Data protection

II. Rights of Users and Data Subjects

With regard to the data processing described in more detail below, users and those affected have the right

• for confirmation as to whether data concerning you is being processed, for information about the data processed, for further information about data processing and for copies of the data (see also Article 15 GDPR);
• to correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
• to the immediate deletion of the data concerning you (see also Art. 17 GDPR), or, alternatively, to the extent that further processing is necessary in accordance with Art. 17 Para. 3 GDPR, to restriction of processing in accordance with Art. 18 GDPR;
• to receive the data concerning you and provided by you and to transmit this data to other providers/responsible parties (see also Art. 20 GDPR);
• to complain to the supervisory authority if you are of the opinion that the data concerning you is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that takes place on the basis of Articles 16, 17 Paragraph 1, 18 GDPR teach. However, this obligation does not apply if this notification is impossible or involves disproportionate effort. Without prejudice to this, the user has the right to information about these recipients.

According to Article 21 of the GDPR, users and those affected also have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Article 6 (1) (f) of the GDPR. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any legal retention obligations and no different information is subsequently provided about individual processing procedures.

Server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or our web space provider through your Internet browser. These so-called server log files contain, among other things, the type and version of your internet browser, the operating system, the website from which you switched to our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access as well as the IP address of the Internet connection from which our website is used.

The data collected in this way will be stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after seven days at the latest, unless further storage is required for evidentiary purposes. Otherwise, the data will be completely or partially excluded from deletion until an incident has been finally clarified.

Cookies

a) Session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are stored and stored on your device by the Internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages ​​or the offering of a shopping cart function.

The legal basis for this processing is Art. 6 Para. 1 lit b.) GDPR, provided that these cookies data are processed for the purpose of initiating or executing a contract.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Article 6 Paragraph 1 Letter f) GDPR.

When you close your internet browser, these session cookies are deleted.

b) Third-party cookies

Our website may also use cookies from partner companies with whom we work for the purposes of advertising, analysis or the functionality of our website.

Please see the information below for details, in particular the purposes and legal basis for processing such third-party cookies.

c) possibility of elimination

You can prevent or restrict the installation of cookies by setting your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you use. If you have any questions, please use the help function or documentation of your Internet browser or contact the manufacturer or support. However, with so-called Flash cookies, the processing cannot be prevented via the browser settings. Instead, you have to change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may result in not all functions of our website being fully usable.

Contract processing

The data you provide to use our range of goods and/or services will be processed by us for the purpose of contract processing and is necessary to this extent. Contract conclusion and contract processing are not possible without providing your data.

The legal basis for processing is Article 6 Paragraph 1 Letter b) GDPR.

We delete the data once the contract has been fully processed, but we must observe the tax and commercial law retention periods.

As part of the contract processing, we pass on your data to the transport company commissioned to deliver the goods or to the financial service provider, if the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for passing on the data is then Article 6 Paragraph 1 Letter b) GDPR.

Customer account / registration function

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, address or email address) exclusively for pre-contractual services, for contract fulfillment or for the purpose of Customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called wish list function) collect and save. At the same time, we then save the IP address and the date of your registration and time. Of course, this data will not be passed on to third parties.

As part of the further registration process, your consent to this processing will be obtained and reference will be made to this data protection declaration. The data we collect is used exclusively to provide the customer account.

If you consent to this processing, Article 6 Paragraph 1 Letter a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

You can revoke your consent to open and maintain your customer account at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do this, you simply need to inform us of your revocation.

The data collected will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

Single-Sign-On (SSO) Information

Single sign-on (SSO) allows users to log in to our website with their existing account with a provider (e.g. social network). You enter your access data into your SSO provider and confirmation takes place there. We receive a user ID that indicates that you are logged in and an ID that we cannot use for other purposes (so-called “user handle”). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected as part of the authentication and also on what data users provide in the privacy or other settings of the user account during single sign-on. On providers have released. Depending on the single sign-on provider and the user's choice, there can be different data, usually the email address and the user name. Your password remains private and is neither visible nor stored by us.

Users should note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually occurs. For example, if the users' email addresses change, they must change them manually in their user account with us.

If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, if the users have been asked to do so, process it as part of their consent and otherwise use it on the basis of our legitimate interests and the Users' interests in an effective and secure registration system.

