Privacy Policy
Privacy Policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Vintage Sissi e.U.
Owner: Filiz Kizil, Stephansplatz 8/20, 1010 Vienna, Austria, Tel.: +436645077562, Email: office@vintagesissi.com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/referrer from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
Shopify
For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.
If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
5) Contacting us
5.1 WhatsApp Business
You have the option to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.
If you contact us via WhatsApp regarding a specific transaction (e.g., an order placed), we will store and use your mobile phone number used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b GDPR for processing and answering your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) in order to assign your inquiry to a specific process.
If you use our WhatsApp contact for general inquiries (e.g., about the range of services, availability, or our website), we will store and use your mobile phone number used on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the efficient and timely provision of the requested information.
Your data will always only be used to answer your inquiry via WhatsApp. No disclosure to third parties will take place.
Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR by accepting the WhatsApp terms of use when first using the app on their device. A transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For the purpose and scope of data collection and the further processing and use of the data by WhatsApp, as well as your related rights and setting options for protecting your privacy, please refer to WhatsApp's privacy policy: https://www.whatsapp.com
We have concluded an order processing agreement with the provider, which protects our site visitors' data and prohibits disclosure to third parties.
Within the scope of the processing mentioned above, data transfers to servers of Meta Platforms Inc. in the USA may occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.
5.2 When you contact us (e.g. via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that no statutory retention obligations conflict with this.
6) Use of customer data for direct marketing
6.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter if you have expressly confirmed your consent to receive newsletters by clicking on a verification link sent to the email address you provided.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In this context, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for the newsletter will be used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
6.2 Sending of email newsletters to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email, such as those already purchased. For this purpose, according to § 174 (4) TKG (Austria), we do not need to obtain separate consent from you. Data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails.
You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
7) Data processing for order fulfillment
7.1 Insofar as it is necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided during the order to inform you personally within the framework of our legal information obligations in accordance with Art. 6 para. 1 lit. c GDPR. Your contact data will be used strictly for the intended purpose for notifications about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s) who assist us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
7.2 Disclosure of personal data to shipping service providers
- Österreichische Post
As a transport service provider, we use the following provider: Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria
We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 Para. 1 lit. a GDPR before the goods are delivered, for the purpose of coordinating a delivery date or announcing the delivery, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, in accordance with Art. 6 Para. 1 lit. b GDPR, we will only pass on the recipient's name and delivery address to the provider. The data will only be passed on insofar as this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider or announce the delivery in advance.
Consent can be revoked at any time with effect for the future from the controller named above or from the provider.
- UPS
As a transport service provider, we use the following provider: United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany
We will pass on your email address and/or telephone number to the provider in accordance with Art. 6 Para. 1 lit. a GDPR before the goods are delivered, for the purpose of coordinating a delivery date or announcing the delivery, provided that you have given your express consent for this in the ordering process. Otherwise, for the purpose of delivery, in accordance with Art. 6 Para. 1 lit. b DSGVO, we will only pass on the recipient's name and delivery address to the provider. The data will only be passed on insofar as this is necessary for the delivery of the goods. In this case, it is not possible to coordinate the delivery date with the provider or announce the delivery in advance.
Consent can be revoked at any time with effect for the future from the controller named above or from the provider.
7.3 Use of payment service providers (payment services)
- Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the "Apple Pay" function of your device running iOS, watchOS or macOS by charging a payment card stored in "Apple Pay". Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you will need to enter a previously set code and verify it using the "Face ID" or "Touch ID" function of your device.
For the purpose of payment processing, your information provided during the order process, together with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment execution. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
If personal data is processed during the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that could identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".
Further information on data protection at Apple Pay can be found at the following internet address: https://support.apple.com
- EPS transfer
One or more online payment methods from the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria
If you select a payment method from the provider that requires advance payment (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transmitted to this provider in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data in this case is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
- Google Pay
If you choose the "Google Pay" payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function, by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To approve a payment via Google Pay exceeding €25, you must first unlock your mobile device using the configured verification measure (such as facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, your information provided during the order process, along with information about your order, will be shared with Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, with which a successful payment is verified. This transaction number contains no information about the real payment data of your payment methods stored in Google Pay; instead, it is created and transmitted as a uniquely valid numerical token. For all transactions via Google Pay, Google acts merely as an intermediary for processing the payment. The transaction is carried out exclusively in the relationship between the user and the originating website by charging the payment method stored in Google Pay.
If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 Para. 1 lit. f GDPR based on the legitimate interest in proper accounting, verification of transaction data, and the optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com
Further information on data protection at Google Pay can be found at the following internet address:
https://payments.google.com
- PayPal
This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method from the provider that requires advance payment, your payment data communicated during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transmitted to this provider in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will be transmitted exclusively for the purpose of payment processing with the provider and only insofar as it is necessary for this purpose.
If you choose a payment method where we make an advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data on an alternative payment method) during the order process.
