Privacy Policy
Download Link: Legal Terms English/German
In this Privacy Policy, we inform customers who contact us online, visitors to our website www.agraritaeten-shop.com, and other persons affected by our online services about the processing of personal data carried out in connection with the activities described below.
1. Controller and Contact Details
The controller responsible for the content of this website and the associated data processing is:
AgRaritäten Shop e.U.
Owner: Mag.a Maria Prillinger
Company registration number: 599188i
Einwanggasse 19/1/13
1140 Vienna
Austria
If you have any questions regarding data protection or wish to exercise your data subject rights, please contact us at office@agraritaeten-shop.com or write to: AgRaritäten Shop e.U., Einwanggasse 19/1/13, 1140 Vienna, Austria.
2. Handling of Personal Data
We take our responsibility for the data of our customers and website visitors very seriously. We therefore process your data exclusively on the basis of the applicable legal provisions (GDPR/DSGVO, DSG und TKG 2003). Protecting the privacy of our customers and maintaining their trust in our shop is very important to us; therefore, we never sell your data to third parties.
If we collect data directly from you (e.g. via forms), you are free to choose whether or not to provide such data. However, since such data processing is necessary to provide the respective services, you will not be able to use these services if you decide not to provide your data.
Our online offering is intended for a general audience and is not aimed at children under the age of 14. Therefore, this privacy policy does not contain any further information on the processing of children’s data.
3. Definitions
Personal data also includes pseudonymized data, where conclusions about a person can only be drawn by using additional data sets (such as your IP address).
Purpose limitation is a fundamental principle of data protection. This means that your data may only be processed for a specific purpose and only for as long as that purpose exists. Accordingly, data processing is limited both in its legal basis and its duration.
The processing of personal data is lawful only if there is a legal basis for it, such as the performance of a contract, the consent of the data subject, or the legitimate interests of the controller.
Performance of a contract: If the processing of your data is necessary for the performance of a concluded contract or for taking steps prior to entering into a contract, we must process this data.
Legitimate interest: Data protection law requires a balancing of interests. In some cases, the legitimate interests of the controller may outweigh the interests of the data subject in protecting their data. The most common legitimate interests in practice include data security, prevention of misuse, data transfers within the company for internal administrative purposes, enforcement of legal claims, and marketing activities.
Consent: If there is no other legal basis for processing your data, but we would still like to process it, we will ask for your consent in advance. This applies in particular to our marketing activities (e.g. newsletters). Consent is only valid if it is given voluntarily and with full knowledge of the circumstances. For this reason, it is especially important to us to provide comprehensive information at the time of data collection.
We keep the circle of recipients of your data as small as possible. Where we engage service providers, we ensure that they comply with our data protection requirements and the applicable legal provisions.
We store your data only for as long as is necessary to fulfill the respective purposes of the data processing. The duration of data storage is determined in particular by statutory retention obligations and limitation periods for potential legal claims.
4. Processing Activities
4.1 Purpose of Data Processing
When using our online shop, we process personal data that you voluntarily provide to us when placing an order, registering a customer account, or submitting inquiries. This includes in particular the following categories of data: First and last name, Billing and delivery address, Email address, Order data (purchased products, order history), Selected payment method.
If payment is made via direct bank transfer, we may also receive account-related data from your financial institution as part of the payment transaction (e.g. IBAN, BIC, name of the account holder, and payment reference).
When using our online shop, technically necessary data (such as IP address, browser information, or timestamps of transactions) may also be processed to the extent required to ensure the secure operation and proper functionality of our website.
The processing of this data is carried out for the following purposes: Processing and fulfilling purchase contracts, Payment processing, Shipping and delivery of ordered goods, Handling inquiries related to orders, Management of customer accounts (where applicable).
The processing is carried out for the performance of a contract in accordance with Art. 6(1)(b) GDPR.
Where you provide separate consent (for example, to receive our newsletter), the processing is based on Art. 6(1)(a) GDPR.
4.2 General Enquiries via Our Contact Form or by Email
We provide a contact form on our website as well as an email address for general enquiries.
