DATA PROTECTION DECLARATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to Articles 12, 13 and 14 of EU Regulation 2016/679
Data controller
Zacher Johann & Co.OHG
Via Castello 2
39038 I-39038 San Candido
T. +39 0474 913535
zacher@haunold.info
Privacy information - Website
Dear website visitor,
We are pleased to inform you about how your personal data is processed when you visit our website. You can also see from this information letter which rights you can exercise as a data subject.
Your personal data will be processed in accordance with EU Regulation 2016/679 (the General Data Protection Regulation) and national data protection legislation.
The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to continue using the website.
In addition, we would like to inform you that links on our website that lead to other websites have been carefully selected and checked by us. Since these websites can be updated without our knowledge and their contents can change continuously, we do not assume any liability or responsibility for them.
Purpose of processing personal data:
In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed. In addition, the website operator has a legitimate interest (Art. 6f GDPR) in providing you with a visually appealing website and a pleasant user experience. With given consent (Art. 6a GDPR), user behavior can also be analyzed, and marketing purposes pursued.
The main purpose of the data processing is the provision of our website and its contents as well as the fulfilment of your requests.
Furthermore, personal data are processed in order to offer various services:
Newsletter
Each visitor can register on the website for our newsletter using the double opt-in method. This voluntary registration and this processing can be revoked by the user at any time by clicking on the "unsubscribe" button or by sending us an email (the contact details can be found at the beginning of the information letter). Registration for the newsletter is voluntary, so the legal basis is Art. 6 1a) GDPR. The consent expires upon revocation.
For sending the newsletter we use the tool sendinblue (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin), this guarantees the exclusive processing of data in EU countries, in the context of sending the newsletter. Only the e-mail address and the consent voluntarily given by you are processed (if you have consented to this).
Contact form
The website visitor can contact the company using the contact form. For this purpose, the personal data entered by the website visitor is processed to answer the request. When the form is sent, the time and date of sending is also stored as well as the IP address and deleted as soon as the purpose has expired.
The legal basis is your voluntarily given consent (Art. 6 1a) GDPR) as well as our legitimate interest to offer you the contact form to contact us easily (Art. 6 1f) GDPR.
Transmission of personal data of special categories
We ask you not to transmit sensitive data (personal data of special categories - Art. 9 as well as Art. 10 GDPR) via the website, e.g. by using the contact form. Sensitive data should always be transmitted in an appropriately protected manner, e.g. protected with a password or handed over personally.
Online shop
All data that you enter as a customer in our online shop is processed for the purchase of the goods, the payment process and the dispatch. In the course of this, your data may be passed on to third parties (e.g. payment service providers, forwarding agents, etc.).
In the course of this, the following types of data, among others, may be processed:
o Anagraphic Data: Name, address, contact data, payment data
o Usage data (e.g. access times)
o Metadata (e.g. device information).
· Data transfer: The data processed in the online shop will be transferred exclusively within the framework of the business relationship, for the fulfilment of the pre-contractual/contractual obligations.
· Purposes of processing: The purpose of data processing is the fulfilment of your customer enquiry and pre/contractual services, provision of customer service and security measures.
· Legal Basis for processing: Contractual performance and pre-contractual requests (Art. 6 1b) GDPR) - e.g. fulfilling your request; Legitimate Interests (Art. 6 1f) GDPR) - e.g. taking security measures; Legal Obligation (Art. 6 1c) GDPR) - e.g. disclosure of fiscal data.
· Archiving period: Our archiving period is based on the legal provisions. You can exercise your right to erasure (Art. 17 GDPR) and your right to object (Art. 21 GDPR) at any time.
Without this data entry, your order cannot be properly followed up by us.
Stripe
Our website offers you payment with the payment service provider Stripe. The data controller is: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). The following data, among others, may be processed by Stripe:
· Name of the cardholder
· Customer number
· order number
· Mail address
· IP address
· Card information (validity period, verification number, card number)
· Date and time of transaction
· Transaction amount
· Information on account coverage
The provision of payment details is voluntary, however, the payment cannot be made with Stripe without this information.
Stripe assumes the role of data controller as well as processor in the data processing. As a controller, for the fulfilment of regulatory obligations (Art. 6 1f GDPR) as well as for contract execution/payment processing (Art 6 1b GDPR). As a processor, Stripe processes data in order to be able to carry out payment transactions within the payment networks.
Your data will be stored until the completion of the payment processing. This also includes the period required for processing refunds, claims management and fraud prevention. We only receive information as to whether the payment has been made and do not process or store any payment data.
For more information on how Stripe processes your data and on how to object to Stripe, please visit https://stripe.com/privacy-center/legal.
PayPal
Our website offers you payment with the payment service provider PayPal. The data controller is: PayPal Europe S.a.r.l. et Cie s.c.a, 22-24 Boulevard Royal, L-2449 Luxembourg.
