Data protection

1. Name and contact details of the data controller  

This data protection information applies to data processing by:

Controller: Communication Agency GmbH, comm.ag, Mitterweg 60, 6020 Innsbruck, Austria, email: bestellung@h-einz.com 

2. Collection and storage of personal data as well as form in and purpose for which they are used 

a) When visiting our website 

Even when merely accessing our website www.h-einz.com, information is sent automatically - that is, without any manual input from you - by the browser used to the server hosting our website. This information is stored temporarily in a log file. The following information is collected in this process without any manual input from you and will be stored until automatic deletion:  

IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access is made (referrer URL), content of the request of the browser used and, if applicable, the operating system of your computer and the name of your access provider, language and version of the browser software, time zone difference to Greenwich Mean Time (GMT) 

The data mentioned are processed by us in order to allow the viewing of the website technically, as well as to ensure its stability and security. 

The IP addresses are stored anonymously in the log files. By deleting several last digits of the IP addresses, there is no longer any personal reference. 

The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data processing that are listed above. Under no circumstances will we use collected data to draw conclusions regarding your person. 

In accordance with Art. 6 (1) lit. c), Art. 32 GDPR, we are obliged to ensure data security and also base data processing on this aspect. 

b) When using our contact form and making contact via email 

For questions of any kind, we offer you the possibility to contact us via a form provided on the website. This requires a valid email address and name to be provided so that we know from whom the request originates and can answer it. Additional information may be provided voluntarily. Furthermore, on our website there are email links (mailto) which can be used for electronic contact. 

In this way, we comply with the legal requirement to enable fast electronic contact. The data processing is thus based on Art. 6 (1) lit. c GDPR as the legal basis. However, other purposes are relevant: The data processing for the purpose of making initial contact with us is carried out in accordance with Art. 6 (1) sentence 1 lit. f GDPR on the basis of our legitimate economic interest to enable new customers to make uncomplicated contact. Further, the making of contact allows our customers and us to perform pre-contractual measures and to fulfill the contract pursuant to Art. 6 (1) sentence 1 lit. b) GDPR. Moreover, the processing of the data from the contact form can be based on Section 6 (1) sentence 1 lit a GDPR and on your consent, provided this is obtained. 

The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request you made. 

c) Use of our online shop 

If you wish to order in our online shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information necessary for the execution of the contracts is marked separately, further information is voluntary. We process the data you provide in order to process your order. For this purpose, we can forward your payment data to our bank. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. 

You can voluntarily create a customer account, through which we store your data for future purchases. When you create an account under "My Account", the data you provide will be stored in a revocable manner. You can always delete all further data, including your user account, in the customer area. 

We also use cookies for our online shop. See section 3 of our declaration for detailed information on the cookies placed by the online shop. 

We can also process the data you provide to inform you about other interesting products from our portfolio or send you emails with technical information.

Due to stipulations under commercial and tax law, we are obliged to retain your address, payment and order data for the duration of ten years. However, after two years, we restrict the processing, i.e. your data will only be used to comply with legal obligations.  

To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology. 

 

3. Cookies/data stored on the user's terminal 

Our website uses cookies. The use of cookies serves to make our offer more pleasant and to identify you if necessary for subsequent visits. Detailed general information about cookies can be found at https://de.wikipedia.org/wiki/HTTP-Cookie

Cookies are small text files that are saved on your hard drive under allocation to the browser. The storing location is thereby supplied with information. Cookies cannot run programs or transmit viruses to your computer. They are designed to make the overall Intel offering more user-friendly and effective. 

There are two different types of cookies, transient cookies and persistent cookies. These cookies differ in the way they can be deleted and in their function: 

Persistent cookies are automatically deleted after a specified period; how long depends on the cookie. Persistent cookies can be deleted at any time in the security settings of your browser. 

Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies will be deleted when you log off or close the browser. 

We recommend that you periodically delete your cookies and browser history manually to make it difficult to monitor and track your page views. 