Data categories: When you send us a contact request, we process the following data: your first name, last name, and email address. If you provide us with additional data (e.g. your telephone number), this data will also be processed.
Purposes: The processing is carried out for the purpose of handling your inquiry and, where applicable, for taking steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR, or on the basis of our legitimate interest in responding to inquiries pursuant to Art. 6(1)(f) GDPR.
Recipients: The data is also processed by the following recipients: our IT service providers under contract and acting on our behalf.
Duration of data processing: We generally store the data you provide to respond to your enquiry for a period of six months. If the enquiry is related to the assertion of claims, we store the data until the expiration of the statutory limitation period applicable to the respective claim.
4.3 Newsletter
The following information explains the content of our newsletter as well as the registration, dispatch, and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described below.
Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (“newsletters”) only with the consent of the recipients or on the basis of a legal authorization. If the content of the newsletter is specifically described during registration, this description is decisive for the user’s consent. Otherwise, our newsletters contain information about our services, products, events, and our company.
Double opt-in and logging: Subscription to our newsletter takes place using a double opt-in procedure. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent registrations using third-party email addresses. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to the data stored by the mailing service provider are also logged.
Registration data: To subscribe to the newsletter, we only require your email address.
The sending of the newsletter and the associated performance measurement are carried out on the basis of the recipients’ consent pursuant to Art. 6(1)(a) and Art. 7 GDPR in conjunction with Section 7(2) No. 3 of the German Act Against Unfair Competition (UWG), or on the basis of the statutory permission pursuant to Section 7(3) UWG.
The logging of the subscription process is carried out on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of users and also enables us to provide proof of consent.
Cancellation / withdrawal: You may unsubscribe from our newsletter at any time, i.e. revoke your consent. A link to unsubscribe can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for newsletter purposes, in order to be able to prove prior consent. Processing of this data is limited to the purpose of defending potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed at the same time.
Newsletter – mailing service provider: Newsletters are sent via the mailing service provider MailPoet, a product of Wysija SARL, 6 rue Dieudé, 13006 Marseille, France. The provider’s privacy policy can be viewed at: https://www.mailpoet.com/privacy-notice/. The mailing service provider is engaged on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and on the basis of a data processing agreement pursuant to Art. 28(3), first sentence, GDPR. The mailing service provider MailPoet may use recipients’ data in pseudonymised form, i.e. without assignment to a specific user, for the purpose of optimising or improving its own services, for example for the technical optimisation of newsletter delivery and presentation or for statistical purposes. The mailing service provider states that it does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.
Newsletter – performance measurement: Newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from our server or, if a mailing service provider is used, from its server when the newsletter is opened. As part of this retrieval, technical information such as browser type, operating system, IP address, and time of access is collected. This information is used to technically improve the services and to analyze target groups and reading behavior based on access locations (which can be determined using the IP address) or access times. Statistical evaluations also include determining whether newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be assigned to individual newsletter recipients, neither we nor the mailing service provider aim to monitor individual users. The evaluations are used to understand our users’ reading habits and to adapt our content accordingly or to send different content based on users’ interests.
4.4 Customer Account
We offer visitors to our website the option to create a customer account, which allows users to process and manage purchases.
Data categories: When you create a customer account, we process the following data: your first and last name, your address (billing and delivery address), your email address, and your orders. Your password is processed in encrypted form.
Purposes: The processing is carried out for the performance of a contract, on the basis of your consent, or on the basis of our legitimate interests.
Recipients: The data is also processed by our IT service providers acting on our behalf.
Duration of data processing: We process your data until termination of the user relationship or until you withdraw your consent.
4.5 Use of Cookies – Cookie Policy
We use so-called cookies on our website. Cookies are text files that may be stored on a website visitor’s computer if the browser settings allow it. These text files contain information that may be read again at a later time.
The cookies used on our website, including information about their purpose, storage duration and providers, are described in more detail in our Cookie Policy. This can be found at: https://www.agraritaeten-shop.com/cookie-richtlinie-eu/.
