Search
Search
Advanced Search
Cart 0
Links
  • Contact Us
  • Compare ()
  • Sign In
  • Create an Account
Toggle Nav
Menu
Account

PRIVACY POLICY

Information about the processing of your personal data on our website/online shop.

  1. General information

We are delighted that you have visited our website and that you want to find out more about our products. We are committed to protecting your privacy and the confidentiality of your personal data. We strictly comply with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (Datenschutzgesetz, DSG) and other applicable legal provisions on the protection, lawful handling and confidentiality of personal data. This document explains how we process your personal data and what our responsibilities as the data controller are.

This policy is based on the statutory provisions in place at the time of publication. We reserve the right to change or modify this privacy policy. Please contact us using the contact details provided if you have any questions or suggestions. This version of our privacy policy was issued: 09/2020

  1. Data controller as defined in the terms of the GDPR/contact information

die Nageltante
owner: Antonia-Sophie Probst Doppler

Alzenauerplatz 9/3/2
2511 Pfaffstätten
Austria

Email: hallo@dienageltante.at

A data protection officer pursuant to Art. 37 GDPR has not been appointed.

 

  1. Purposes of data processing, legal basis and retention period


Website visits in general:

We collect and store access data when you visit our website/online shop. This information specifically includes your IP address, the date and time you accessed the website, the name of the page you accessed, the referrer ULR (the URL from which you visited our website), the amount of data transferred, loading times, product information and version of your browser, and the name of your access provider. This data is stored in log files or access logs, which is carried out to ensure our website continues to run smoothly and is easy to use. The legal basis for this is our legitimate interest according to Art. (6) (1) (f) GDPR. This is to ensure the website consistently functions correctly and is safe and accessible for all users.

This information does not allow us or any other parties to infer your identity.

The data is stored and automatically deleted once the purposes outlined above have been achieved. We are careful to ensure that we only store/retain the data for as little time as possible.

Ordering items from the online shop:

When ordering/purchasing goods via our webshop on our website, you provide us with personal data (e.g., your first and last name, billing and delivery address, contact information such as email and telephone number, and specific data relating to communication and payments). We use this data in order to perform a legal contract pursuant to Art. 6 (1) (b) GDPR in order to fulfill our contractual obligations (to process orders, send order confirmations, for labeling purposes, to send goods, to carry out any necessary inquiries, etc.).

We process your data as long as this is necessary for the fulfillment of the stated purposes. Your data will be deleted after the contract has been processed, as long as you do not create a customer account and/or agree to us storing your data for a longer period. This excludes any data that is retained in order to fulfill legal obligations (e.g. statutory archive requirements for accounting reasons) and specific data that we legitimately retain in order to assert, exercise or defend our legitimate interests.

Customer accounts:

We offer you the opportunity to set up a customer account on our website/webshop. The purpose of the customer account is to simplify the purchasing process (entering details, placing orders, reserving goods, etc.).

When setting up a customer account, it is necessary to process your first and last name, and your email address. Your active orders/goods purchased (your buying behavior) are also stored on your customer account.

In addition to providing specific data when you place an order, it is also necessary to enter a password of your choice when you set up a customer account. This is used together with your email address to access your customer account. Please ensure you keep your password safe and do not reveal it to unauthorized third parties. Please be aware that you will remain automatically logged in to our website when you leave the site unless you have actively logged out. You can delete your customer account any time. However, please note that once you have placed an order, the data shown on the customer account will not be deleted at the same time. Your data will be deleted automatically once any obligations we have to comply with to retain your data under commercial and tax law have expired.

The legal basis for data processing in relation to your customer account is Art. 6 (1) (a) GDPR (consent) and, if applicable, Art. 6 (1) (b) GDPR (contract processing). When you create a customer account, you agree that your data will be processed in order to create and manage your customer account. You can revoke your consent at any time by clicking on “delete account” or by sending us a message.

If you log in to your customer account when placing an order or if you create a customer account during the ordering process, the legal basis for data processing is also Art.6 (1) (b) GDPR (contract/contract processing). Your personal data is therefore processed at a pre-contractual stage.

The data/information about your customer account will be stored/processed as long as the customer account exists. If a customer account is not used for a longer period (customer has not logged in or has not ordered anything via this account), we will ask you whether you would like to continue using the account. If you do not respond to our message, we will delete your account after a reasonable amount of time and will stop processing your data. We carry this out in accordance with data protection principles and in your interests.

Contact form:

We have a contact form on our website that can be used to get in contact with us electronically. You should enter your name, email address, and type a message on this contact form. You can also include your telephone number if you desire. This data allows us to process your inquiry and to respond accordingly. The legal basis for processing your data is Art. 6 (1) (a) GDPR. Alternatively, you can contact us via the email address provided.

We use this data to answer any queries you may have. We will delete your data once we have answered your inquiry to your full satisfaction.

Newsletter:

We offer you the opportunity to subscribe to our newsletter. It is issued several times a year and includes information about our products, campaigns, events as well as other interesting and useful information. We process your email address, your first and last name so that we can send you the newsletter.

