (f) GDPR. The data are only processed in third countries if this is absolutely necessary for the performance of the contract (e.g. if the customer so wishes for delivery or payment).
Users can set up a user account, in which for example they can see their orders. User accounts are not visible publicly. If users have terminated their user account, their data in respect of the user account are deleted, unless it is obligatory to retain these data for reasons of trade or tax law in accordance with Art. 6 Para. 1 (c) GDPR, or it is necessary on the basis of our legitimate interest in asserting our rights in accordance with Art. 6 Para. 1 (f) GDPR. It is the responsibility of the users to secure their data before the end of the contract once they have given notice of termination.
Within the framework of registration and in the event of re-registrations, as well as when our online services are used, we store the IP address and time of the respective user actions. This storage takes place on the basis of our legitimate interests in accordance with Art. 6 Para. 1 (f) GDPR, and also in the legitimate interest of the users themselves in protecting their data against misuse and other unauthorised use. These data are strictly not forwarded to third parties, unless this is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 (c) GDPR.
The data are erased after the expiry of the legal warranty and compensation periods or of other contractual or legal periods, in particular the retention periods required by tax law.
USED MODULES, PLUG-INS OR THIRD-PARTY SUPPLIER TOOLS
Cookies are small data packages that are exchanged between your browser and the web server when you visit our website. These do not cause any damage, and serve only to recognise the visitors to the website. The next time you access our website with the same end device, the information stored in the cookies can subsequently be sent back either to us (“first-party cookie”) or to the web application of a third-party manufacturer to which the cookie belongs (“third-party cookie”). By means of the stored information that is sent back, the respective web application recognises that you have already accessed and visited the website with the browser of your end device. We use this information to be able to design and display our website optimally for you according to your preferences. Any processing of your personal data in addition to this will only take place after you have expressly consented to this in accordance with Art. 6 Para. 1 (a) GDPR, or if this is essential technically in accordance with Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest in your being able to appropriately use the service we offer that you have accessed.
Depending on the purpose and function, we divide cookies into the following 3 categories:
- Cookies that are technically necessary to ensure the technical operation and essential functions of our website
- Statistical cookies, to understand how visitors act with our website, by collecting and analysing information anonymously
- Marketing cookies, to track visitors on our website and undertake targeted advertising activities
The legal basis for the use of technically necessary cookies is our legitimate interest in the technically faultless operation and smooth functioning of our website in accordance with Art. 6 Para. 1 (f) GDPR. The use of statistical and marketing cookies requires your consent in accordance with Art. 6 Para. 1 (a) GDPR.
Please note that generally disabling cookies might lead to the functions on our website being restricted.
Facebook Pixel, Custom Audiences And Facebook Conversion
In order to analyse and optimise our online content and operate it commercially, on our website we use the Facebook pixel from the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Using the Facebook pixel enables Facebook on the one hand to specify the visitors to our online content as a target group, so that they can be shown advertising (so-called Facebook ads). Accordingly we use the Facebook pixel to display the ads we have placed on Facebook only to those Facebook users who have also shown an interest in our online content, or who exhibit the particular characteristics (e.g. interests in certain topics or products that are identified by means of the websites visited) that we communicate to Facebook (so-called custom audiences). By using the Facebook pixel we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. We can also use the Facebook pixel to understand the effectiveness of the Facebook ads for statistical and market research purposes, by seeing whether visitors were forwarded to our website after clicking on a Facebook ad (so-called conversion).
Facebook processes the data within the framework of Facebook’s data policy. Corresponding general information about displaying Facebook ads can be found in the Facebook data policy at https://de-de.facebook.com/policy.php You can find special information and details of the Facebook pixel and how it works in the Help section on Facebook: https://de-de.facebook.com/business/help/651294705016616.
The data in the cookies are processed on the basis of your consent in accordance with Art. 6 Para. 1 (a) GDPR. You can withdraw this consent at any time with future effect. Your data are only processed in addition to this on the basis of technical requirements.
You can object to your data being collected by the Facebook pixel and being used to show you Facebook ads. To set which types of advertising are shown to you on Facebook, you can access the page below, which has been created by Facebook, and follow the information shown there about the settings for usage-based advertising: www.facebook.com/settings. The settings take effect independently of the specific platform, in other words they will be adopted for all devices, such as desktop computers or mobile devices.
If you do not agree to your data being processed, you have the option of adjusting the settings in your internet browser to prevent the storage of cookies. More detailed information about this can be found under the item “Cookies” in this Data Privacy Statement.
Insofar as data are processed by Facebook in the USA, we would like to point out that Facebook Inc. with its registered office in the USA is certified under the Privacy Shield agreement, which thus ensures that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The transmission of data to the USA is therefore permitted in accordance with Art. 45 GDPR.