You can configure your browser setting according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. However, you may not be able to use all the features of this website. 

Cookies are generally used on the legal basis of Art. 6 (1) sentence 1 lit. a GDPR, i.e. only with your consent.  

The legal basis is Art. 6 (1) sentence 1 letter f GDPR, whereby our legitimate interest derives from the stated purposes. Within the scope of fulfillment of the contract (shop), we may refer to Art. 6 () sentence 1 lit. b GDPR.  

The consent manager provided by Shopware is used to obtain the consent. This collects all cookies used and all plugins. 

By law, we may store cookies on your device if they are absolutely necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different cookie types. Some cookies are placed by third parties that appear on our pages. You can change or revoke your consent at any time from the cookie statement on our website. 

Learn more about who we are, how to contact us, and how we process personal data in our privacy policy. 

 

4. Matomo 

We use Matomo, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo") for web analysis.  

Matomo stores cookies on your device, which enable an analysis of your use of our website. The information thus collected is stored exclusively on our server. We collect the following personal data; two bytes of your IP address, the website accessed, the website from which the user accessed the website accessed (referrer URL). 

We use Matomo with the setting "Anonymize Visitors’ IP addresses." This shortens the processing of IP addresses and excludes direct personal references. The software is set so that the IP addresses are not saved completely, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us. 

The legal basis for the processing of your personal data is our legitimate interest according to Section 6 (1) lit. g GDPR in the optimization of our website. By using Matomo, we can continuously improve individual functions and offers. Your personal data collected by us will be deleted after a storage period of 90 days. 

You can prevent the evaluation of your personal data by deleting existing cookies and disabling the storage of cookies in your web browser settings. Please note that in this case you may not be able to use all functions of this website to the full extent.  For more information on data protection at Matomo, please see the privacy policy at: matomo.org/privacy-policy/

 

5. Disclosure of data, especially payment service providers 

Your personal data are not disclosed to third parties for any purposes other than the purposes listed below. 

We will only disclose your personal data to third parties if: 

  • you have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR, 

  • disclosure is necessary pursuant to Art. 6 (1) sentence 1 lit. f GDPR in order to assert, exercise or defend our legal claims and if there is no reason to assume that you have an outweighing protectable interest in the non-disclosure of your data, 

  • in case of a legal obligation to disclosure in accordance with Art. 6 (1) sentence 1 lit. c GDPR, as well as 

  • this is legally permissible and is required according to Art. 6 (1) sentence 1 lit. b GDPR for the processing of contractual relations with you; this applies in particular to the transmission of data to mail order service providers, such as transporters, forwarders as well as postal and parcel service providers 

  • For the processing of payments, we pass on the payment data required for this purpose to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you in the order process.  

This is done to fulfill contractual obligations according to Art. 6 (1) lit. b) GDPR if you choose the corresponding payment method. Details on the payment services: 

  • Payment shall be made by credit card. The payment method must be selected at the conclusion of the order; the following payment service providers are involved 

  • Stripe service (credit card) 

If payment is made via credit card, payment shall be processed via the payment service provider Stripe, 8th St STE 100, San Francisco, CA 94110-2043, USA, to which we shall pass on the information about your order including name, address, account number, bank code, credit card number, if applicable, invoice amount, currency and transaction number. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Ltd. The privacy policy of Stripe can be found at: 
https://stripe.com/at/privacy  

 

6. Rights of data subjects 

You have the right: 

  • pursuant to Art. 15 GDPR, to request information about your personal data that we process. In particular, you may demand information regarding the purposes of processing, the category of personal data, the categories of recipients towards whom your personal data were or are disclosed, intended storage period, existence of a right to correction, deletion, restriction of processing or objection, the existence of the right to file a complaint, the origin of your data if they were not collected by us, as well as the existence of an automatic decision-making process including profiling and, where applicable, conclusive information regarding their particulars; 

