1.1. EasyMotionSkin Tec GmbH, FN 446877y, 6103 Reith bei Seefeld, E: email@example.com, T: +43 1 53 21 400 (hereinafter "we" or "us") processes personal data. With this document, we would like to inform you about the processing of your personal data in accordance with the provisions of the Data Protection Regulation (DSGVO), the Telecommunications Act (TKG) and the Data Protection Act (DSG) in connection with the use of our website https://des21.com ("Website").
2.2.Personal data (hereinafter referred to as "data") are all data that contain information about personal or factual circumstances of natural persons, for example name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc.. Data of legal persons are not subject to the provisions of the GDPR.
2.3. Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4. Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
2.5. Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
2.6. Recipient means a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed, whether or not a third party.
3. Purpose and legal basis of the processing of personal data
3.1. We process your data if this is necessary for the fulfillment of a contract or due to a legal obligation or if you provide us with this data voluntarily. For data processing going beyond this, we obtain your consent before processing the data. If our legitimate interest in data processing outweighs your interest in data protection, processing may also take place without your consent. There is no automated decision-making including profiling.
3.2. No registration is required to use our website. Under certain circumstances, registration may be required to use certain services on our website. When registering a user account, we collect the requested personal data, which is usually salutation, name, e-mail, telephone number and address.
3.3. As a rule, we collect your data directly from you. However, in the context of the conclusion of the contract, it may happen that we collect your data from third parties.
3.4. In particular, the following categories of personal data ("Data") are processed:
|Contact information (name, address, e-mail address date of birth)||This data is necessary to initiate and conclude a contract via the webshop and is only collected when a user account is created.||Art 6 para 1 lit b, lit c DSGVO|
|Payment information (credit card number, SEPA direct debit or Paypal)||This data is necessary for the payment of the order and is processed through our payment service provider.||Art 6 Abs 1 lit b DSGVO|
|Billing information (name, address, VAT, means of payment)||Invoice information must be processed due to accounting and tax regulations.||Art 6 Abs 1 lit c DSGVO|
|Technical information (IP address, operating system)||This data is necessary so that the website and web store opened via your initiative can be displayed to you in the correct form using our eCommerce system.||Art 6 para 1 lit f DSGVO.|
|E-mail address||Your e-mail address may be processed for the purpose of sending newsletters or other direct advertising by our shipping service provider, provided that you have given your consent.||Art 6 Abs 1 lit a DSGVO|
|Marketing information||Through analysis tools, your interactions on the website and the webshop are recorded and thus your interests are collected. This data is processed for analysis and marketing purposes in order to offer you relevant products and services.||Art 6 Abs 1 lit a DSGVO|
3.5. There is no obligation to provide the data listed. In some cases, the processing of data is necessary for the conclusion of a contract or due to legal obligations.
4. Recipients of personal data
4.1. Recipients assist us in complying with statutory or legal obligations, in initiating and performing contracts, in providing services that require your consent, or in carrying out processing that is in our legitimate interest, such as marketing activities in particular. We transfer or partially disclose the data in particular to the following recipients (processors or data controllers):
|IT service provider||Operation of our IT system, in particular e-mail services, hosting services, etc.||Legitimate interest|
|Subcontractor||If and insofar as services are not provided by us and a justification exists||Legitimate interest|
|Tax consultant, accountant||Processing of data for tax or accounting reasons||Legitimate interest|
|Lawyer, Court||If necessary for the enforcement or defense of claims||Legitimate interest|
|Partner company||For the provision of services by our partner companies||Legitimate interest|
|Analysis tool||Google Ireland Limited||Legitimate interest||Link|
|Payment Service Provider||PayPal (Europe) S.à r.l. et Cie, S.C.A.||Legitimate interest||Link|
|Map service||Google Ireland Limited||Consent||Link|
|CSS Fonts||Google Ireland Limited||Legitimate interest||Link|
4.2. We only transfer your data to other recipients if you have either given us or the recipient your consent to the transfer of data, if the transfer of data is necessary for the conclusion or fulfillment of the contract, or if we are legally obligated to transfer data.
4.3. Some recipients or processors process data outside the European Union in a third country. We only transfer data to third countries if an adequacy decision of the European Commission pursuant to Article 45 of the GDPR is available or if the recipient guarantees us (for example, through standard contractual clauses, binding internal data protection regulations, approved codes of conduct, etc.) that appropriate safeguards pursuant to Article 46 of the GDPR exist for an adequate level of data protection for the data. There is no adequacy decision for recipients in the United States of America. There is no intention to transfer data to an international organization. For more detailed information on the appropriate safeguards, please contact us.
5. Storage period or criteria for determining
5.1. In principle, data is only stored for as long as this is necessary due to statutory retention obligations. In addition, data may be stored if this is necessary to enforce or defend against claims by third parties. Important storage periods can be found below:
|Obligation under company law to keep records in accordance with §§ 190, 212 UGB:||7 years|
|Obligation under VAT law to retain invoices in accordance with § 11 para 2 3rd subparagraph UStG:||7 years|
|Obligations under VAT law to retain export documents in accordance with § 7 (7) UStG:||7 years|
|Warranty according to § 933 ABGB:||2 years|
|Purchase price claim for movable property under § 1062 in conjunction with § 1486 ABGB:||3 years|
|Claims arising from a contract for work and services pursuant to § 1486 ABGB (if the service was rendered within the scope of a commercial or other business operation):||3 years|
|General damages according to § 1489 ABGB (compensation claims):||3 years/30 years|
|Liability claims according to § 13 PHG:||10 years|
6.2. Some cookies are only stored until you close the browser again (session cookies), whereas certain cookies are stored for a longer period and can recognize you on this page (persistent cookies). Cookies can be set either by us (1st party cookies) or by other providers (3rd party cookies). Some cookies are absolutely necessary for the website to function (indispensable cookies), some cookies record visits and the visitor's origin and measure this data without the cookies being able to establish reference to your person (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).
