The following details our privacy policy as it applies to our website.
We attach great importance to your privacy. The collection and processing of personal data is carried out in full accordance with all applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
Data Protection Officer
If you have any questions or concerns about data protection, please contact our data protection officer.
Shirina Granmayeh
shirina@granmayeh.com
Burgstallstraße 53
6370 Kitzbühel
Responsible agent
Responsible for the collection, processing and use of personal data for the purpose of Art. 4 No. 7 GDPR.
Shirina Granmayeh
shirina@granmayeh.com
Burgstallstraße 53
6370 Kitzbühel
If you wish to object to the collection, processing or use of your data in accordance with this privacy policy as a whole, or for individual measures, please address your objection to the person responsible.
You can save and print this privacy policy at any time.
General purposes of data processing
The processing of personal data is carried out for the following purposes:
- Part of the data is collected to ensure the quality and effectiveness of the website.
- Processing and use of data to provide advisory services.
- Processing and use of data in connection with the sale of products and services, and free information.
- Data may also be used to analyse user behavior.
Processing of data is carried out in accordance with the statutory provisions of § 96 (3) TKG (Telecommunication law) and Art. 6 para. 1 lit. a (consent) and/or lit. b (required for fulfillment of the contract) of the GDPR.
[ a) You have given consent to the processing of your personal data until further notice.- b) The processing of your personal data is necessary to fulfill a contract or to carry out precontractual measures.]
Data we use and why
Hosting
The web hosting services we use are designed to provide the following: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance of the website.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties, and visitors to this website in order to maintain and continually improve our website in accordance with Art. 6 para. 1 p. 1 f) GDPR in connection with Art. 28 GDPR.
Accessing of data
We collect information about you when you use this website. We automatically record information about your usage and interaction with us and register information about your computer or mobile device. We collect, store and use data about every visit to our website (server log files). Data we access includes:
- Name and URL of retrieved file
- Date and time of retrieval
- Volume of data transferred
- Notification regarding successful retrieval (HTTP response code)
- Browser type and version
- Operating system
- Referer URL (previously visited page)
- Web pages accessed by user’s system through our website
- Internet service provider of user
- IP address and requesting provider
We log this data without assigning it to you or conducting any profiling for statistical analysis of the operation, security and optimisation of our website, for the anonymous recording of visitor numbers to our website (traffic), the extent and nature of the use of our website and services, and for billing purposes in relation to click-throughs from partner organisations. Based on this information, we can provide personalised and location-based content, analyse traffic, troubleshoot, and improve services.
This is our legitimate interest in accordance with Art. 6, para. 1 p. 1 f) GDPR.
We reserve the right to review logged data retrospectively if, on the basis of solid evidence, there is a legitimate suspicion of unlawful use of the website. We store IP addresses in the logfiles for a limited period of time if required for security purposes, for the provision of services, or the billing of a service, e.g. if you use one of our offers. Following completion of the order process or following receipt of payment we will delete the IP address if it is no longer required for security purposes. We store IP addresses if we have a definite suspicion of criminal activity in connection with the use of our website. In addition, as part of your account, we save the date of your last visit (e.g. when registering, logging in, accessing links, etc.).
Cookies
We use session cookies to optimise our website. Session cookies are small text files sent by the respective servers when visiting a website and stored on the computer hard drive. Such a file contains a session ID, which can assign various requests from the browser to the shared session, allowing the computer to be recognised when returning to our website. These cookies are deleted after closing the browser. This allows e.g. the shopping cart feature to be used across multiple pages.
We also use a small number of persistent cookies (also small text files stored on your device) that remain on your device and allow us to recognise your browser the next time you visit. These cookies are stored on your hard drive and are deleted automatically after a lifespan of between one month and ten years. This enables us to present our products in a more effective, secure and user-friendly way, and to display information tailored to your interests.
Our legitimate interest in the use of cookies is in accordance with Art. 6 para. 1 sentence 1 f) of the GDPR.
Cookies store the following data and information:
- Login information
- Language settings
- Search terms entered
- Information on the number of visits to our website and use of individual functions of our website.
If a cookie is activated, it will be assigned an identification number. No personal data will be assigned to this identification number. Your name, IP address, or similar data which would allow the cookie to be associated with you, is not included in the cookie. Based on cookie technology, we receive only pseudonymous information, e.g. which pages of our shop were visited, which products were viewed, etc. You can adjust your browser settings so that you are informed in advance about the setting of cookies and can decide whether you wish to accept or reject cookies. This may limit the functionality of the website.
Data to fulfill our contractual obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, e-mail address, products ordered, and billing and payment data. The collection of this data is required to finalise the contract. The data is deleted after the warranty and legal retention periods expire. Any data associated with a user account (see below) will be retained while the account is active, since this data is required to fulfill our contractual obligations to you.
The legal basis for the processing of this data is Art. 6 (1) sentence 1 b) GDPR.
User account
You can create a user account on our website. For this, we require the personal data requested during the login. Later logins will only require your email or username and the password you have chosen.
