Privacy policy
1. Introduction and Contact Information of the Data Controller
1.1 In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.
1.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
1.3 Data controller for data processing: Jessica Redl, Putzendoplergasse 2/3/8, 1230 Vienna, Austria. Email: info@jessicageigerart.at Tel. +436504802703
2. Data Collection when visiting our website
When using our website for informational purposes only, i.e., if you do not register as a customer or otherwise provide us with information, we collect only the data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Used browser
Operating system used
IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.
3. Hosting & Content Delivery Network
Shopify
For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties in accordance with Art. 45 GDPR.
According to Article 46(2)(c) GDPR, when transferring data to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission. For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission to ensure compliance with the European level of data protection.
4. Cookies
You can find our statement on cookies also in our Cookie Policy.
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings of your web browser. If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of a contract, according to Art. 6(1)(a) GDPR in case of consent, or according to Art. 6(1)(f) GDPR to pursue our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. You can configure your browser to inform you about the setting of cookies and decide on their acceptance individually or exclude the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.
5. Contact
5.1 In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your request according to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the relevant matter has been finally clarified and provided that there are no legal storage obligations.
6. Data Processing when opening a customer account
According to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. You can find which data is required for the account opening in the input mask of the respective form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the data controller. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded with you have been fully processed. Therefore, we reserve the right to store data according to § 132(1) BAO for up to 7 years and in the case of administrative procedures for up to 30 years.
7. Use of customer data for direct marketing
7.1 Registration for our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure, which ensures that you only receive the newsletter if you have explicitly confirmed your consent to receive it by clicking on a verification link sent to the email address provided. By activating the confirmation link, you give us your consent to use your personal data according to Art. 6(1)(a) GDPR. We store your IP address and the date and time of registration entered by your Internet service provider (ISP) to prevent any misuse of your email address at a later time. The data collected during the newsletter registration is used exclusively for sending the newsletter and is not passed on to third parties. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the data controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond what is legally permitted and about which we inform you in this statement.
8. Data processing for order processing
8.1 To the extent necessary for the processing of contracts for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company:
Austrian Post AG
Rochusplatz 1
1030 Vienna
Austria
and
the commissioned credit institution.
UniCredit Bank Austria AG
Rothschildplatz 1
1020 Vienna
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data (name, address, email address) provided by you during the order to inform you personally by suitable means of communication (e.g., postal or email) about upcoming updates within the legally stipulated period according to Art. 6(1)(c) GDPR. Your contact data will be strictly used for notifications about updates owed by us and processed by us only to the extent necessary for the respective information. To process your order, we also cooperate with the following service provider(s), who support us in the execution of concluded contracts, either in full or in part. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
To process the payment in our online shop, we rely on the support of external payment service providers. The processing of your payment information is carried out directly by these service providers, and we do not store or process sensitive payment details such as credit card numbers on our servers. Presently, we use the payment service providers Shopify Payments (a bundling of VISA [based in the USA], MasterCard [based in the USA], AMEX [based in the USA], Maestro [based in the USA], Union Pay [based in China], EPS [based in France], Bancontact [Belgium], iDeal [based in the Netherlands], Klarna [based in Sweden], Shoppay [based in the USA], Apple Pay [based in the USA], and Google Pay [based in the USA]) and PayPal [based in the USA] (as of 28.12.2023). Please note that the use of these service providers depends on the respective privacy policies of the service providers. We recommend reading the privacy policies of the payment service providers to learn about their data collection and use. The processing of payment information is carried out in accordance with industry security standards to ensure the integrity and security of your data. We do not have access to your sensitive payment information, as it is processed directly by the payment service providers. Please note that your transaction data may be stored by the payment service providers for the purposes of transaction processing and to comply with legal regulations.
9. Rights of the Data Subject
9.1 The applicable data protection law grants you, as the data subject, the following rights regarding the processing of your personal data (rights of data subjects), with reference to the legal basis for each exercise requirement:
Right to information according to Art. 15 GDPR
Right to rectification according to Art. 16 GDPR
Right to erasure according to Art. 17 GDPR
Right to restriction of processing according to Art. 18 GDPR
Right to information according to Art. 19 GDPR
Right to data portability according to Art. 20 GDPR
Right to object according to Art. 21 GDPR
Right to withdraw consent granted according to Art. 7(3) GDPR
Right to lodge a complaint according to Art. 77 GDPR
9.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
RIGHT TO COMPLAIN:
IF, NOTWITHSTANDING OUR ADVICE, YOU BELIEVE THAT THE PROCESSING OF YOUR DATA VIOLATES DATA PROTECTION LAW, WE INFORM YOU THAT YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY. IN AUSTRIA, THIS IS:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
10. Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and - if applicable - additionally on the respective legal retention period (e.g., commercial and tax retention periods) according to § 132(1) BAO for up to 7 years and in the case of administrative procedures for up to 30 years. When processing personal data based on an explicit consent according to Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent. If there are legal retention periods for data processed within the framework of contractual or contract-like obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer necessary for the fulfillment of the contract or contract initiation, and there is no longer a legitimate interest on our part in continuing the storage. When processing personal data based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object according to Art. 21(1) GDPR unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object according to Art. 21(2) GDPR. Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
1.1 In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.
1.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.