6.3. Via the cookie declaration when visiting the website and the webshop for the first time, you can select which cookies you want to allow. Your consent is required for marketing cookies. If you want to revoke your consent or change your cookie settings, you can make this change directly in your browser.
7.1. The provider of the following services is Google Ireland Limited, Reg# 368047, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin.
7.2. Google Analytics
7.2.1. Google Analytics is a service for collecting, collating and evaluating data on the behavior of visitors to websites. Google uses the data and information obtained, among other things, to evaluate the use of our website and to provide other services related to the use of our website.
7.2.2. Google Analytics sets a cookie. By setting the cookie, Google is enabled to analyze the use of our website. This cookie causes the internet browser to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
7.2.3. We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address is shortened and anonymized by Google.
7.2.4. For more information, please visit https://www.google.com/intl/de_de/analytics/ and https://www.google.de/intl/de/policies/privacy/. If you wish to object to this data processing, please contact us for more information. Opt-out is possible by installing the following plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
7.3.1. This site uses the map service Google Maps via an API. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server and stored there. The provider of this site has no influence on this data transmission. The use of Google Maps takes place only with your consent pursuant to Art. 6 para 1 lit a DSGVO.
8.1. A dispatch of the newsletter takes place with your consent or a legal permission. If you would like to receive our newsletter, only your e-mail address is mandatory, otherwise no newsletter can be sent. Information beyond your e-mail address is optional and only serves to personalize the offer (e.g. by selecting a subject area on which information is to be provided in the newsletter). The data is used for the purpose of sending advertising. The data will be deleted as soon as you revoke your consent to receive the newsletter. You can send us the revocation via the contact details below. Alternatively, you can unsubscribe directly in the newsletter
8.2. To send the newsletter, we need your confirmation that you are the owner of the e-mail address (so-called double opt-in). This confirmation is necessary to ensure that you have actually registered for the newsletter. The registrations for the newsletter are logged in order to be able to prove the registration process. This includes the storage of the registration and confirmation time on the one hand, and the IP address on the other. Likewise, changes to your stored data are logged. You can unsubscribe at any time using the unsubscribe option provided in the newsletter.
8.3. In the course of retrieving the newsletter, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected by a web beacon. This information is used for the technical improvement of the services based on the technical data or the target groups and reading behavior or access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons.
8.4. This website uses the services of Sendinblue GmbH, Köpenickerstraße 126, D-10179 Berlin, for sending newsletters. Sendinblue is a service with which, among other things, the sending of newsletters can be organized and analyzed.
8.5. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
9. Contact form
9.1. If the contact form is used, the personal data you provide is automatically stored. Depending on the contact form, different personal data are provided as mandatory fields. Insofar as the collection of personal data is designed as a mandatory field, the provision of this data is required in the context of contract performance or initiation or due to legal obligations.
9.2. Such data is stored for the purpose of processing or contacting. In principle, this personal data is not passed on to third parties.
9.3. The personal data you provide will be stored for as long as is necessary in the context of enforcing and/or defending claims or due to a legal obligation.
10. Your rights
10.1. Right to information
You have the right to request confirmation as to whether personal data is being processed; if this is the case, you have the right to obtain information about this personal data. The following information is collected:
- the purposes of processing;
- the categories of personal data;
- the recipients or categories of recipients;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of the personal data concerned or to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data;
- the existence of automated decision-making, including profiling.
10.2. Right to rectification
You have the right to request the controller to correct inaccurate personal data and to complete incomplete personal data.
10.3. Right to deletion
You have the right to request the controller to delete personal data without undue delay if one of the following reasons applies:
- The personal data is no longer necessary for the purposes for which it was collected.
- You withdraw your consent on which the processing was based according to and there is no other legal basis for the processing.
- You object to the processing (Art 21(1) DSGVO) and there are no legitimate grounds for the processing or you object to the processing pursuant to Art 21(2) DSGVO.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for the fulfillment of a legal obligation.
- The personal data have been collected in relation to information society services offered in accordance with Article 8(1).
The right to erasure does not exist insofar as the processing is necessary to
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation,
- to perform a task that is in the public interest;
- For reasons of public interest in the field of public health;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes
- for the assertion, exercise or defense of legal claims.
10.4. Right to restriction of processing
You have the right to request the restriction of processing if one of the following conditions is met:
- the accuracy of the personal data is contested for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer requires the personal data, but you need it for the assertion, exercise or defense of legal claims;
- you have objected to the processing pursuant to Article 21(1), as long as it has not yet been determined whether the legitimate grounds of the controller prevail.
If processing has been restricted, such personal data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
10.5. Right to data portability
You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent or on a contract and the processing is carried out with the help of automated procedures.
When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
10.6. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data carried out on the basis of Art 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or the processing serves the purpose of asserting, exercising or defending legal claims.
If personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
10.7. Right to withdraw consent
You have the right to revoke consent based on Art 6(1)(a) or Art 9(2)(a) at any time without affecting the lawfulness of the processing until revocation.
10.8. Right of appeal
You have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, T.: 00431521522569, E.: firstname.lastname@example.org, if you believe that the processing violates applicable data protection law.
Version: December 2021