For initial registration we collect core data (e.g. name, address, and email) and payment data (bank details), as well as access data (user name and password).
In order to validate your registration and prevent unauthorised log-ins by third parties, you will receive an activation link by email after registration in order to activate your account. Only after registration has been completed will we permanently store your data in our system.
You can delete your user account at any time, at no cost other than the transmission costs specified by the basic rates, by sending a message in writing to the contact details above (e.g. e-mail, fax, or letter). We will then delete your stored personal data, unless we need to retain them for the processing of orders or due to legal storage requirements. The legal basis for the processing of this data is your consent in accordance with Art. 6 (1) sentence 1 a) GDPR.
Newsletter
To subscribe to our newsletter, you will need the data requested in the registration process. Your registration for the newsletter will be recorded. After logging in, you will receive a message to your specified email address requesting confirmation of your registration (double opt-in). This is necessary to ensure that a third party cannot register on your account with his or her email address.
You can unsubscribe from the newsletter at any time.
We save registration details insofar as they are needed for us to send the newsletter. We also store your application and your delivery address in case we later require proof of your consent. As a rule, this is for the limitation period for civil claims, which is a maximum of three years.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) sentence 1 a) in conjunction with Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG (Law against unfair business practices). The legal basis for logging the application is our legitimate interest in proving that the shipment was made with your consent.
You can cancel the registration at any time, at no cost other than the transmission costs specified by the basic rates, by sending a message in writing to the contact details above (e.g. e-mail, fax, or letter). Alternatively, you will find the option to unsubscribe in each newsletter.
Product recommendations
In addition to the newsletter we will send you regular product recommendations by email, providing you with information about products that you may be interested in based on your recent purchases of our goods or services. In doing so, we comply strictly with the relevant legal requirements. You can object to this at any time without incurring any costs other than the transmission costs specified by the basic rates by sending a message in writing to the contact details above (e.g. e-mail, fax, or letter). Alternatively, you will find the option to unsubscribe in each email.
The legal basis for this is legal permission according to Art. 6 Abs. 1 S. 1 f) GDPR in connection with § 7 Abs. 3 UWG.
Contact form and email contact
When you contact us (e.g. by contact form or email), we process your information in order to deal with your request, as well as for potential follow-up questions.
If the processing of data takes place for the execution of precontractual measures which take place at your request, or, if you are an existing customer for the execution of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR.
We process further personal data only if you consent (Article 6 (1) sentence 1 a) GDPR) or we have a legitimate interest in the processing of the data (Article 6 (1) sentence 1 f) GDPR). A legitimate interest lies e.g. in responding to your email.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (Google) which employs cookies. Cookies are text files stored on your computer which allow an analysis of your use of the website. The information generated by the cookie regarding visitor use of the website is typically transmitted to a Google server in the United States where it is stored.
This is our legitimate interest in accordance with Art. 6 paragraph 1 p. 1 f) GDPR.
Google has submitted to, and certified, the Privacy Shield agreement between the European Union and the United States. In doing so, Google agrees to comply with the standards and regulations of European data protection law. Further information can be found on the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymization on this website (anonymizeIp). As a result, your IP address will be truncated by Google within member states of the European Union or other contractually-obliged states in the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and truncated there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website use and internet use.
The IP address provided by Google Analytics from its browser will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings. This may affect website functionality.
You can also prevent the transmission to Google of the data generated by the cookie in relation to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available on the following link:
http://tools.google.com/dlpage/gaoptout?hl=en.
Storage period
Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes described above. In some cases, the legislator allows for the retention of personal data, e.g. in tax or commercial law. In such cases, the data will be stored by us only for these legal purposes, but not otherwise processed, and it will be deleted upon expiration of the statutory retention period.
Your rights as a provider of personal data
Under applicable law, you have certain rights to your personal information. If you would like to assert these rights, send your request by email or by post, including some form of identification, to the contact address above.
Below is an overview of your rights.
Right to information
You have the right to access information about the processing of your personal data.
Specifically, you have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request – at no cost – information regarding your personal data we have stored, and to be provided with a copy of this data. Furthermore, you have a right to the following information:
- Purpose of processing
- Categories of personal data processed
- Recipients, or categories of recipients, to whom the personal data has been disclosed or is being disclosed, in particular to recipients in third countries or to international organisations
- The planned duration, if known, for which the personal data will be stored, or the criteria for determining this duration
- The right of rectification or deletion of personal data concerning you, or restriction of processing by the responsible party, or a right to object to such processing
- The existence of a right of appeal to a supervisory authority
- All available information about the source of the data in cases where the personal data has not been provided by you
- The existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and – at least in such cases – significant information about the reasoning involved, as well as the implications for you and intended effects of such processing.
If personal data is transmitted to a third country or to an international organisation, you have the right to be informed about the relevant guarantees under Art. 46 GDPR in connection with this transmission of data.
Right to rectification
You have the right to insist that we correct or, where applicable, complete your personal data.
