Privacy policy
The controller responsible for the processing of personal data on this website in accordance with the General Data Protection Regulation (GDPR) is:
Everleaf GmbH
Linzer Straße 415/7, 1140 Vienna
Telephone: +43 1928 3456
Email: hi@myeverleaf.com
1) Data Collection When Visiting Our Website
When you visit our website for informational purposes only, without registering or otherwise transmitting information to us, we collect only the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
2) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (so-called persistent cookies). Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
Cookies are partly used to store settings in order to simplify the ordering process (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
3) Contact and Hosting
Contact
When you contact us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is Art. 6(1)(b) GDPR (necessary for the performance of pre-contractual measures). Your data will be deleted 3 years after the final processing of your inquiry.
Shopify
For the hosting of our website and the presentation of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
In the case of data transmission to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.
4) Data Processing for Contract Execution
Contract Execution
In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract. The data collected can be seen from the respective order form. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be deleted with regard to tax and commercial law retention periods (currently 7 years).
5) Data Processing for Order Execution
5.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
To process your order, we also work with the following service providers, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
5.2 Use of Special Service Providers for Order Processing and Execution
To fulfill our contractual obligations to our customers, we also work with other external shipping partners.
Sendcloud
For shipping, we use the service of the following provider: Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich
In accordance with Art. 6(1)(b) GDPR, we pass on your data to the provider exclusively for the purpose of processing your online order, who, on our behalf, handles the printing of shipping labels and the transmission of shipment data to the commissioned transport company. Data is only passed on to the extent that it is actually necessary for processing.
On our behalf, the provider also sends shipping notifications and status updates regarding delivery. For this purpose, in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in effective and informative customer communication and in the transparent and reliable processing of shipments after the package has been dispatched, we pass on certain customer data (email address, first and last name, and address) together with the shipment number to the provider.
The data is not passed on to third parties by the provider and is processed exclusively for the aforementioned purpose. After the shipment has been completed, the data is deleted by the provider.
We have concluded an order processing agreement with the provider, which protects the data of our website visitors and prohibits unauthorized disclosure to third parties.
Disclosure of Personal Data to Shipping Service Providers
As transport service providers, we use the following providers:
- DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria
- Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria
In accordance with Art. 6(1)(b) GDPR, we pass on your data to the provider exclusively for the purpose of delivering the goods, including for the purpose of coordinating a delivery date or for delivery notification. The data is only passed on to the extent that it is necessary for the delivery. The data is not passed on to third parties by the provider and is processed exclusively for the aforementioned purpose. After the shipment has been completed, the data is deleted by the provider.
We have concluded an order processing agreement with the provider, which protects the data of our website visitors and prohibits unauthorized disclosure to third parties.
5.3 Use of Payment Service Providers (Payment Services)
Apple Pay
If you opt for the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment process is carried out via the "Apple Pay" function of your device operated with iOS, watchOS, or macOS by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for the purpose of executing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed during the aforementioned transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Apple stores anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. The anonymization excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made via Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the use of Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."
For more information about privacy with Apple Pay, visit the following website: https://support.apple.com/de-de/HT203027
bancontact
This website offers one or more online payment methods from the following provider: Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
EPS Transfer
This website offers one or more online payment methods from the following provider: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
Google Pay
If you opt for the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment process is carried out via the "Google Pay" application of your mobile device operated with at least Android 4.4 ("KitKat") and equipped with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay in excess of €25, you must first unlock your mobile device using the respective verification measure set up (e.g., facial recognition, password, fingerprint, or pattern). For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, with which a completed payment is verified. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay but is created and transmitted as a one-time valid numeric token. In all transactions via Google Pay, Google acts merely as an intermediary to process the payment transaction. The execution of the transaction takes place exclusively in the relationship between the user and the originating website by charging the means of payment stored with Google Pay. If personal data is processed during the aforementioned transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant's location and description, a description of the purchased goods or services provided by the merchant, photos that you attach to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) GDPR based on the legitimate interest in proper billing, verification of transaction data, and optimization and maintenance of the functionality of the Google Pay service.
Google also reserves the right to combine the processed transaction data with further information collected and stored by Google when using other Google services.
The terms of use of Google Pay can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection with Google Pay can be found at the following website:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
iDeal
This website offers one or more online payment methods from the following provider: Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
Klarna
This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
If you choose a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative payment method).
To safeguard our legitimate interest in determining the solvency of our customers, we will pass on this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment method you have chosen can be granted with regard to payment and/or default risks.