Google will use this information on our behalf to evaluate the use of our website, compile reports on the activities within our website and provide us with further services associated with the use of our website and of the internet. According to Google, the IP address transmitted by your browser will not be associated with other data held by Google.
We use Google Analytics only with IP anonymisation enabled, as we have upgraded this website to include the code “anonymizeIP”. This guarantees that your IP address is masked so that all data are collected anonymously. Only in exceptional cases will the full IP address be transmitted to Google for storage on a Google server and abridged there.
The data on the use of our website are immediately deleted after the end of the respective retention period that we have set. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can ask us about the retention period we currently have set or exercise your right of erasure at any time.
The processing of your data by means of cookies within the framework of this service is based on your express consent in accordance with Art. 6 Para. 1 (a) GDPR. You can withdraw your consent at any time with future effect in accordance with Art. 7 Para. 3 GDPR. If you have not provided your consent, or in the event of withdrawal, only those cookies that are essential for the operation and use of our website will ever be placed. In this case and in all other cases, your data will be processed only due to technical requirements on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR.
If you do not agree to your data being processed, you can also prevent the storage of cookies at any time by means of a setting in your browser. You will find further information about this under the item “Cookies” in this Data Privacy Statement.
In addition, you can prevent your data being collected by cookies by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Insofar as data are processed by Google in the USA, we would like to point out that Google is certified under the Privacy Shield agreement, which thus ensures that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Privacy Shield agreement is an agreement between the European Union and the USA, which is intended to guarantee compliance with European data protection standards in the USA. The transmission of data to the USA would therefore be permitted in accordance with Art. 45 GDPR.
In order to display fonts consistently, our website uses so-called Web Fonts provided by Google. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, the browser you are using has to establish a connection to the Google servers. In this way Google learns that our website has been accessed via your IP address. Google also stores the IP address of the browser of the end device used by the visitor to this website. If your browser does not support Web Fonts, your computer uses a standard font. Through every Google Font enquiry, not only the IP address, but also information such as language settings, screen resolution, browser version and name are automatically transmitted to Google servers. It is not clear whether these data are also stored, but in all events via the usage data collected Google can establish the popularity of fonts. Google publishes the results on internal analysis pages (e.g. Google Analytics).
Insofar as data are processed by Google in the USA, we would like to point out that Google is certified under the Privacy Shield agreement, which thus ensures that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The transmission of data to the USA is therefore permitted in accordance with Art. 45 GDPR.
With Google Fonts we can use fonts on our own website without having to upload them to our server. Google Fonts is an important element in maintaining the high quality of our website. All Google Fonts are automatically web-optimised and this saves data volume; it is also a great benefit especially when using mobile devices. When you visit us, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts and support all established browsers. Thus the processing of your data takes place in our legitimate interest in presenting our online content in a consistent and attractive way. In any event this represents a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
Google stores enquiries about CSS assets on its servers for one day. This enables us to use the fonts by means of a Google style sheet. The font files are stored for one year by Google. To delete files prematurely you need to contact Google Support (https://support.google.com/?hl=en).
Hosting, Sending Emails
Within the framework of hosting our website, all the data to be processed in connection with the operation of our website are stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in optimising our website offering. To provide our online content we use services of web hosting providers, to whom we make the above-mentioned data available within the context of processing on our behalf in accordance with Art. 28 GDPR.
Our website uses the service Hotjar. This is a web analysis service from Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”). Hotjar serves for us to analyse the usage behaviour of our internet presence on the basis of our legitimate interest in the analysis and optimisation of our internet presence. Via Hotjar we can log and evaluate your usage behaviour on our website, such as your mouse movement or mouse clicks. Your visits to our website are anonymised for this. In addition, via Hotjar information about your operating system, internet browser, incoming or outgoing links, the geographical origin and the type and resolution of the end device you use are evaluated and edited for statistical purposes. Hotjar can also obtain direct feedback from you.
In addition, you have the option of ending the analysis of your usage behaviour by means of an opt-out. When you confirm the link https://www.hotjar.com/opt-out a cookie is stored on your end device via your internet browser which prevents further analysis. Please note that you will have to confirm the above link again if you delete the cookies stored on your end device.
The processing of your data in the cookies is based on your consent in accordance with Art. 6 Para. 1 (a) GDPR. You can withdraw this consent at any time with future effect. Processing in addition to this only takes place on the basis of technical requirements.
If you do not agree to your data being processed, you have the option of preventing the storage of cookies by means of a setting in your browser. Further information on this can be found under the item “Cookies” in this Data Privacy Statement.
Hotjar offers further data protection information at https://www.hotjar.com/legal/policies/privacy.
Internet Presence on social media
We have internet presences on social media so that we can communicate there with active users and inform them there about our services.
