Data protection statement pursuant to the GDPR

Data protection statement pursuant to the GDPR

Data protection statement pursuant to the GDPR

We process your personal information exclusively within the framework of the provisions of the general data protection regulation (GDPR) as well as the data protection act of 2018.

Note: For easier readability, usually the term “data” is used even if it relates to personal information. Legal provisions without indication are only based on those of the GDPR, if not otherwise stipulated.

Below we would like to inform you about the type, scope and purpose of data collection and its use pursuant to the provisions of the GDPR.

I. Name and address of responsible party

The party responsible for data processing is:


HANDL TYROL GmbH 
Bundesstrasse 33
6551 Pians
Austria
Tel.: +43 (0) 5442 / 6900 - 0
E-mail: office@handltyrol.at
Sito web: www.handltyrol.at

II. General information on data processing

1. Scope of Processing

We collect and use the personal information of our users fundamentally only to the extent necessary for the provision of a functional website and our content and services. The collection and use of the personal information of our users is done regularly only with the consent of the user. There is an exception in such cases in which prior acquisition of consent is not possible for actual reasons and the processing of the data is permitted under the law.

2. Legal reasons for the processing of personal information

To the extent we acquire consent from you for processing procedures, article 6 (1) (a) serves as the legal basis.

In the processing of data that are required for the fulfilment of a contract with you, article 6 (1) (b) is used as the legal basis. This also applies to processing procedures that are required for pre-contractual measures.

If processing of data is required for the fulfilment of a legal requirement to which we are subject, article 6 (1) (c) is the legal basis.

If the processing is required to protect a vested interest of our company or of a third party and does not outweigh your interests and basic rights of the first listed interest, article 6 (1) (f) is the legal basis.

3. Data deletion and duration of storage

Your data will be deleted or locked as soon as the reason for storage no longer applies. Saving may also occur if required by European or national ordinances, laws or other provisions to which we are subject. Locking or deletion of the data is also done when a prescribed storage period lapses, as set forth by the standards listed, unless there is a requirement for further storage of the data for concluding a contract or fulfilment of a contract.

III. Provision of the website and creation of logfiles

1. Description and scope of data processing

For every visit to our website, our system collects automated data and information from the computer system of the visiting computer.

The following data are collected:

  • Information on browser type and the version used
  • The user operating system
  • The IP address of the user
  • Date and time of access
  • Websites from which the system of the user accesses our internet site
  • Websites that are queried from the system of the user via our website
  • Name of site queried by the system of the user

2. Legal foundation for data processing

The legal foundation for temporary storage of data and logfiles is article 6 (1) (f).

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. For this, the IP address of the user is stored until the deletion of the logfile.

The saving in logfiles is done to ensure the functionality of the website. The data also serve for the optimization of the website and to ensure the security of our informational-technical system. An analysis of the data for marketing purposes does not occur within this context.

Our vested interest in data processing pursuant to article 6 (1) (f) also lies in these purposes.

4. Duration of Storage

The data will be deleted as soon as they are no longer required to achieve the purpose of its collection. In the case of the collection of data for provision of the website, this is the case when the relevant session is ended.

In the case data are stored in logfiles, this is the case after at the latest 4 weeks. Storage beyond that period is possible. In this case, the IP addresses of the user are deleted or encrypted so that assignment to the visiting client is no longer possible.

5. Right of objection and removal

The collection of the data to provide the website and the storage of data in logfiles is urgently required for the operation of the internet site. As a result, there is no right to objection on the part of the user.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. If a user visits a website, a cookie can be stored on the operating system of the user. This cookie contains a characteristic series of characters that enable clear identification of the browser when the website is visited again.

We use cookies on our website, that enable the analysis of the surf behaviour of the user. The following data can be transferred:

  • Search terms entered
  • Frequency of page visits
  • Taking advantage of website functions

The data of the user collected in this way are stored under a pseudonym. Therefore no assignment of the data to the visiting user is possible. The data are not saved together with other personal information of the user. When visiting our website, the user is informed of the use of cookies for analysis purposes by an infobanner and referred to this data protection statement. Within this context there is also a reference to how the storage of cookies in the browser settings can be stopped. The following cookies are used within the context of Google Universal Analytics:

  • _gat (runtime 24 hours)
  • _gid (runtime 24 hours)
  • _ga (runtime 2 years)

The following cookies are used within the context of Google Analytics:

  • utma (runtime 2 years)
  • utmb (runtime 30 minutes)
  • utmc (Session runtime)
  • utmt (runtime 3 minutes)
  • utmz (runtime 6 months)
  • utmv (runtime a few seconds)

The following cookies are used within the context of Facebook:

  • _fr (runtime 3 months)

The following cookies are used within the context of Shopify:

  • _s (runtime 30 minutes)
  • _shopify_fs (runtime 2 years)
  • _shopify_s (runtime 30 minutes)
  • _shopify_sa_p (runtime 30 minutes)
  • _shopify_sa_t (runtime 30 minutes)
  • _shopify_y (runtime 2 years)
  • _y (runtime 2 years)
  • cart_sig (runtime 14 days)
  • secure_customer_sig (runtime 20 years)
  • smart-payment-buttons-experiment-mpo-clarity (runtime 1 day)
  • _atuvs (runtime 30 minutes)
  • _atuvc (runtime 1 year)

2. Legal foundation for data processing

The legal foundation for the processing of your data using the technically necessary cookies is article 6 (1) (f). For cookies for analysis purposes, the legal basis for the presence of your relevant consent is article 6 (1) (a).

