top of page

Cookies & Privacy Policy

1. General information

1.1 What is personal data 
Personal data is information that reveals or may reveal the identity of the user. I adhere to the principle of data avoidance. The collection of personal data is avoided as far as possible.

1.2 Handling of personal data 
Personal data is used exclusively for the establishment of the contract, content design, implementation, or processing of the contractual relationship (Art. 6 (1 b) GDPR).

In addition, personal data will only be processed if I have received your consent to do so (Art. 6 (1 a) GDPR) or if the processing of the data is necessary for my legitimate interests and if the balancing of interests shows that there are no overriding interests, fundamental rights or freedoms on your part to the contrary (Art. 6 (1 f) GDPR).

I may use data processors to process your personal data, with whom I have concluded a data processing agreement if necessary, but I will not pass on your personal data to third parties beyond this.

The data will only be passed on to the shipping company commissioned with the delivery for the fulfillment of the contract, insofar as this is necessary for the delivery of ordered goods. To process payments, the necessary payment data will be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.

Your personal data will be processed in the EU and countries classified by the EU as safe or appropriate. If personal data is processed in the USA, care is taken to ensure that the services I use are certified under the "Data Privacy Framework".

1.3 Usage data 
General technical information is collected when you visit the website. This includes the IP address used, time, duration of the visit, browser type, and, if applicable, the originating page. For technical reasons, this usage data is registered in a log file and can be used and stored for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.

1.4 Duration of storage
I will only store your personal data after the end of the purpose for which the data was collected for as long as this is required by law (in particular tax law).

 

The following retention periods apply in particular:

Books and records and the supporting documents pertaining to the books and records 

 

7 years (beyond that as long as they are relevant for the tax authority in pending proceedings)

 

Insofar as business papers and other documents are relevant for the levying of charges

 

7 years

 

Documents such as inventories, opening balance sheets, annual financial statements including management reports, business letters received, copies of business letters sent, and receipts for postings

 

7 years

 

Consent to data processing under data protection law

 

For the duration of the possibility of the assertion of rights by the data subject(s)

 

(Electronic) correspondence that has no relevance under tax law

 

As long as this is necessary for the fulfillment of the task unless the processing serves the assertion, exercise, or defense of legal claims.

 

Usage data in accordance with section 1.3 of this privacy policy

 

max. 30 day

 

2. Your rights

2.1 Information 
You can request information from me as to whether I process your personal data and, if this is the case, you have the right to access this personal data and to the further information specified in Art. 15 GDPR.

2.2 Right to rectification 
You have the right to rectify inaccurate personal data concerning you and may request the completion of incomplete personal data in accordance with Art. 16 GDPR.

2.3 Right to erasure 
You have the right to obtain from me the erasure of personal data concerning you without undue delay. I am obliged to delete it immediately, in particular, if one of the following reasons applies

 

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • You withdraw your consent on which the processing of your data was based and there is no other legal basis for the processing.

  • Your data has been processed unlawfully.

 

The right to erasure does not apply if your personal data is required to assert, exercise, or defend my legal claims.

2.4 Right to restriction of processing 
You have the right to demand that I restrict the processing of your personal data if

 

  • you dispute the accuracy of the data and I therefore check the accuracy,

  • the processing is unlawful and you oppose the erasure and request the restriction of use instead

  • I no longer need the data, but you need it to assert, exercise, or defend legal claims,

  • you have objected to the processing of your data and it is not yet certain whether my legitimate reasons outweigh your reasons.

 

2.5 Right to data portability 
You have the right to receive the personal data concerning you, which you have provided to me, in a structured, commonly used, and machine-readable format and you have the right to transmit those data to another controller without hindrance from me, where the processing is based on consent or a contract and the processing is carried out by automated means.

2.6 Right of revocation and objection

If the processing of your personal data is based on consent (Art. 6 (1 a) GDPR), you have the right to revocate this consent at any time. This does not affect the lawfulness of the processing carried out based on the consent until revocation.

 

Insofar as the processing of your personal data is based on Art. 6 (1 e) GDPR or Art. 6 (1 f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation in accordance with Art. 21 GDPR. I will then no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

2.7 General and right to lodge a complaint 
The exercise of your above rights is generally free of charge for you. You have the right to lodge complaints directly with the supervisory authority responsible 
for me, the data protection authority.

3. Data security

3.1 Data security 
All data on my website is protected by technical and organizational measures against loss, destruction, access, modification, and dissemination.

3.2 Sessions and cookies 
To operate the website, I use cookies or server-side sessions in which data can be stored. I only use cookies or server-side sessions that are technically necessary for the operation of this website (e.g. spam protection for the contact form, and shopping cart function) and for which the consideration shows that there are no overriding interests on your part (Art. 6 (1 f) GDPR).


4. Newsletter

If you subscribe to my newsletter, I will use the data required for this or separately provided by you to regularly send you my email newsletter based on your consent in accordance with Art. 6 (1 a) GDPR. You can unsubscribe from the newsletter at any time and can either send a message to me using the contact options provided in the legal notice or via the link provided in the newsletter. After unsubscribing, I will delete your e-mail address unless you have expressly consented to further use of your data or I reserve the right to use data beyond this, which is permitted by law and about which I inform you in this declaration.