1.3 Data controller for data processing: Jessica Redl, Putzendoplergasse 2/3/8, 1230 Vienna, Austria. Email: info@jessicageigerart.at Tel. +436504802703
2. Data Collection when visiting our website
When using our website for informational purposes only, i.e., if you do not register as a customer or otherwise provide us with information, we collect only the data that your browser sends to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website:
Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Used browser
Operating system used
IP address used (if applicable, in anonymized form)
The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or other use of the data. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.
3. Hosting & Content Delivery Network
Shopify
For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties in accordance with Art. 45 GDPR.
According to Article 46(2)(c) GDPR, when transferring data to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission. For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission to ensure compliance with the European level of data protection.
4. Cookies
You can find our statement on cookies also in our Cookie Policy.
To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period and allow the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings of your web browser. If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the performance of a contract, according to Art. 6(1)(a) GDPR in case of consent, or according to Art. 6(1)(f) GDPR to pursue our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit. You can configure your browser to inform you about the setting of cookies and decide on their acceptance individually or exclude the acceptance of cookies for specific cases or in general. Please note that if you do not accept cookies, the functionality of our website may be limited.
5. Contact
5.1 In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to your request according to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the relevant matter has been finally clarified and provided that there are no legal storage obligations.
6. Data Processing when opening a customer account
According to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. You can find which data is required for the account opening in the input mask of the respective form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the data controller. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded with you have been fully processed. Therefore, we reserve the right to store data according to § 132(1) BAO for up to 7 years and in the case of administrative procedures for up to 30 years.
7. Use of customer data for direct marketing
7.1 Registration for our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For sending the newsletter, we use the double opt-in procedure, which ensures that you only receive the newsletter if you have explicitly confirmed your consent to receive it by clicking on a verification link sent to the email address provided. By activating the confirmation link, you give us your consent to use your personal data according to Art. 6(1)(a) GDPR. We store your IP address and the date and time of registration entered by your Internet service provider (ISP) to prevent any misuse of your email address at a later time. The data collected during the newsletter registration is used exclusively for sending the newsletter and is not passed on to third parties. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the data controller mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond what is legally permitted and about which we inform you in this statement.
8. Data processing for order processing
8.1 To the extent necessary for the processing of contracts for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company:
Austrian Post AG
Rochusplatz 1
1030 Vienna
Austria
and
the commissioned credit institution.
UniCredit Bank Austria AG
Rothschildplatz 1
1020 Vienna
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data (name, address, email address) provided by you during the order to inform you personally by suitable means of communication (e.g., postal or email) about upcoming updates within the legally stipulated period according to Art. 6(1)(c) GDPR. Your contact data will be strictly used for notifications about updates owed by us and processed by us only to the extent necessary for the respective information. To process your order, we also cooperate with the following service provider(s), who support us in the execution of concluded contracts, either in full or in part. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
To process the payment in our online shop, we rely on the support of external payment service providers. The processing of your payment information is carried out directly by these service providers, and we do not store or process sensitive payment details such as credit card numbers on our servers. Presently, we use the payment service providers Shopify Payments (a bundling of VISA [based in the USA], MasterCard [based in the USA], AMEX [based in the USA], Maestro [based in the USA], Union Pay [based in China], EPS [based in France], Bancontact [Belgium], iDeal [based in the Netherlands], Klarna [based in Sweden], Shoppay [based in the USA], Apple Pay [based in the USA], and Google Pay [based in the USA]) and PayPal [based in the USA] (as of 28.12.2023). Please note that the use of these service providers depends on the respective privacy policies of the service providers. We recommend reading the privacy policies of the payment service providers to learn about their data collection and use. The processing of payment information is carried out in accordance with industry security standards to ensure the integrity and security of your data. We do not have access to your sensitive payment information, as it is processed directly by the payment service providers. Please note that your transaction data may be stored by the payment service providers for the purposes of transaction processing and to comply with legal regulations.
9. Rights of the Data Subject
9.1 The applicable data protection law grants you, as the data subject, the following rights regarding the processing of your personal data (rights of data subjects), with reference to the legal basis for each exercise requirement:
Right to information according to Art. 15 GDPR
Right to rectification according to Art. 16 GDPR
Right to erasure according to Art. 17 GDPR
Right to restriction of processing according to Art. 18 GDPR
Right to information according to Art. 19 GDPR
Right to data portability according to Art. 20 GDPR
Right to object according to Art. 21 GDPR
Right to withdraw consent granted according to Art. 7(3) GDPR
Right to lodge a complaint according to Art. 77 GDPR
9.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
RIGHT TO COMPLAIN:
IF, NOTWITHSTANDING OUR ADVICE, YOU BELIEVE THAT THE PROCESSING OF YOUR DATA VIOLATES DATA PROTECTION LAW, WE INFORM YOU THAT YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY. IN AUSTRIA, THIS IS:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
10. Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and - if applicable - additionally on the respective legal retention period (e.g., commercial and tax retention periods) according to § 132(1) BAO for up to 7 years and in the case of administrative procedures for up to 30 years. When processing personal data based on an explicit consent according to Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent. If there are legal retention periods for data processed within the framework of contractual or contract-like obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer necessary for the fulfillment of the contract or contract initiation, and there is no longer a legitimate interest on our part in continuing the storage. When processing personal data based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object according to Art. 21(1) GDPR unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object according to Art. 21(2) GDPR. Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.