In addition to internal criteria in accordance with Art. 6(1)(f) GDPR, identity and credit information from the following credit agencies may also be included in the decision-making process within the scope of the application review:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data are included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Mollie
This website offers one or more online payment methods from the following provider: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
Paypal
This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you choose a payment method from the provider where you pay in advance, the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
If you choose a payment method where we pay in advance, you will be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative payment method).
To safeguard our legitimate interest in determining your solvency, we will pass on this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment method you have chosen can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data are included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
SOFORT
This website offers one or more online payment methods from the following provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
If you choose a payment method from the provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent that it is necessary for this purpose.
6) Use of Your Data for Direct Marketing
6.1 Subscription to Our Email Newsletter
When you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your email address.
By subscribing to the newsletter, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you register for the newsletter, we store your IP address provided by the Internet Service Provider (ISP) and the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of addressing you in an advertising manner by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending us a corresponding message. After you unsubscribe, your email address will be deleted from our newsletter distribution list immediately.
6.2 Sending the Email Newsletter to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers by email on similar goods or services from our range.
According to § 174 TKG, we do not need to obtain separate consent from you for this. The data processing is based solely on our legitimate interest in personalized direct advertising in accordance with Art. 6(1)(f) GDPR and § 174 TKG. If you have initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying us.
6.3 Klaviyo
The delivery of our email newsletters is handled by the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter to the provider in accordance with Art. 6(1)(f) GDPR so that the provider can send the newsletter on our behalf.
Unless you have given your explicit consent in accordance with Art. 6(1)(a) GDPR, the provider will also use statistical success evaluation of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. In doing so, end device information (e.g., time of access, IP address, browser type, and operating system) is collected and evaluated, but not combined with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded an order processing agreement with the provider, which protects the data of our website visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7) Web Analysis
7.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows us to analyze your use of our website.
By default, Google Analytics 4 sets cookies, which are small text files stored on your device that collect certain information. The scope of this information includes your IP address, which is, however, shortened by Google by the last digits to exclude a direct personal reference.
The information is transmitted to Google's servers and processed there. This may also involve transmissions to Google LLC's servers in the USA.
Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities for us, and to provide other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 will be stored for a period of two months and then deleted.
All of the aforementioned processing, in particular the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of Google Analytics 4 will not take place during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with Google, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites
Demographic Characteristics
Google Analytics 4 uses the special feature "demographic characteristics," which allows it to create statistics that provide information about the age, gender, and interests of page visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. The collected data cannot be assigned to a specific person and will be deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can, with your consent to use Google Analytics in accordance with Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create databases, including cross-device conversions. We do not receive any personal data from Google, but only statistics. If you want to stop cross-device analysis, you can disable the "Personalized Advertising" feature in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de For more information about Google Signals, visit the following link: https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6(1)(a) GDPR, have set up an account on this website, and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7.1 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google sets a cookie in the browser of your device, which enables interest-based advertising based on the pages you visit using a pseudonymous cookie ID. Further data processing will only take place if you have consented to Google that your internet and app browsing history will be linked to your Google account and that information from your Google account will be used to personalize ads that you see on the web. If you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create target group lists for cross-device remarketing and to define them. For this purpose, your personal data will be temporarily linked with Google Analytics data by Google to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of retargeting technology will not take place during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Details on the processing initiated by Google and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
Further information on Google's privacy policy can be found here:
https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
7.2 Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use the Google Ads service to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. This allows us to determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, making our website more interesting to you, and achieving a fair calculation of advertising costs.
This website uses Google Ads conversion tracking exclusively without the use of cookies, which means that the service does not set cookies on your device at any time.
Instead, the local storage of your browser is used to store an individual ID assigned by Google, which enables an analysis of your use of the website. For this purpose, certain user information is processed via the ID.
The ID is set when a user clicks on an ad placed by Google.
If the user visits certain pages of this website, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. In the course of using Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA. Details on the processing initiated by Google Ads conversion tracking and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
If the collected information has a personal reference, the processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in the statistical evaluation of the success of our advertising campaigns.
Google's privacy policy can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7.3 Meta Pixel
Within our online offer, we use the service "Meta Pixel" of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")
If a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel." This URL parameter is then entered into the user's browser via a cookie set by our linked page itself after redirection.