To safeguard our legitimate interest in determining your creditworthiness in such cases, we transmit this data to the provider for a credit check in accordance with Art. 6 Para. 1 lit. f GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not exclusively based on, address data.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
8) Web Analytics Services
Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows an analysis of your use of our website.
By default, when you visit the website, Google Analytics 4 sets cookies, which are stored as small text modules on your device and collect certain information. This information also includes your IP address, which, however, is truncated by Google by the last digits to exclude direct personal identifiability.
The information is transmitted to Google servers and processed there. This may also involve transfers to Google LLC, located in the USA.
Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activities for us, and provide other services related to website and internet use. The truncated IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. The data collected within the scope of using Google Analytics 4 is stored for a period of two months and then deleted.
All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your given consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with Google, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
Further legal information about Google Analytics 4 can be found at https://business.safety.google
Demographic characteristics
Google Analytics 4 uses the special function "demographic characteristics" and can create statistics that provide statements about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third parties. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to any specific person and will be deleted after being stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google can, subject to your consent to the use of Google Analytics in accordance with Art. 6 Para. 1 lit. a GDPR, analyze your user behavior across devices and create database models, including for cross-device conversions. We do not receive personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the "Personalized advertising" function in your Google account settings. To do this, follow the instructions on this page: https://support.google.com
More information about Google Signals can be found at the following link: https://support.google.com
User IDs
As an extension to Google Analytics 4, the "User IDs" function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 Para. 1 lit. a GDPR, have set up an account on this website, and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
9) Retargeting/Remarketing and Conversion Tracking
9.1 Meta Pixel
Within our online offering, we use the "Meta Pixel" service from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta")
If a user clicks on an advertisement placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel". This URL parameter is then entered into the user's browser after redirection by a cookie that our linked page itself sets.
This allows Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of advertisements (so-called "Ads"). Accordingly, we use the service to show our Facebook and/or Instagram Ads only to those users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in specific topics or products, determined by the visited websites) that we transmit to Meta (so-called "Custom Audiences").
On the other hand, the "Meta Pixel" can be used to track whether users were redirected to our website after clicking on an advertisement and what actions they perform there (so-called "Conversion Tracking").
The data collected is anonymous for us, meaning it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.
The information generated by Meta is usually transferred to a Meta server and stored there; in this context, a transfer to Meta Platforms Inc. servers in the USA may also occur.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
9.2 Google Ads Conversion Tracking without Cookies
This website uses the online advertising program "Google Ads" and, within Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising materials (so-called Google Adwords). With regard to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of the advertising costs incurred.
This website uses Google Ads Conversion Tracking exclusively without the use of cookies, which means that the service never sets cookies on your device.
Instead, your browser's local storage is used to store an individual ID assigned by Google, which enables an analysis of your use of the website. For this purpose, certain user information is processed via the ID.
The ID is set when a user clicks on an Ads advertisement placed by Google. If the user visits certain pages of this website, Google and we can recognize that the user clicked on the advertisement and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across Google Ads customer websites. The information thus obtained is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their advertisement and were redirected to a page tagged with a conversion tracking tag.
However, you do not receive any information that personally identifies users. When using Google Ads, personal data may also be transferred to Google LLC's servers in the USA. Details on the processing initiated by Google Ads Conversion Tracking and on Google's handling of data from websites can be found here: https://policies.google.com
If the collected information has a personal reference, the processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical evaluation of the success of our advertising campaigns.
Google's privacy policy can be viewed here: https://business.safety.google
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10) Page Functionalities
10.1 Google Web Fonts
This page uses so-called web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.
Data can also be transmitted to: Google LLC, USA
The processing of personal data in the course of establishing a connection with the font provider will only take place if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
Further information on Google's privacy policy can be found here: https://business.safety.google
10.2 - Google reCAPTCHA
On this website, we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data can also be transmitted to: Google LLC, USA.
For the visual design of the Captcha window, the provider uses "Google Fonts", i.e. fonts loaded from the internet by Google. No further information is processed beyond that already transferred to Google via the reCAPTCHA functionality.
The service checks whether an entry is made by a natural person or by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the end device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this data to the provider's servers for evaluation. Cookies, i.e. small text files stored in the browser of the end device, may be used here.
If the processing described above is carried out on the basis of cookies, these will only be set if you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in determining individual accountability on the internet and preventing misuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
11) Rights of the Data Subject
11.1 Applicable data protection law grants you, as the data subject, the following rights (rights to information and intervention) with regard to the processing of your personal data by the controller, whereby reference is made to the stated legal basis for the respective exercise conditions:
- Right of access in accordance with Art. 15 GDPR;
- Right to rectification in accordance with Art. 16 GDPR;
- Right to erasure in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to notification in accordance with Art. 19 GDPR;
- Right to data portability in accordance with Art. 20 GDPR;
- Right to withdraw given consents in accordance with Art. 7 Para. 3 GDPR;
- Right to lodge a complaint in accordance with Art. 77 GDPR.
11.2 RIGHT TO OBJECT
IF, WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of the contract and/or we no longer have a legitimate interest in continued storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.