Our processing of the users’ personal data takes place on the basis of our legitimate interest in extensive information and communication with the users in accordance with Art. 6 Para. 1 (f) GDPR. If the users are asked by the respective providers of social media to provide their consent to the data processing, the legal basis of the processing is Art. 6 Para. 1 (a) GDPR.
For a detailed description of the respective processing and the possibilities of objection or withdrawal, we refer to the data privacy statements of the respective social media.
In the case of requests for information and the assertion of the rights of the data subject otherwise, we would like to point out that these should best be directed to the social media themselves. Only the provider concerned has access to the users’ data and can take measures directly.
We wish to point out that in the case of some social media, the users’ data can be processed outside the European Union. In respect of US providers that are certified under the Privacy Shield, we wish to point out that the providers undertake to comply with the data protection standards of the EU, especially those of the GDPR. The transmission of data to the USA is permitted where there is an active Privacy Shield certification in accordance with Art. 45 GDPR.
Contacting us (Contact form)
When you contact us, your details are used for processing your contact enquiry and dealing with it within the framework of the fulfilment of precontractual rights and duties in accordance with Art. 6 Para. 1 (b) GDPR. The processing of your data is necessary for dealing with and answering your enquiry, otherwise we are unable to answer your enquiry, or can only do so at most to a limited extent. Your details can be stored in a customer and prospect database on the basis of our legitimate interest in direct marketing in accordance with Art. 6 Para. 1 (f) GDPR.
We will delete your enquiry and your contact details as soon as your enquiry has been completely answered and provided deletion is not prevented by any statutory retention periods, for example within the framework of the subsequent performance of a contract. Deletion usually takes place when there has been no further contact with you for three consecutive years.
You have the option of registering for our newsletter via our website. Our newsletter contains information about our products and services, as well as accompanying information, offers and/or promotions.
Consent to our newsletter takes place by means of a double opt-in process, i.e. after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using another person’s email address. Registrations for our newsletter are logged in accordance with Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest in demonstrability. This includes storing the date of both registration and confirmation, and the IP address. Changes to your stored data are also logged.
The newsletter is sent out and the associated success is measured on the basis of a consent in accordance with Art. 6 Para. 1 (a) GDPR, or if no consent is required, on the basis of our legitimate interest in direct marketing for similar products and services in accordance with Art. 6 Para. 1 (f) GDPR.
Objection/withdrawal – You can unsubscribe from receiving our newsletter at any time by withdrawing your consent with future effect in accordance with Art. 7 Para. 3 GDPR, or filing an objection to the processing. You will find an option in this respect in the respective newsletter itself, or you can simply contact us by email. We can store your email address for up to three years before deleting it on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR, in order to be able to demonstrate any consent you formerly issued.
Server Log Files
For technical reasons, especially to guarantee a functional and secure internet presence, we process technically necessary data on access to our website in server log files, which your browser transmits to us automatically.
The following data are logged:
- website visited
- browser type/version used
- operating system used
- the site visited previously
- hostname of the accessing computer
- time of the server request
- volume of data sent
- hostname of the accessing computer (IP address used)
These data are not attributed to any natural person and serve solely for evaluations to improve our website. These data are transmitted only to our website providers. These data are not combined or merged with other data sources. If unlawful use of our website takes place, we reserve the right to subsequently scrutinise these data. The data processing is based on our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in displaying our website free from technical faults and in optimising our website.
The data are deleted again shortly after the purpose has been accomplished, but mostly after several days, provided no further retention is necessary for evidentiary purposes. Otherwise the data are stored until any incident has been definitively clarified.
On the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR in using suitable encryption techniques, when you visit our website we use the widespread SSL (Secure Socket Layer) process in combination with the highest level of security supported by your browser. This is usually 256 bit encryption. If your browser does not support 256 bit encryption, we resort to 128 bit v3 technology instead. You can recognise when an individual page of our website is being transmitted encrypted by the fact that the closed padlock symbol is shown in the lower status bar of your browser.
Otherwise we use suitable technical and organisational measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved and kept consistent with the state of the art in accordance with technological development.
When you send us enquiries by email, we store your details including the contact details you have provided, for the purpose of processing your enquiry and in case there are follow-up questions. We would like to expressly point out that data transmission on the internet (e.g. during email communication) can exhibit security gaps and cannot be totally protected against access by third parties.
We expressly do not wish the contact details in our legal information or on our website to be used for commercial advertising, unless we have consented to this in writing. All the persons named on this website hereby object to any commercial use and disclosure of these data.
GENERAL INFORMATION ON DATA PROTECTION FOR DATA SUBJECTS
Controller for data protection:
HIRSCH Armbänder GmbH, Hirschstraße 5, 9020 Klagenfurt am Wörthersee, Austria
Handling personal data:
The protection of your personal data matters greatly to us.