If users decide that they no longer want to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must delete this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

Payment options

When using our web shop, depending on the payment method selected, we may transfer the personal data required for billing to one of the following payment service providers (legal basis: Art. 6 Para. 1 S. 1 lit. b, Art. 9 Para. 2 lit. h DS- GMO):

If you choose to pay via PayPal (Europe) S.à r.l. et Cie, S.C.A., 5th floor, 22-24 Boulevard Royal, L-2449 Luxembourg, the necessary data for payment processing (name, address, telephone number, IP address, email address, order and invoice details), transferred to PayPal. Information about PayPal's data processing can be found in the data protection declaration www.paypal.com/de/webapps/mpp/ua/privacy-full

If you decide to pay via Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, the data required for payment processing (name, address, telephone number, IP address, email address, order and invoice details) will be provided. , transferred to Klarna. Information on Klarna’s data processing can be found in the data protection declaration https://www.klarna.com/at/datenschutz/

If you choose one of the payment options from our partner Stripe, you will be asked during the ordering process to consent to the transmission of the data required to process the payment and an identity and credit check to Stripe. If you give your consent, your data (first and last name, street, house number, postal code, city, date of birth, telephone number and, if purchasing by direct debit, the specified account details) as well as the data relating to your order will be transmitted to Stripe. Detailed information on data processing by Stripe can be found in Stripe's data protection regulations. Information about Stripe’s data processing can be found in the data protection declaration https://stripe.com/at/privacy

Data transfer to third parties (shipping partners)

Your personal data will only be transmitted to third parties if this is necessary for the purpose of order processing, contract processing and billing or for asserting claims through one of our partnered debt collection companies (legal basis Art. 6 Para. 1 Sentence 1 lit. b or f, Art. 9 para. 2 lit. h or f GDPR) or you have previously consented (legal basis Art. 6 para. 1 sentence 1 lit. a, Art. 9 para. 2 lit. a GDPR).

In some cases, we use external service providers to process your personal data (contract processors) to provide the services we offer. These were carefully selected by us and commissioned in writing. The service providers are strictly bound to our instructions and are regularly checked. For example, we use various IT service providers.

As part of order processing, the service providers we use (such as transporters, logisticians, banks) also receive the necessary data for order and order processing. We may transmit your email address and, in some cases, your telephone number to the logisticians we commissioned to send you a parcel notification. As part of this parcel announcement, you may be able to influence the parcel delivery and change the delivery day or location.

Depending on the logistics provider you choose, we transmit the data to one of the following companies (legal basis: Art. 6 Para. 1 S. lit. b GDPR):

GLS/DPD/DHL/PostAT

When shipping goods, the service provider niceshops GmbH is used to take over the shipping notifications for our customers and to provide them with the shipping status and tracking number of their shipment. For this purpose, the personal data required for the shipment information (name, address, order number, etc.) will be forwarded to niceshops GmbH.

niceshops GmbH
Sentence 99
8341 Paldau
Austria

Newsletter

If you register for our free newsletter, the data requested from you, i.e. your email address and - optionally - your name and address, will be transmitted to us. At the same time, we store the IP address of the Internet connection from which you access our website as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to send the newsletter, describe the content specifically and refer you to this data protection declaration. We use the data collected exclusively for sending newsletters - which is why they are not passed on to third parties.

The legal basis for this is Article 6 Paragraph 1 Letter a) GDPR.

You can revoke your consent to receive the newsletter at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do this, you simply need to inform us of your revocation or click on the unsubscribe link contained in every newsletter.

Contact inquiries / Contact options

If you contact us via contact form or email, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request - without it, we cannot answer your request or at best respond to a limited extent.

The legal basis for this processing is Article 6 Paragraph 1 Letter b) GDPR.

Your data will be deleted if your request has been answered conclusively and deletion does not conflict with any legal retention obligations, such as in the event of any subsequent contract processing.

User contributions, comments and ratings

We offer you the opportunity to publish questions, answers, opinions or reviews, hereinafter referred to as “contributions,” on our website. If you take advantage of this offer, we will process and publish your contribution, the date and time of submission and the pseudonym you may have used.

The legal basis for this is Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do this, you simply need to inform us of your revocation.

We also process your IP and email address. The IP address is processed because we have a legitimate interest in taking or supporting further steps if your contribution encroaches on the rights of third parties and/or is otherwise unlawful.

The legal basis in this case is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the legal defense that may be necessary.

Subscription of contributions

If you publish posts on our website, we also offer you the opportunity to subscribe to any follow-up posts from third parties. In order to be able to inform you about these follow-up posts by email, we process your email address.