4.6 Social Media Links
Our website contains links to social networks (e.g. Facebook, LinkedIn, Pinterest, WhatsApp, Instagram).
These are not social media plugins, but merely external links. When you visit our website, no personal data is automatically transmitted to these platforms.
Only when you actively click on such a link will you be redirected to the respective platform. From that moment on, the data processing is carried out by the respective provider under its own data protection responsibility.
Please refer to the privacy policies of the respective providers for further information.
4.7 PayPal
For the purpose of processing your payment, we offer the option to use the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).
The processing is carried out for the purpose of executing the payment and for the performance of the contract in accordance with Art. 6(1)(b) GDPR.
Within the scope of payment processing, the personal data required to carry out the transaction (e.g. name, billing address, email address, payment amount) will be transmitted to PayPal.
Payment data such as credit card or bank account details are generally processed directly by PayPal and are not stored or processed by us. We only receive from PayPal the information necessary for order and contract processing (e.g. payment status, transaction or reference data).
For certain payment methods, PayPal may carry out a credit check. In this context, personal data (e.g. name, address and date of birth) may be transmitted to credit agencies. We have no influence on this process; we only receive information as to whether the payment has been completed, rejected or is under review.
Further information can be found in PayPal’s privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
4.8 Hosting and Access Data
Hosting services are provided by our service provider as part of processing on our behalf. Unless otherwise stated in this Privacy Policy, all access data is processed on the provider’s servers. Our service provider is World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria, www.world4you.com.
Server location: Austria
You can visit our website without providing any personal information. Please note that each time a webpage is accessed, the web server automatically creates log files. A log file is a protocol file in which system processes and events are recorded. These log files can be used, for example, to analyze problems, correct errors, or restore damaged files. Web server log files also serve to ensure operational security and to generate access statistics.
Log files include the following information: accessed page (URL), browser and browser version, operating system, referrer URL, host name and IP address of the accessing device, country of origin, and time of the server request.
Error log files are also available to us for troubleshooting purposes.
Our service provider states that the log files are stored for two weeks in accordance with the GDPR and are then automatically deleted. Further information about our service provider’s data protection practices can be found at the following link: https://www.world4you.com/faq/de/dsgvo.html.
If you have questions about our service providers or the basis of our cooperation with them, please contact office@agraritaeten-shop.com.
The processing of server log files is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in ensuring the stability, security and proper functioning of our website as well as for analysing and resolving technical issues.
4.9 Team Access to Data
Members of our team have access to the information you provide to us. For example, administrators and shop managers can access order information (purchased products, purchase date, shipping address) and customer information such as your name, email address, and billing and shipping details.
Our team members access this information in order to process orders, issue refunds, and provide customer support.
4.10 Complianz | The Privacy Suite for WordPress
This website uses the Privacy Suite for WordPress by Complianz to collect and record browser- and device-based consents. For this purpose, your IP address is anonymized and stored in our database. This service states that it does not process any personal data and does not transfer any data to the service provider. Further information can be found in Complianz’s privacy policy: https://complianz.io/legal/privacy-statement/
4.11 Gift Vouchers / Value Vouchers
You have the option to purchase or redeem gift vouchers for our online shop via our website.
Data categories: In addition to the data processed during regular purchases in our webshop (first name/last name, email address, delivery/billing address, orders, payment method), when purchasing vouchers we also process the email address to which the voucher is to be sent (which may differ from your own email address). We assume that you are authorized to provide this email address and to permit us to process it for this purpose. Should this not be the case, we accept no liability.
During the purchase process, we also provide an optional form field allowing you to include a personal message with the voucher. If you use this option, we process this information for the purpose of fulfilling your order.
When vouchers are redeemed, we also store voucher numbers and the history of redemption transactions, including remaining balances.
Purposes: The processing is carried out for the performance of a contract, on the basis of your consent, or on the basis of our legitimate interests.
Recipients: Besides us, the data is also processed by our IT service providers under contract and acting on our behalf.
If you choose to send the voucher directly to another recipient (optional), we transmit the following personal data to that recipient: your name and your message (optional).