We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). Among other things, the following data may be processed by PayPal:
· Name
· Address
· Contact details (such as e-mail)
· Account number
· Device information of the user
· Technical usage data
The provision of payment data is voluntary, however, without its transmission the payment with PayPal cannot be carried out.
PayPal may carry out credit checks to ensure the ability to pay. The legal basis for this is Art. 6 1f) GDPR. The legal basis for the execution of the contract is Art. 6 1b) GDPR. In the course of the credit assessment, your data (e.g. name, address, bank account details and similar) may be passed on to credit agencies (here the legal basis is Art. 6 1f GDPR - legitimate interest of the data controller). We have no influence on this and only learn whether the payment was rejected or carried out.
Your data will be stored until the payment has been processed. This includes the period required for processing refunds, claims management and fraud prevention. We only receive information as to whether the payment has been made and do not process or store any payment data.
You can find more information on how PayPal processes your data and on how to object to PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Legal basis of data processing:
The main legal basis for the processing is Art. 6b) GDPR (Fulfilment of precontractual/contractual measures) and Art. 6f) GDPR (functionality of the website) as well as the consent obtained, if given by you (Art. 6a GDPR).
Cookies
Our website uses cookies, whereby personal data can be processed.
We use three categories of cookies:
· Essential cookies - for the basic functionality of the website.
· Statistics cookies - for improving the user experience as well as for processing information on the use of the website, e.g. measuring loading times and compiling e.g. visitor statistics.
· Marketing cookies - to record the behavior and interests of the user for marketing purposes, e.g. to serve targeted advertisements.
Non-essential cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so.
Most cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website.
For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent.
You can delete your cookies at any time by, depending on your browser, usually clicking on the 3 dots/stripes at the top right and then opening the settings, entering cookies in the search field, and selecting: delete cookies/delete browser data.
Provision of the data
The provision of your data is voluntary (with the exception of the processing of navigation data) and not required by law. However, failure to provide it may result in restricted use of the website and the services offered.
Data transfer to third parties
Your data may be passed on to third parties, if necessary, but only within the scope of our business relationship, e.g. for the fulfilment of your request or, if applicable, the execution of payments via third parties and for the fulfilment of legal obligations. Your data will not be transferred to other EU countries without your explicit consent. The same also applies to the use of profiling and automated decisions.
Hosting of the website
This website is hosted by an external service provider.
For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website).
Google services
Our website uses services from the operator Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google may therefore process information and personal data. Please note that American authorities could theoretically gain access to this data due to American legislation (in particular the Cloud Act). Information on the legal framework for data transfer can be found at https://policies.google.com/privacy/frameworks.
Google Maps
This website uses Google Maps API, a mapping service provided by Google Inc ("Google"), to display an interactive map and to create driving directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U S A .
By using Google Maps, we cannot exclude that information about your use of this website (including your IP address) is transmitted to a Google server in the U S A and stored there. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
In principle, it would be technically possible for Google to identify at least individual users on the basis of the data received. It would be possible that personal data and personality profiles of users of the website could be processed by Google for other purposes over which we have and can have no influence. You have the option of deactivating the Google Maps service and thus preventing the transfer of data to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our site.
The terms of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html.
You can find Google's privacy policy at: https://policies.google.com/privacy
Facebook Pixel
Our website uses the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc. or, if you are a resident of the EU, by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
A direct connection to the Facebook servers is established via Facebook Pixel when you visit the website. This transmits to the Facebook server that you have visited this website and Facebook may be able to assign this information to your personal Facebook user account. We can thus track the effect of advertising campaigns.
It cannot be ruled out that information is transmitted to servers in non-EU countries.
If you give your consent to the use of the Facebook Pixel, it will be integrated by Facebook and a cookie will be stored on your device as described above. When you log in to Facebook, the offers you have visited are recorded in your profile. The data is anonymized for us, but Facebook can process this data.
For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at: https://www.facebook.com/business/m/privacy-and-data.
You will be explicitly asked for your consent before Facebook Pixel is activated. The legal basis is Art. 6a) GDPR.
Matomo
Our website uses Matomo (formerly Piwik) to analyze the surfing behavior of website visitors. The data processor for this open-source service is "InnoCraft Ltd", 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.
If consent is given, Matomo becomes active, a cookie is set and various data is processed, such as: IP address (shortened 2 bytes), time of access, browser type, duration of the visit, subpages visited.
Before Matomo is activated, you are explicitly asked for your consent. The legal basis is therefore Art. 6a) GDPR.
You can find the complete information letter on this at: https://matomo.org/privacy-policy/.
SSL Encryption
This site uses SSL encryption for transmission security, e.g. for enquiries in contact forms. Active SSL encryption is used to encrypt the transmission of data that you send to us.
Underage visitors
This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily)
The duration of data retention
Your data will be retained in accordance with the legal retention requirements and legal obligations applicable to us, unless a specific retention period is mentioned in this privacy policy. Fiscally relevant data will be retained for 10 years.
Information on the rights of the data subjects
You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR).
Please contact the above data controller.
You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".
This privacy Information may be updated at any time.