5. Presence on social media platforms

I use the following social media platforms for company presentation and communication (explicit reference is made to the data protection declarations and opt-out options linked below).


Facebook (Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland) 
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.youronlinechoices.com

Instagram (Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland) 
privacy policy and opt-out: https://instagram.com/about/legal/privacy/

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) 
Privacy Policy: https://www.youtube.com/t/privacy/

 

These social media platforms may process personal data outside the EU; in this respect, I refer you to the above data protection declarations of the social media platforms. 
The respective social media platforms may be able to create user profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your computer in which your usage behavior is stored. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of your device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.

I process the personal data exclusively for communication with you via the social media platform you have chosen and to optimize my online presence and make sure that no interests on your part are affected here that outweigh this legitimate interest on my part (Art. 6 (1 f) GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed based on this consent (Art. 6 (1 a) GDPR).
 

 

6. Services from third-party providers

 

6.1 Hosting / Website

I have created my website with the external service provider Wix (operated by Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel) and also host it there. The personal data collected on my website is stored on Wix's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. As part of the aforementioned services, data may also be transmitted to Wix.com Inc., 100 Gansevoort St, New York, NY 94158, USA.

 

For the proper operation of the website, data connections are established to the following URLs, among others:

 

  • frog.wix.com (an analysis tool for collecting and analyzing user behavior data)

  • siteassets.parastorage.com (CDN for storing and delivering static content)

  • static.parastorage.com (CDN for storing and delivering static content)

  • static.wixstatic.com (CDN for storage and delivery of static content)

  • sentry-next.wixpress.com (improves the stability, performance, and quality of the website)

  • video.wixstatic.com (hosting and streaming of videos)

  • panorama.wixapps.net (creation and display of panoramic images, virtual tours, etc.)

  • settings.parastorage.com (storage and management of website settings)

  • ecom.wixapps.net (e-commerce functionality for our online store)

 

Wix will only process your data to the extent necessary to fulfill its performance obligations and follow my instructions with regard to this data. Wix is used for the purpose of operating the website and in the interest of a secure, fast, and efficient provision of my online offer by a professional provider. No interests of the users are affected here that outweigh this technical necessity of using the service provider (Art. 6 (1 f) GDPR). 

 

You can view Wix's privacy policy here: https://de.wix.com/about/privacy

 

6.2 Social media links
I operate my own social media pages on third-party sites, which can be accessed via links from this website. Using the links will take you to the respective websites of the third-party providers (e.g. Facebook, YouTube, Instagram). To avoid unnecessary data transfer, I recommend that you log out of the respective third-party provider before using a link so that usage profiles cannot be created by the third-party provider simply by using the link.

 

6.3 PayPal

It is possible to process the payment transaction with the online payment service PayPal of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (City), Luxembourg. 

 

The following of your data is regularly transmitted to PayPal for payment processing and also processed outside the EU:

 

  • Your e-mail address

  • Your address

  • Details of your order

  • Your IP address

 

The legal basis for the use of the service is Art. 6 (1 a) GDPR (consent) or Art. 6 (1 b) GDPR (performance of contract). 

 

Information on data protection at PayPal can be found here:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

 

6.4 Raven.js

My website uses the cdn.ravenjs.com service, a content delivery network (CDN) operated by Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA (“Sentry”), to provide the Raven.js JavaScript library. Raven.js is used to monitor and log errors in our web application in order to improve technical stability and functionality. When you use our website, your browser loads the Raven.js library from servers operated by Fastly Inc., 475 Brannan St, Suite 300, San Francisco, CA 94107, USA, a CDN provider that works with Sentry. The following data, among other things, is transmitted to Fastly Inc.:

 

  • Your IP address (in anonymized form)

  • Time of the request

  • Amount of data transferred

  • Information about your browser and operating system

 

This data transfer is technically necessary to provide the library for your browser and ensure our website's functionality. Sentry processes this data exclusively for the technical provision of the Raven.js library and error analysis. The data is not used for advertising purposes and is automatically deleted after a short time. The processing of this data is based on our legitimate interest in improving the stability and functionality of our website. No interests of users are affected here that outweigh this technical necessity of integrating the service (Art. 6 (1 f) GDPR).

 

You can view Sentry's privacy policy here: https://sentry.io/privacy/

 

You can disable JavaScript in your browser to prevent data from being sent to cdn.ravenjs.com. Please note that this may limit the functionality of our website.

 

6.5 Mollie

For payments, I use the third-party provider Mollie (Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, The Netherlands). The information you provide during the ordering process and details about your order and chosen payment method are shared with Mollie. The legal basis for this is Art. 6 (1 b) GDPR (contractual relationship). Mollie is a licensed payment institution regulated and supervised by the Dutch Central Bank. Your data will only be passed on for payment processing with the payment service provider Mollie and only to the extent necessary for this purpose. Mollie will forward the data to the payment service provider selected by you for processing. 

You can view Mollie's privacy policy here: https://www.mollie.com/de/privacy

 

 

7. Contact

You are welcome to use the following contact options to contact me regarding data protection. Controller within the meaning of the GDPR:

Mr. Alexander Kroiss
Salling 4B/1 
4791 Rainbach im Innkreis

Austria
 

E-mail: kroisspipes@gmail.com 
Phone: +436769649333

bottom of page