The legal basis for this is Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent to this subscription at any time with future effect in accordance with Art. 7 Para. 3 GDPR. To do this, you simply need to inform us of your revocation or click on the unsubscribe link contained in the respective email.

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. With this function, Google shortens the IP address within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an analysis of visits to our website and usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google states that it does not associate your IP address with other data. In addition, Google is keeping under https://www.google.com/intl/de/policies/privacy/partnersFurther data protection information is available for you, including, for example, the options for preventing data use. Google also offers under https://tools.google.com/dlpage/gaoptout?hl=dea so-called deactivation add-on along with further information about this. This add-on can be installed with common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on tells Google Analytics' JavaScript (ga.js) that information about visits to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. You can of course also find out whether and which other web analysis services we use in this data protection declaration.

Google reCAPTCHA

On our website we use Google reCAPTCHA to check and prevent interactions on our website through automated access, for example by so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

Through this service, Google can determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary to offer and guarantee this service.

The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the security of our website and in preventing unwanted, automated access in the form of spam or similar.

Google offers below https://policies.google.com/privacyfurther information on the general handling of your user data.

Google Maps

On our website we use Google Maps to display our location and to create directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

In order to enable the display of certain fonts on our website, a connection is established to the Google server in the USA when our website is accessed.

If you access the Google Maps component integrated into our website, Google stores a cookie on your device via your Internet browser. In order to display our location and create directions, your user settings and data are processed. We cannot rule out that Google uses servers in the USA.

The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.

Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions should be sent.

If you do not agree to this processing, you have the option of preventing the installation of cookies by using the appropriate settings in your internet browser. You can find details on this under “Cookies” above.

In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

Moreover, Google also offers https://adssettings.google.com/authenticated https://policies.google.com/privacy further information on.

Microsoft Bing Ads

We use Bing Ads on our website for remarketing and tracking. This is a service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 - 6399, USA, hereinafter referred to as “Microsoft”, which uses the so-called Universal Event Tracking (UEN).

The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

If you click on an ad placed by us on the internet search engine “Bing”, Microsoft will store a cookie on your device via your internet browser for tracking functionality. This tracking cookie loses its validity after 180 days and is not used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, both Microsoft and we can recognize that you clicked on an advertisement we placed on Bing and were redirected from there to our website.

Microsoft uses the information collected by the tracking cookie to create visit statistics for us. This gives us information about the number of times the advertising we place on Bing is accessed, as well as the pages on our website that were subsequently accessed. However, we do not receive any information that would enable us to personally identify you.

In addition, Microsoft may be able to track your user behavior across several of your devices using so-called cross-device tracking. This enables Microsoft to show you personalized advertising across devices.

If you do not agree to this processing, you have the option of preventing the installation of cookies by using the appropriate settings in your internet browser. You can find details on this under “Cookies” above.

If you have a Microsoft account, you can also go to http://choice.microsoft.com/de-de/opt-out change the settings for personalized advertising there too.

Furthermore, Microsoft also offers https://help.bingads.microsoft.com/#apex/3/de/53056/2 and under https://privacy.microsoft.com/de-de/privacystatement Further information about Bing Ads and the collection and use of data as well as your rights and options for protecting your privacy.

Google AdWords with conversion tracking

On our website we use the advertising component Google AdWords and so-called conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

We use conversion tracking to specifically advertise our offering. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

If you click on an ad placed by Google, the conversion tracking we use will store a cookie on your device. These so-called conversion cookies lose their validity after 30 days and do not serve to identify you personally.

If the cookie is still valid and you visit a specific page on our website, both we and Google can evaluate that you clicked on one of our advertisements placed on Google and that you were then redirected to our website.

Using the information collected in this way, Google creates statistics for us about visits to our website. We also receive information about the number of users who clicked on our ad(s) and about the pages of our website that were subsequently accessed. However, neither we nor third parties who also use Google AdWords will be able to identify you in this way.

You can also prevent or restrict the installation of cookies by making the appropriate settings in your Internet browser. At the same time, you can delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you use. If you have any questions, please use the help function or documentation of your Internet browser or contact the manufacturer or support.

Furthermore, Google also offers https://services.google.com/sitestats/de.html, https://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/Further information on this topic and in particular on the options for preventing data use.

Sample data protection declaration of the law firm Weiß & Partner