(revised: 25 May 2018)
1. General information
Processor: Helbling Verlagsgesellschaft mbH, Kaplanstrasse 9, 6063 Rum b. Innsbruck, Austria, email@example.com
All data which is collected when customers use the publisher’s website is protected by data protection laws. We use such data only for the performance of contracts and for improving service.
2. When you visit our website
You may visit our website without providing personal data.
2.1 Log files
Any access to our website and any access to a file stored on the website will be logged for system-related and statistical purposes. This data may include your IP address. It will be processed separately from personal data of customers. The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are ensuring system security and prevention of misuse.
Cookies are used to create usage profiles which cannot be related to an individual person. Cookies are also used to provide the functionality of the shopping cart and to keep the information on items in the shopping cart. The cookies used on this website are session cookies, i.e. they are automatically deleted when the browser session is terminated. The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are providing a user-friendly website and optimising our services.
2.3 Google Analytics
On our behalf Google will use this information for evaluating the users’ use of the website, compiling reports on website activity and providing other services in connection with the use of the website. Google will not associate an IP address with any other data held by Google. The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interests that we pursue are providing a user-friendly website and optimising our services.
In order to prevent the processing of data by Google, a user may download and install a plug-in, which is available for the most widely used browsers at https://tools.google.com/dlpage/gaoptout. A user can also control the use of the Google Analytics cookie as described above.
2.4 Support form
When submitting support requests via our support form, the following data is automatically detected and added to your requests: operating system and version, browser and version. Before submitting the form, you may check the detected information and refuse the transmission.
3. Data which you provide
When customers register on our website, we process the data provided by the customer for the performance of our services, in particular the web shop. We provide customers with a password-protected area where customers can review their data and place orders. We take all commercially and technically reasonable measures to prevent access by third parties to this protected area. We store our customers’ personal data in a controlled and secure environment which prevents unauthorised access and disclosure. The legal basis for the processing is point (b) of Article 6 (1) GDPR.
3.2 Web shop
When you place an order, we process your data for the purpose of performing the contract. Your customer account may retains your personal data for future purchases. You can delete the personal data as well as the account. The legal basis for the processing is point (b) of Article 6 (1) GDPR.
3.3 Retention of data
As a rule, we will retain your data as long as processing is necessary for a legitimate purpose.
We are required to retain financial data in relation to transactions (including address, payment and order information) for ten years. However, after 2 years we will restrict the processing of your personal data to comply with the statutory requirements. The legal basis for the processing is point (c) of Article 6 (1) GDPR.
3.4 Direct marketing
We may use the personal data you provide to advertise our products and services. The legal basis for the processing is point (f) of Article 6 (1) GDPR. The legitimate interest that we pursue is direct marketing.
You may object to the processing of your personal data for direct marketing at any time. We will then refrain from any processing of you data for that purpose.
4. Recipients of personal data
As a rule, data will be shared with third parties only if necessary for the performance of a contract. This may be the case when, for example, the customer’s address is transmitted to the distribution centre. Apart from that data will be shared with third parties only if this is permitted by a statutory provision or the customer has given his/her consent.
For email dispatch we are using the service of Cleverreach (CleverReach GmbH & Co. KG, Muehlenstrasse 43, 26180 Rastede, Germany; Tax ID number: DE230180364, Commercial register: Amtsgericht Oldenburg / HRA 4020).
In the case of Google, the recipient of personal data is established outside the EU/EEA. Google is certified under the “EU-US Privacy Shield” Agreement. When data is transmitted to entities in the USA which are certified under that agreement, an adequate level of protection is ensured according to an adequacy decision by the EU Commission.
5. Your rights
Under the GDPR you may have the following rights:
You may require access to personal data relating to you which is processed (Article 15 GDPR).
You may request the rectification, the erasure or the restriction of processing of personal data relating to you (Articles 16, 17 and 18 GDPR).
You have the right to data portability (Article 20 GDPR).
You may withdraw any consent you have given (Article 7(3) GDPR). The withdrawal of consent is to be addressed to: Helbling Verlagsgesellschaft mbH, Kaplanstrasse 9, 6063 Rum b. Innsbruck, Austria, firstname.lastname@example.org
You may object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning you (Article 21(1) GDPR). You may object at any time to processing of personal data concerning you for direct marketing (Article 21(2) GDPR).
You may lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection laws. The competent supervisory authority for us is: Oesterreichische Datenschutzbehoerde, Wickenburggasse 8, 1080 Vienna, Austria.