Privacy policy
-
Privacy at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Controller” in this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us. This may include, for example, data you enter into a contact form.
Other data is collected automatically or after your consent when you visit the website through our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other order inquiries.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this and for further questions on data protection, you can contact us at any time.
Analysis tools and third-party tools
When you visit this website, your browsing behavior may be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
-
Hosting
We host the content of our website with the following provider:
Shopify
The provider is Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”).
Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the device and browser you use. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and creates user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment data, and other data related to the purchase (e.g., phone number, amount of revenue generated, etc.). For analyses, Shopify stores cookies in your browser.
Details can be found in Shopify’s privacy policy (see links list below).
The use of Shopify is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring our website is displayed as reliably as possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
-
General information and mandatory disclosures
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmission on the internet (e.g., communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Information on the controller
The controller responsible for data processing on this website is:
Mag. Katrin Ortner
Phone: +43 (0)6644166660
Email: info@osiko.at
Controller means the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage duration
Unless a more specific storage period is stated in this privacy policy, your personal data remains with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law). In the latter case, deletion will take place after these reasons cease to apply.
General information on the legal bases for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to transfer personal data to third countries, processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., device fingerprinting), processing is additionally based on Section 25(1) TDDDG. Consent can be revoked at any time. If your data is required for contract performance or pre-contractual measures, we process it on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if necessary to comply with a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in the following sections of this privacy policy.
Recipients of personal data
In the course of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for contract performance, if we are legally obliged to do so (e.g., disclosure to tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits disclosure. When using processors, we only disclose personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, an agreement on joint processing is concluded.
Revocation of your consent to data processing
Many processing operations are only possible with your explicit consent. You can revoke consent already given at any time. The lawfulness of processing carried out before the revocation remains unaffected.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING (OBJECTION UNDER ART. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of GDPR violations, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract, in a commonly used, machine-readable format, and to have it transmitted to you or to a third party. If you request direct transmission of the data to another controller, this will only take place where technically feasible.
Information, correction and deletion
Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. For this and further questions on personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request restriction of processing of your personal data. You can contact us at any time. The right to restriction of processing applies in the following cases:
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you can request restriction of processing instead of deletion.
If we no longer need your personal data, but you need it to establish, exercise or defend legal claims, you have the right to request restriction of processing instead of deletion.
If you have lodged an objection under Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of processing of your personal data.
If you have restricted the processing of your personal data, such data may only be processed, aside from storage, with your consent or for the establishment, exercise or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
SSL/TLS encryption
This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser.
If SSL/TLS encryption is activated, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after concluding a paid contract, you are obliged to provide payment data (e.g., account number for direct debit authorization), this data is required to process the payment.
Payment transactions via common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the address line changing from “http://” to “https://” and the lock symbol.
With encrypted communication, your payment data transmitted to us cannot be read by third parties.
Objection to advertising emails
We hereby object to the use of contact data published under the legal notice obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.
-
Data collection on this website
Cookies
Our website uses “cookies”. Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted when your visit ends. Persistent cookies remain stored on your device until you delete them or they are automatically deleted by your web browser.
Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for payment processing services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart function or video display). Other cookies may be used to evaluate user behavior or for advertising purposes.
Cookies that are required for carrying out the electronic communication process, providing certain functions you request (e.g., shopping cart), or optimizing the website (e.g., cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to store cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of that consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). Consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude acceptance of cookies in certain cases or generally, and activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.
Which cookies and services are used on this website can be found in this privacy policy.
Inquiry by email, telephone or fax
If you contact us by email, telephone or fax, your inquiry including all personal data resulting from it (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass this data on without your consent.
Processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to contract fulfillment or required for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if requested. Consent can be revoked at any time.
The data you send to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.
Typeform
We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (“Typeform”).
Typeform enables us to create online forms and integrate them into our website. The data you enter into our Typeform forms is stored on Typeform servers until you request deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions, in particular retention periods, remain unaffected.
The use of Typeform is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in functional online forms. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG insofar as the consent includes storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
-
Social media
eRecht24 Safe Sharing Tool
The content on this website can be shared in compliance with data protection regulations on social networks such as Facebook, X, etc. This website uses the eRecht24 Safe Sharing Tool. This tool only establishes direct contact between networks and users when the user actively clicks one of these buttons. Clicking the button constitutes consent within the meaning of Art. 6(1)(a) GDPR and Section 25(1) TDDDG. This consent can be revoked at any time with effect for the future.
This tool does not automatically transfer user data to the operators of these platforms. If the user is logged in to one of the social networks, an information window appears when using the social media elements of Facebook, X, etc., in which the user can confirm the text before submitting.
Our users can share the content of this site in compliance with data protection regulations without complete surfing profiles being created by the network operators.
The service is used to obtain the legally required consents for certain technologies. The legal basis is Art. 6(1)(c) GDPR.
This website includes elements of the social network Facebook. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
An overview of the Facebook social media elements can be found at the link list below.