The legal basis for processing this data is Art. 6 (1) (a) GDPR (consent). Once you subscribe to the newsletter on our website/online shop, you have given us your consent to process your data. You can revoke your consent at any time by clicking on the unsubscribe link contained in the newsletter. Alternatively, you can revoke your consent by email.

We use the double opt-in procedure to avoid the misuse of email addresses. We understand that you have agreed to receive our newsletter as soon as you click on the link we send to your email address. This is not the same as registering on the website.

We only process your data for as long as your declaration of consent is valid (and you have not revoked it).

 

  1. Data transfer and recipients

Website visits in general:

As a rule, we only pass on any data we have collected during your visit to our website if this is absolutely necessary in order to fulfill our stated purposes (operation and maintenance of the website through our service provider CASC – complete service agency GmbH, Heigerleinstrasse 2/4-9, 1160 Vienna). However, we may also be obliged by law or by the authorities to pass on data to third parties (e.g., to law enforcement agencies).

Ordering items from the online shop:

When processing orders you have placed with us, we forward your data to the payment service provider you have chosen to use. Only such data is transferred that is required to process the payment transaction.

The payment service providers available are PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, and Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. We work in partnership with Klarna who process instant transfer and direct debit payment methods. If you choose to pay by one of these methods, your data will need to be transferred to Klarna.

The legal basis for processing this data is Art. 6 (1) (b) GDPR – data processing is required in order to fulfill the contract (payment processing). In certain cases, the payment services mentioned above may carry out separate creditworthiness checks and transmit data to additional third parties (credit agencies) in order to do so.

PayPal’s privacy policy can be found here: https://www.paypal.com/at/webapps/mpp/ua/privacy-full?locale.x=de_AT#1-rev.

Klarna’s privacy policy can also be found here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

We may work in partnership with logistics service providers/transport companies and/or shipping partners in order to deliver the goods you have ordered. The following data may be transferred to them so that they can deliver the goods you have ordered or so they can provide delivery notifications: first name, last name, postal address, telephone number. The data in question will only be transmitted in order to fulfill these purposes and will be deleted after the goods have been delivered.

We store the data we have collected over the period of the contract until any legal, warranty and guarantee rights have expired. When this period has expired, we retain the information required by company and tax law relating to the contractual relationship for the periods specified by law. The data is only processed during this period if an audit is carried out by the financial authorities.

 

  1. Data subject rights/your privacy rights

You have a number of rights you can exercise in relation to the processing of your personal data. You can exercise all these rights informally and free of charge (by email, telephone, or post) once you have proven your identity by contacting us at the address given below. Further details on exercising your rights:

Right of access: You can submit an informal request to access your data we have processed at any time. In this case, we will provide you with information in writing about the data we have stored about you. We will also explain why we are using the data, the type of recipients who receive this data and how long we intend to store it. We will comply with your request for information without delay, but within one month at the latest.

Right to deletion: You have the right to ask for your data that we have processed to be deleted at any time. Your request can be submitted informally. We will comply with this request if we no longer need to use your data for the reason it was originally collected, if you revoke any existing consent, if your data has been processed unlawfully or if it is necessary to delete the data in order to fulfill a legal obligation.

Right of rectification: We will correct any of your data that is incomplete or has been processed incorrectly in error. Simply send us an informal message and we will comply with your request.

Right to restrict processing: If it is not possible to delete your data or if you do not wish this to happen, but you do not wish your data to be used for reasons other than because it needs to be stored, we are obliged to restrict the way we continue processing your personal data when you instruct us to do so.

Right to data portability: We will give you access to your data which we have collected due to the fact we have entered into a contract with you or because you have consented to this. Once you have submitted an informal request for this data, we will provide you access free of charge and the data will be provided in a commonly used file format. You can use this data for your own purposes and pass it on to other contractual partners. If you wish, and if it is technically feasible, we will also transfer your data directly to an addressee named by you. In this case, we will let you know once the data has been transferred. We will comply with your request without delay, but within one month at the latest.

Right to revoke consent: You can revoke your consent to data processing at any time with effect for the future. If you choose to revoke your consent, we will stop processing your data. The lawfulness of the data processing carried out until this point is not affected when you revoke your consent.

Right to object: When we process your data based on our legitimate interests, you have the right to object to its further processing under the General Data Protection Regulation (GDPR). If you exercise this right, we will no longer process your data for the purpose that has given you cause to object – unless we have legitimate grounds to continue processing your data which override your interests, rights, and freedoms, or if continuing to process the data is necessary in order to assert, exercise or defend legal claims.

 

  1. Right of appeal

The EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundes-Datenschutzgesetz, BDSG ) guarantee all the rights outlined above. If you believe that we have violated any of these rights, you have the right to complain to a data protection supervisory authority.

Our business falls within the jurisdiction of the following data protection authority:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Telephone: +43 1 521 52-25 69
Email: dsb@dsb.gv.at

Claims that you are entitled to make against us on other legal grounds remain unaffected by this. We would be grateful if you would give us the opportunity to address any concerns or to help clarify any issues before involving the supervisory authority.

  1. Data security

We take all necessary and appropriate technical and organizational security measures to protect your personal data from loss and misuse. Your data is stored in a secure, state-of-the-art operating environment.

Access to our website is secured via HTTPS. This means that communication between your device and our servers is encrypted.