Duration of data processing: We store your data only for as long as necessary to fulfill the respective purposes of processing. In the case of vouchers, data is stored at least until the expiration of the 10-year validity period of our vouchers or until the voucher balance has been fully redeemed. Beyond that, storage duration is determined in particular by statutory retention obligations and limitation periods for potential legal claims.
4.12 Shipping and Delivery Processing
For the purpose of fulfilling your order, we transmit the personal data required for delivery (in particular name, delivery address, and, where applicable, telephone number or email address for delivery notifications) to the shipping company entrusted with the delivery (e.g. Austrian Post AG).
The transfer of this data is carried out solely for the purpose of contract performance in accordance with Art. 6(1)(b) GDPR.
Shipping labels are generated via the online systems of the respective shipping service provider (e.g. post.at). In this context, the data necessary for delivery is transmitted to the respective service provider.
For deliveries to countries outside the European Union, it may additionally be necessary to transmit personal data to customs or tax authorities of the respective country. Such processing is also carried out for the purpose of contract performance in accordance with Art. 6(1)(b) GDPR.
5. Transfers of Personal Data to Third Countries
Where, in the course of our business relationship, we engage service providers that process or may process personal data in countries outside the European Union (e.g. intra-group transfers by internationally operating payment service providers), such transfers shall be carried out exclusively in compliance with Articles 44 et seq. of the GDPR.
Where no adequacy decision of the European Commission exists for the respective third country, the transfer shall take place on the basis of appropriate safeguards, in particular Standard Contractual Clauses or participation in the EU-US Data Privacy Framework.
6. Your Rights
You generally have the following rights:
Access: You have the right to obtain information from us about how your data is being used and to request a copy of the personal data we process about you.
Deletion: You have the right to request the deletion of your data, provided there is no legal basis that permits us to continue (or further) processing your data.
Correction: You have the right to request the correction of your data.
Data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, if the processing is based on your consent or the performance of a contract and is carried out in an automated manner.
Restriction of processing: If you dispute the accuracy of the personal data we process or if you do not wish to exercise your right to deletion in the case of unlawful processing, you may request a restriction of processing.
Withdrawal of consent: If we process your data based on your consent, you may withdraw this consent at any time.
Objection to processing: If we process your data based on legitimate interests, you may object to such processing at any time. In this case, we are legally obliged to carry out a balancing of interests. Should this balancing determine that our legitimate interests nevertheless outweigh yours in the specific case, we will provide you with a reasoned response rejecting your objection.
Objection to processing for advertising purposes: If we process your data for advertising purposes based on our legitimate interests, you may also object at any time. In this case, your interests take precedence, and we will implement your objection without delay.
Objection and restriction of processing: If you object to processing and we therefore carry out a review of our legitimate interests, you also have the right to request a restriction of processing for the duration of this review.
Please direct your data protection requests to office@agraritaeten-shop.com.
For security reasons, we may request additional information if there are reasonable doubts about your identity. A copy of an identification document will only be requested where necessary in individual cases; information not required for verification may and should be redacted.
If you wish to withdraw your consent, please contact us at office@agraritaeten-shop.com.
You have the right to lodge a complaint with the competent supervisory authority. If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed, you may contact the Austrian Data Protection Authority at www.dsb.gv.at.
7. Data Security
The protection of your personal data is ensured through appropriate organizational and technical measures. These measures are designed in particular to protect against unauthorized, unlawful, or accidental access, processing, loss, use, and manipulation. Such measures are regularly reviewed and updated in order to ensure a consistently appropriate level of data security.
Despite our efforts to maintain a consistently high standard of due care, it cannot be ruled out that information you provide to us over the Internet may be accessed and used by third parties.
Please note that we therefore assume no liability whatsoever for the disclosure of information resulting from errors in data transmission not caused by us and/or unauthorized access by third parties (e.g. hacking of email accounts or telephone lines, interception of faxes).
Please note that we may update this Privacy Policy at any time. We therefore recommend that you review this page regularly for the latest information on our data protection practices.