If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate the visit to this website with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy (see link list below).
This service is used on the basis of your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Where personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of data and its transmission to Facebook. Processing by Facebook after forwarding is not part of the joint responsibility. The obligations we share have been set out in an agreement on joint processing. The wording of the agreement can be found at the link list below. Under this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a data-protection-compliant manner. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found at the link list below.
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
This website includes functions of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to this website with your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
This service is used on the basis of your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Where personal data is collected on our website using the tool described here and forwarded to Facebook and/or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of data and its transmission to Facebook and/or Instagram. Processing by Facebook and/or Instagram after forwarding is not part of the joint responsibility. The obligations we share have been set out in an agreement on joint processing (see link list below).
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details and further information can be found in Instagram’s privacy policy (see link list below).
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
-
Analysis tools and advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or conduct independent analyses. It only serves to manage and deploy the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in quick and uncomplicated integration and management of various tools on the website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data such as page views, time spent on site, operating systems used, and the user’s origin. This data is assigned to the user’s device. There is no assignment to a user ID.
We may also record your mouse movements, scrolling behavior, and clicks with Google Analytics. Google Analytics also uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
This service is used on the basis of your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found at the link list below.
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
IP anonymization
Google Analytics IP anonymization is activated. As a result, your IP address is shortened by Google within EU Member States or in other EEA contracting states before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data held by Google.
Browser plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the link list below.
More information on how Google Analytics handles user data can be found in Google’s privacy policy (see link list below).
Meta Pixel (formerly Facebook Pixel)
This website uses the Meta visitor action pixel for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.
This makes it possible to track the behavior of site visitors after they have been redirected to the provider’s website by clicking on a Meta advertisement. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and helps optimize future advertising measures.
The data collected is anonymous to us as the website operator. We cannot draw conclusions about the identity of users. However, the data is stored and processed by Meta so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes in accordance with Meta’s data usage policy (see link list below). This allows Meta to place ads on Facebook, Instagram, and other advertising channels. We, as the website operator, cannot influence this use of the data.
This service is used on the basis of your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Where personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of data and its transmission to Meta. Processing by Meta after forwarding is not part of the joint responsibility. The shared obligations have been set out in an agreement on joint processing (see link list below).
Data transfer to the USA is based on the EU Commission’s standard contractual clauses (see link list below).
Meta provides additional information on protecting your privacy in Meta’s privacy notices (see link list below).
You can also disable the remarketing function “Custom Audiences” in the ad settings area (see link list below). You must be logged into Facebook to do this.
If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance (see link list below).
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
Meta Conversion API
We have integrated the Meta Conversion API on this website. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.
The Meta Conversion API allows us to record interactions of website visitors with our website and pass them on to Meta to improve advertising performance on Facebook and Instagram.
In particular, the time of access, the page accessed, your IP address and your user agent, and, if applicable, other specific data (e.g., purchased products, cart value, and currency) are recorded. A complete overview of the data that can be collected can be found at the link list below.
This service is used on the basis of your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Where personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited are jointly responsible for this processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of data and its transmission to Meta. Processing by Meta after forwarding is not part of the joint responsibility. The shared obligations have been set out in an agreement on joint processing (see link list below).
Data transfer to the USA is based on the EU Commission’s standard contractual clauses (see link list below).
Further information on protecting your privacy can be found in Meta’s privacy notices (see link list below).
You can disable “Custom Audiences” in ad settings (see link list below). You must be logged into Facebook to do this.
If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta via the European Interactive Digital Advertising Alliance (see link list below).
The company is certified under the EU–US Data Privacy Framework (DPF). Further information can be found at the link list below.
-
Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter registration form takes place exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke the consent you have given to store the data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.
The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe or the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest under Art. 6(1)(f) GDPR.
Data stored for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
-
eCommerce and payment providers
Processing customer and contract data
We collect, process and use personal customer and contract data to establish, structure the content of, and modify our contractual relationships. We collect, process and use personal data on the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill for it. The legal basis is Art. 6(1)(b) GDPR.
The customer data collected will be deleted after completion of the order or termination of the business relationship and after expiry of any statutory retention periods. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for online shops, retailers and shipping of goods
When you order goods from us, we pass your personal data on to the transport company commissioned with delivery and to the payment service provider commissioned with payment processing. Only data that the respective service provider needs to fulfill its task is disclosed. The legal basis is Art. 6(1)(b) GDPR, which permits the processing of data for contract performance or pre-contractual measures. If you have given consent under Art. 6(1)(a) GDPR, we will pass your email address on to the transport company commissioned with delivery so that it can inform you by email about the shipping status of your order. You can revoke this consent at any time.
Data transfer upon conclusion of a contract for services and digital content
We transmit personal data to third parties only if this is necessary in the course of contract processing, for example to the financial institution commissioned with payment processing.
No further transfer of data takes place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.
The basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for contract performance or pre-contractual measures.