Data protection

1. Information about the collection of personal data and contact details of the controller

In the following privacy policy, we inform you about how we handle your personal data when you use our website. Personal data is all data that can be clearly assigned to a specific natural person.

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

Marvin Strantz
 Kreindlgasse 7/2/1
 1190 Vienna
 +43 (0) 664 149 02 28
 office@gm-strantz.at

To minimize potential security gaps and to protect the transmission of personal data and other confidential content, this website uses SSL or TLS encryption for security reasons. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your URL bar.

2. Server data

When you visit our website, we only collect data that your browser transmits to our server or web space provider (so-called server log files). These are technically necessary to display the website to you:

  • Browser type and version
  • Operating system used
  • Date and time of access
  • Website from which you visit us (referrer URL)
  • Browser used
  • Operating system used
  • IP address used (possibly anonymized)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our interest in improving the stability and functionality of our website. The data may be evaluated for statistical purposes. The data will not be passed on or used for any other purpose.

3. Cookies

We use so-called cookies on our website to make visiting our website attractive and to enable the use of certain functions. Cookies are small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device for longer and enable page settings to be saved (so-called "persistent cookies"). For persistent cookies, you can find out how long they are stored for in the overview of the cookie settings in your web browser. You can prevent the installation of cookies by setting your browser accordingly. In this case, the functionality of our website may be restricted.

4. Contact option

You can contact us via email and/or a contact form. In this case, the information provided by the user will be stored for the purpose of processing their contact and for the necessary technical administration. It will not be passed on to third parties. The data collected in this way will also not be compared with data that may be collected by other components of our website. Once your request has been processed, your data will be deleted.

5. Data processing for order processing

To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company in accordance with Art. 6 (1) (b) GDPR. If the transfer of personal data to the respective payment provider is necessary for the conclusion of the contract, this data will be passed on to the responsible payment provider. Below we inform you about the payment providers offered as part of the contract processing.

Use of payment service providers

PayPal

When paying via PayPal, your payment data will be transferred to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. This transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to conduct a credit check for payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “payment by installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. This transfer serves to verify your identity and creditworthiness in relation to the order you have placed. Information about these credit agencies and what data PayPal generally collects, processes, stores, and passes on can be found in PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

Apple Pay

If you choose to use the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the "Apple Pay" function on your iOS, watchOS, or macOS device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. To authorize a payment, you will need to enter a previously specified code and verify your payment using your device's "Face ID" or "Touch ID" function.

For payment processing, the information you provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to process the payment. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successful. This anonymization completely eliminates any personal identification. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, your Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027

Google Pay

If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment will be processed via the "Google Pay" application on your mobile device running at least Android 5.0 ("Lollipop") and equipped with NFC by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification method configured (e.g., facial recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay to the originating website in the form of a unique transaction number, which is used to verify a successful payment. This transaction number does not contain any information about the actual payment data of your payment method stored in Google Pay, but is created and transmitted as a one-time, valid numeric token. For all transactions via Google Pay, Google acts solely as an intermediary to process the payment process. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made through Google Pay. This includes the date, time, and amount of the transaction, the merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer, or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) (f) GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and maintenance of the functionality of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information that is collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Stripe (credit card payment)

If you choose a payment method from the payment service provider Stripe, payment processing will be carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information you provided during the ordering process, along with information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Further information on Stripe's data protection can be found at the URL https://stripe.com/at/privacy#translation .

Stripe reserves the right to conduct a credit check based on mathematical and statistical procedures in order to protect its legitimate interest in determining the user's ability to pay. Stripe may transmit the personal data required for a credit check and obtained during payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values ​​(so-called score values). To the extent that score values ​​are included in the result of the credit report, these are based on a scientifically recognized mathematical and statistical procedure. Address data, among other things, but not exclusively, is used in calculating the score values. Stripe uses the result of the credit check with regard to the statistical probability of default to decide on eligibility for the selected payment method.

You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.

However, Stripe may still be entitled to process your personal data if this is necessary for the contractual payment processing.

6. Web analysis services

Our website uses the WP Statistics analytics plugin from Veronalabs (5460 W Main St, Verona, NY 13478, United States). This plugin provides us with simple statistics about the use of our website.

What is WP Statistics?

This plugin is analytics software specifically developed for websites that use the WordPress content management system. WP Statistics does not set any cookies, and the data collected cannot be used to identify you as an individual.

Why does our website use WP Statistics?

With the help of WP Statistics, we obtain simple statistics to improve our website. We want to tailor our website and the products offered on it as best as possible to your needs and wishes, and the statistics we receive should help us do this.

What data does WP Statistics store?

WP Statistics does not use cookies, and the data collected is used only to compile anonymous statistics about the use of our website. WP Statistics also anonymizes your IP address, so you cannot be identified as an individual.

WP Statistics collects visitor data (so-called Visitors' Data) when your web browser connects to our web server. This data is stored in our database on our server, for example:

  • Browser type and version
  • Operating system used
  • Date and time of access
  • Website from which you visit us (referrer URL)
  • Browser used
  • Operating system used
  • IP address used (possibly anonymized)
  • Country/City Information
  • Number of visitors coming from a search engine
  • Duration of stay on the website
  • Clicks on the website

The data will not be passed on.

How long and where is the data stored?

All data is stored on the server of our web hosting provider until it is no longer needed for the purposes stated above.

How can I delete my data or prevent data storage?

You have the right to information, correction or deletion, and restriction of the processing of your personal data at any time. You can also revoke your consent to data processing at any time.

Learn more about WP Analytics’ privacy policy at https://wp-statistics.com/privacy-and-policy/ .

7. Tools

Cookie Consent Tool

This website uses the Cookie Consent Tool Complianz BV to obtain effective user consent for cookies and cookie-based applications that require consent.

Kalmarweg 14-5, 9723 JG (NL)

The "Cookie Consent Tool" is displayed to users when they visit the site in the form of an interactive user interface, where they can grant consent for specific cookies and/or cookie-based applications. Using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent. This ensures that such cookies are only placed on the user's device if consent has been granted.

The tool uses technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for processing is Art. 6 (1) (c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user's consent.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

8. Rights of the data subject

The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective conditions for exercising them:

  • Right to information pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to information pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to revoke consent given in accordance with Art. 7 (3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCE OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

If you exercise your right to object, we will stop processing the data in question. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right of objection as described above.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

9. Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of the processing and – where applicable – also by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of an express consent in accordance with Art. 6 (1) (a) GDPR, this data will be stored until the data subject revokes his or her consent.

If there are statutory retention periods for data that are processed within the framework of legal transactions or obligations similar to legal transactions on the basis of Art. 6 (1) (b) GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer required to fulfil or initiate a contract and/or we no longer have a legitimate interest in continuing to store them.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) (f) GDPR, these data will be stored until the data subject exercises his or her right of objection in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.