Specifically, you have the right to demand immediate correction of incorrect personal data we hold on you. Taking into account the purposes for which this data is being processed, you have the right to request the completion of incomplete personal data, including providing a supplementary statement.
Right to deletion
In certain cases, we are required to delete your personal data.
Specifically, according to Art. 17 (1) GDPR, you have the right to make us delete your personal data with immediate effect in the event of one or more of the following:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based in accordance with Art. 6 (1) sentence 1 a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
- In accordance with Art. 21 para. 1 GDPR, you object to the processing and there are no previous justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under EU or national law to which we are subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If we published your personal data and if we are obliged according to art. 17 clause 1 of the GDPR to cancel them, we will implement adequate measures, also from a technical point of view, considering the available technology and the implementation costs, to inform data controllers who process these personal data that you asked for the cancellation of all links to these personal data or copies or replications of these personal data.
Right to restriction of processing
In certain cases, you may request that we restrict the processing of your personal information.
Specifically, you have the right to require us to restrict processing if any of the following conditions apply:
- You contest the accuracy of your personal information, allowing for a period of time that permits us to verify the accuracy of your personal information.
- The processing is unlawful and you have objected to the deletion of personal data and have instead requested the restriction of the use of personal data.
- We no longer require your personal data for the purposes of processing but you require the data to assert, exercise or defend your rights.
- You have objected to the processing according to Art. 21 (1) GDPR, provided it is not certain that the legitimate reasons of our company outweigh yours.
Right to data transferability
You have the right to receive, transmit, or have transmitted by us, any personal data relating to you in a machine-readable manner.
Specifically, you have the right to receive the data you have provided in a structured, accessible and machine-readable format. You have the right to submit this information to another responsible agent without hindrance, provided that:
- The processing is based on a consent pursuant to Art. 6 p. 1 p. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR or a contract pursuant to Art. 6 para. 1 p. 1 (b) of the GDPR, and
- the processing is carried out using automated procedures.
In exercising your right to data transferability in accordance with paragraph 1, you have the right to ensure that the personal data is transmitted directly by us to another responsible agent, insofar as this is technically feasible.
Right to object
You have the right to object to the lawful processing of your personal data by us if this is based on your particular situation, and if our interests in processing the data do not take legal precedence.
Specifically, you have the right to object at any time to the processing of personal data pursuant to Art. 6 (1) sentence 1 (e) or (f) GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process your personal information unless we can demonstrate compelling legal grounds for doing so which outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If personal data is processed by us in order to operate direct mail, you have the right to object at any time to the processing of your data for the purpose of such advertising. This also applies to profiling insofar as it is associated with direct mail.
You have the right, for reasons of your particular situation, to object to the processing of personal data for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, unless the processing is necessary to fulfill a duty held to be in the public interest.
Automated decisions including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling that will have a legal, or similar, effect on you.
No automated decision-making takes place based on personal data collected.
Right to revoke data protection consent
You have the right, at any time, to revoke your consent to the processing of your personal data.
Right to complain to a supervisory authority
You have the right to complain to a supervisory authority, specifically in the EU member state in which you are resident, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
Data security
We take every effort to ensure the security of your data within the framework of applicable data protection laws and technical considerations.
Your personal data, including your orders and customer login, will be encrypted for transmission by us. We use the SSL (Secure Socket Layer) coding system. Online data transmission (e.g. by email) may have security vulnerabilities, and complete protection of the data from access by third parties is not possible.
To safeguard your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we regularly update to reflect technological changes.
We cannot ensure that our website will be available at all times, or at specific times. Server disturbances, interruptions or downtime cannot be excluded. The servers we use are regularly backed up.
Google Fonts
We use Google Fonts on our website. Google Fonts downloads fonts from Google servers, making website design easier. Our interest is in providing an attractive website, within which data processing takes place. The fonts are usually downloaded from Google servers located in the United States. The level of data protection is guaranteed by Google (list entry Privacy Shield).
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/
Google Maps
Our website uses Google Maps, a service of Google Inc. By using this site, you consent to the collection, processing and use of the automated data collected by Google Inc, its agents and third parties. The terms of use of Google Maps can be found here:
Sharing on social media
The links to social media platforms found within our online offers do not establish direct contact between these platforms and users. Their function is to provide a regular online link.
Transfer of data to third parties, no data transfer to non-EU countries
We typically restrict use your personal data to our company. If we engage third parties in the completion of contracts (e.g. logistics service providers), the third party will only receive personal data to the extent that this is required for the relevant service. In the event that we outsource certain parts of the data processing (job processing), we contractually oblige processors to use personal data in accordance with the requirements of data protection laws and to ensure protection of the rights of the respective subject. Any transfer of data to entities or persons outside the EU other than those described in this document may only take place in accordance with the Privacy Shield.
Privacy Shield
The Privacy Shield is an agreement between the European Union (EU) and the United States (US) to ensure compliance in the US with EU privacy standards.