Personal data means information that can be individually attributed to you. Examples of this include your address, name, postal address, email address or phone number. Details such as the number of users visiting a website are not personal data, because they are not attributed to one person.
We handle personal data in accordance with the legal data protection regulations, in particular the EU GDPR, and in accordance with this Data Privacy Statement, as well as the respective data protection laws in force nationally.
Rights of data subjects
You have the right:
- in accordance with Art. 15 GDPR to request information about the personal data concerning you that are processed by us. In particular you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if they were not collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this if applicable.
- in accordance with Art. 16 GDPR to request the rectification of inaccurate personal data concerning you without undue delay or the completion of personal data concerning you that we have stored.
- in accordance with Art. 17 GDPR to request the erasure of the personal data concerning you that we have stored, provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as you contest the accuracy of the data, the processing is unlawful but you oppose the erasure of the data and we no longer require them, however you require the data for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
- in accordance with Art. 20 GDPR to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of those data to another controller.
- in accordance with Art. 21 GDPR, insofar as your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data insofar as there are reasons that derive from your particular situation or your objection is against direct marketing. In the latter case you have a general right of objection that will be implemented by us without your stating a particular situation.
- in accordance with Art. 7 Para. 3 GDPR the right at any time to withdraw a consent you have issued to us. The result of this will be that we are no longer permitted to continue the data processing based on this consent.
- in accordance with Art. 77 GDPR the right to lodge a complaint with a supervisory authority in respect of the unlawful processing by us of your data. Generally, you can approach the supervisory authority for your habitual residence, your place of work or our registered office.
The competent supervisory authority for HIRSCH Armbänder GmbH is the Austrian data protection authority:
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, firstname.lastname@example.org
Assertion of the rights of data subjects:
You yourself decide on the use of your personal data. Therefore if you wish to exercise one of your rights as stated above against us, you are welcome to send an email to email@example.com. Please send together with your request a copy of an official photo ID for unambiguous identification, and assist us in ascertaining your enquiry by answering the questions from our responsible employees about the processing of your personal data. In your enquiry please state in which role you were in contact with us (employee, applicant, supplier, customer, etc.) and during what period. This will enable us to process your concern promptly.
Storage period (Deleation deadlines):
In accordance with Art. 5 Para. 1 (e) GDPR we are obliged to erase personal data as soon as the purpose of processing has been dealt with. The erasure of the data takes place after the expiry of the legal warranty and compensation periods, or of other contractual or legal periods, in particular retention periods under tax law. In this context we wish to point out that legal retention obligations and periods represent a legitimate purpose for the storage and retention of personal data.
In addition, we store and retain data in personalised form until the ending of any legal disputes in which the data are required as proof, or in any event until the expiry of the third year after the last contact with a business partner.
Forwarding of data:
No transmission of your personal data to third parties takes place for purposes other than those stated below.
We only forward your personal data to third parties if:
You have issued your express consent to this in accordance with Art. 6 Para. 1 (a) GDPR, the forwarding is necessary in accordance with Art. 6 Para. 1 (f) GDPR for the safeguarding of commercial interests, as well as for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest which requires protection in the non-disclosure of your data, in the event of there being a legal obligation for such forwarding in accordance with Art. 6 Para. 1 (c) GDPR, and this is legally permitted and in accordance with Art. 6 Para. 1 (b) GDPR is necessary for the performance of contractual relations with you.
Cooperation with processors:
Insofar as we instruct third parties to process data on the basis of a contract for processing on our behalf, this takes place on the basis of Art. 28 GDPR.
Forwarding to third countries:
If we process data in a third country, or this takes place within the framework of the use of the services of third parties or disclosure or transmission of data to other persons or companies, this takes place only for the reasons stated above for the forwarding of data. Subject to express consent or contractual necessity, we process the data or have them processed only in third countries with a recognised level of data protection, including the US processors certified under the Privacy Shield, or on the basis of particular guarantees, such as contractual obligation through standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 – 49 GDPR).
In accordance with Art. 32 GDPR we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking account of the state of the art, the implementation costs, and the nature, scope and purposes of the processing, as well as the risk of varying likelihood and severity of the risk for the rights and freedoms of natural persons.
The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the system access concerning it, input, forwarding, securing the availability and its separation. In addition, we have set up procedures that guarantee the protection of the rights of data subjects, the erasure of data and the response to threats to data. We also take account of the protection of personal data when developing or selecting hardware, software and processes, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Up-to-dateness and changes to this data privacy statement
Due to the development of our website and the offers we provide via the website, or on the basis of changed legal or official requirements, it can become necessary to change this Data Privacy Statement. You can access and print the respective current Data Privacy Statement on our website at any time.