  • pursuant to Art. 16 GDPR, to request the immediate correction or completion of your personal data that we have saved; 

  • pursuant to Art. 17 GDPR, to request the deletion of your personal data that we have saved, unless processing is required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or in order to assert, exercise or defend legal claims; 

  • pursuant to Art. 18 GDPR, to request the restriction of processing of your personal data insofar as you contest its accuracy, if its processing is unlawful, but you object to its erasure, and if we no longer require the data, but you require it in order to assert, exercise or defend legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 GDPR; 

  • pursuant to Art. 20 GDPR, to receive the personal data which you have provided to us in a structured, commonplace and machine-readable format, or to request their forwarding to another responsible person; 

  • pursuant to Art. 7 (3) GDPR to revoke at any time any consent you granted us. This will have the consequence that we will no longer be allowed to continue any data processing that was based on this consent in the future and 

  • pursuant to Art. 77 GDPR, to submit a complaint to a regulatory authority. Usually, you can contact the supervisory authority at your habitual place of residence or work or the supervisory authority at our place of business for this purpose. The address of the supervisory authority responsible for our corporate headquarters is:  
     
    Austrian Data Protection Authority 

  • Barichgasse 40-42 

  • 1030 Vienna

  • Phone: +43 1 52 152-0 

  • Email: dsb@dsb.gv.at 

 

7. Right to object  

Insofar as your personal data are processed pursuant to Art. 6 (1) sentence 1 lit. f GDPR on the basis of legitimate interests, you have the right, pursuant to Art. 21 GDPR, to submit an objection to the processing of your personal data insofar as the appropriate reasons exist which arise from your particular situation or if the objection is aimed at direct advertisement. In the latter case, you have a general right to objection which we will implement without indication of any special situation. 

If you wish to make use of your right of revocation or objection, simply send an email to info@h-einz.com 

 

8. Right of revocation for consents 

If the processing of your data is based on a consent given to us, you can revoke this at any time. Such a revocation affects the admissibility of the processing of your personal data after you have given it to us. 

If you wish to make use of your right of revocation, simply send an email to info@h-einz.com 

 

9. Data erasure and storage period 

Personal data will be either erased or blocked once the purpose of such storage ceases to be relevant. Longer storage takes place only if statutory regulations or other regulations govern this. In particular, this relates to data which are held for commercial and tax reasons, i.e., for example, the invoice data of your purchase. In any case, a blocking or erasure takes place when a storage period regulated by these regulations expires. An exception to this rule exists only if there is a need for further storage for the conclusion of the contract or fulfillment of the contract. 

 

10. Automated decision-making  

We do not use automated decision-making or profiling. 

 

11. Data security 

When you visit the website, we use the common SSL procedure (Secure Socket Layer) in combination with the respective highest degree of encryption that is supported by your browser. This usually is a 256 bit encryption. If your browser does not support 256 bit encryption, we will use the 128 bit v3 technology instead. You can see whether individual pages of our website are transmitted in encrypted form by the ‘closed’ icon of the key or lock symbol in the lower status line of your browser. 

Apart from the above, we use appropriate technical and organizational security measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or access by unauthorized third parties. Our security measures are subject to continuous advancement according to technological developments. 

 

12. Recency of and changes to this privacy notice

This privacy notice is currently valid. It is dated 09/05/2022. 

On the basis of the further development of our website and its associated content, or on the grounds of changes to legal and/or official regulations, it may be necessary for us to amend this privacy notice. You can view and print out the currently valid privacy notice on the website, https://www.h-einz.com/datenschutz, at any time. 

 

13. Sendinblue 

We use the Sendinblue newsletter tool for the newsletter registration. If you indicate in the contact form that you would like to receive our newsletter or fill out the form on the registration page, your data will be passed on to Sendinblue. How your data is processed there can be found in the Sendinblue privacy policy: https://de.sendinblue.com/legal/privacypolicy/