This allows Meta to determine the visitors to our online offer as the target group for the display of advertisements (so-called "ads"). Accordingly, we use the service to display the Facebook and/or Instagram ads placed by us only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences").
On the other hand, with the "Meta Pixel," it can be tracked whether users have been redirected to our website after clicking on an advertisement and what actions they have taken there (so-called "conversion tracking").
The collected data is anonymous for us, i.e., it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
The information generated by Meta is usually transmitted to a Meta server and stored there; this may also involve transmission to Meta Platforms Inc. servers in the USA.
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7.4 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google sets a cookie in the browser of your device, which enables interest-based advertising based on the pages you visit using a pseudonymous cookie ID. Further data processing will only take place if you have consented to Google that your internet and app browsing history will be linked to your Google account and that information from your Google account will be used to personalize ads that you see on the web. If you are logged in to Google during your visit to our website, Google will use your data together with Google Analytics data to create target group lists for cross-device remarketing and to define them. For this purpose, your personal data will be temporarily linked with Google Analytics data by Google to form target groups. As part of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of retargeting technology will not take place during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has committed to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Details on the processing initiated by Google and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
Further information on Google's privacy policy can be found here:
https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
7.5 Pinterest Retargeting Pixel
This website uses retargeting technology from the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
This technology allows us to target visitors to our websites who have already shown interest in our shop and our products with personalized, interest-based advertising. The ads are displayed based on a cookie-based analysis of previous and current usage behavior, but no personal data is stored. In the case of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. You will thus be shown advertising that is highly likely to match your product and information interests.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of retargeting technology will not take place during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.
7.6 Pinterest Tag Conversion Tracking
This website uses the conversion tracking technology of the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
If you have reached our website from an advertisement on the provider's domain, it is possible to track the success of the advertisement using cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests).
For this purpose, certain end-device and browser information, possibly including your IP address, is read out via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages) after redirection from an advertisement. This enables us to create statistics about the usage behavior on our website after redirection from an advertisement, which serve to optimize our offer.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
7.7 TikTok Pixel
This website uses the conversion tracking technology of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
If you have reached our website from an advertisement on the provider's domain, it is possible to track the success of the advertisement using cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests).
For this purpose, certain end-device and browser information, possibly including your IP address, is read out via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages) after redirection from an advertisement. This enables us to create statistics about the usage behavior on our website after redirection from an advertisement, which serve to optimize our offer.
All of the aforementioned processing, in particular the setting of cookies for reading information on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
8) Tools
8.1 Consent Tool
This website uses a so-called "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie Consent Tool" is displayed to users when they visit the site in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking the respective box. Through the use of the tool, all consent-based cookies/services are only loaded if the respective user has given their consent by ticking the respective box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this process.
If, in individual cases, the storage, assignment, or logging of cookie settings involves the processing of personal data (such as the IP address), this is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and thus a legally compliant design of our website.
Another legal basis for the processing is Art. 6(1)(c) GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Where necessary, we have concluded an order processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
9) Rights of the Data Subject
9.1 The applicable data protection law grants you, as the data subject, comprehensive rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
Right of Access in accordance with Art. 15 GDPR: You have the right, in particular, to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed about the guarantees pursuant to Art. 46 GDPR in case of onward transfer of your data to third countries;
Right to Rectification in accordance with Art. 16 GDPR: You have the right to obtain the rectification of inaccurate data concerning you and/or to have incomplete data stored by us completed without undue delay;
Right to Erasure in accordance with Art. 17 GDPR: You have the right to obtain the erasure of your personal data if the requirements of Art. 17(1) GDPR are met. However, this right does not exist, in particular, if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
Right to Restriction of Processing in accordance with Art. 18 GDPR: You have the right to obtain the restriction of the processing of your personal data while the accuracy of your data contested is being verified, if you oppose the erasure of your data due to unlawful data processing and request the restriction of their use instead, if you need your data to assert, exercise, or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have filed an objection on grounds of your particular situation, as long as it has not yet been determined whether our legitimate grounds override;
Right to Notification in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to Data Portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
Right to Revoke Consent Given in accordance with Art. 7(3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned without undue delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to Lodge a Complaint in accordance with Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy. In Austria, the competent authority is the Data Protection Authority.
9.2 Right to Object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.
10) Duration of the Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and - if relevant - additionally by the respective legal retention period (e.g., commercial and tax retention periods).
When processing personal data on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until the data subject revokes his or her consent.
If there are legal retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part in continuing to store it.
When processing personal data for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, this data will be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.