3. Purpose of data processing

The purpose of the use of technically necessary cookies is to make the use of websites simpler for the user. Some functions of our internet site cannot be offered without the use of cookies. For this it is necessary that the browser can be recognized again after a site change.

We need cookies for the following applications: • Detection of language settings • Recognition of search terms

The user data collected by the technically necessary cookies are not only used to create user profiles.

The use of the (technically not necessary) analysis cookies is done to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can constantly optimize our offering.

Our vested interest in data processing pursuant to article 6 (1) (f) also lies in these purposes.

4. Duration of storage, right of objection and removal

Cookies are saved on the user computer and transferred from it to our site. Therefore, you as the user also have full control over the use of cookies. Through a change of settings in your internet browser, you can deactivate or limit the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be automated. There are multiple options for managing cookies. The help button in the toolbars of most browsers shows you how you can stop accepting cookies, how you are notified when a new cookie is deposited and how you can block cookies. If you block cookies, it may be that you may not be able to register, log in or use the full scope of services.

V. Newsletter

1. Description and scope of data processing

On our internet site, there is an option to subscribe to a free newsletter. During registration for the newsletter, the date of the entry mask is transferred to us. Concretely, we need your e-mail address, your first and last names including form of address and your information on whether this is a private or company address.

The following information is also collected upon registration:

  • IP address of the origination computer
  • Date and time of registration

For processing of the data, your consent will be requested within the framework of the registration procedure and you will be referred to this data protection statement.

Within the context of the data processing for the sending of our newsletter, there is a transmission of the data to third parties by sending our newsletter via the services of MailChimp of the Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. These contain a web beacon, also called a tracking pixel. Thus we can see whether the e-mails were opened or wether the links in the e-mails were clicked on. We use this information to improve our e-mail service and assess which information is most read or clicked on. These data are linked with the actions you take on our website. The information collected in this way is saved by the newsletter provider MailChimp on their server in the USA. MailChimp is authorized to provide your user information to third parties in certain cases. You can always object to tracking by clicking on the separate link provided in every e-mail or by sending us a message to the e-mail address speckmeister@handltyrol.at.

MailChimp is a Privacy Shield certified company. These data transfers are permissible based on the acceptability directive of the European Commission (EU) 2016/1250.

The purpose and scope of data collection and additional processing and use of the data by MailChimp and your rights and setting options to protect your private sphere are found in the data protection information: mailchimp.com/legal/privacy and the terms and conditions for use of MailChimp mailchimp.com/legal/terms.

The web beacon is automatically deleted when you delete the e-mail. Our normal text e-mails contain no web beacons. Except for the use of the newsletter tool MailChimp, your data will only be used for sending the newsletter and will not be provided to third parties.

2. Legal foundation for data processing

The legal foundation for the processing of your data after subscribing to the newsletter is article 6 (1) (a) if there is user consent.

3. Purpose of data processing

The collection of your e-mail address serves for the sending of the newsletter.

4. Duration of Storage

The data will be deleted as soon as they are no longer required to achieve the purpose of its collection. The e-mail address of the user will only be saved as long as the subscription to the newsletter is active.

The other data collected within the framework of the registration procedure are usually deleted after seven days.

5. Right of objection and removal

The subscription to the newsletter can be cancelled at any time by the relevant user. There is a link in every newsletter for this purpose.

The web beacon is automatically deleted when you delete the e-mail. Our normal text e-mails contain no web beacons.

Through this, a revocation of consent of the storage of your personal data that is collected during the registration process is possible.

VI. Web analysis services

1. Scope of Processing

We use various tools on our website for the analysis of the surfing behaviour of our users. The software puts a cookie on the computer of the user (for cookies, see above). When individual pages of our website are queried, the following data are saved:

(1) Two bytes of the IP address of the querying system of the user.
(2) The website visited
(3) The website to which the user goes on the queried website (referrer)
(4) The sub-sites that are queried from the website visited
(5) The duration of the stay on the website (6) The frequency of queries of the website

Google Universal Analytics

We use various web analysis services, including Google Analytics from Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. This analysis services utilizes so-called "Cookies", text files which are saved on your computer and which enable an analysis of your use of the website. The information created by cookies about your use of the website (including your IP address) is transferred to a web analysis service (at Google in the USA) and stored there. This analysis service will use this information to analyse your use of this website to create reports on website activity for the website operator and to provide services associated with website use and internet use. The IP address collected from your browser within the framework of Google Analytics will not be consolidated with other Google data.

You can prevent the storage of cookies by using the appropriate browser setting. We do note, however, that in that case, you will not have access to all of the functions of this website. You can also prevent the information created by the cookie about your use of the website being sent to Google (including your IP address), and prevent Google processing this data. To do this, download and install the browser plugin available using the following link (tools.google.com/dlpage/gaoptout?hl=de).

You can find more information on conditions for use and data protection at www.google.com/analytics/terms/de.html or at www.google.de/intl/de/policies/.

We not that on this website, Google Analytics is supplemented by the code “anonymizeIp”, to anonymize IP addresses (so-called IP masking).

Facebook Custom Audience

We use the Facebook "Custom Audience" technology, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The data collected by the integration of cookies, web beacons or similar technologies from third parties allow us to more effectively measure our advertising activities on Facebook and to show contributions or advertisements only to the users of our internet presence. To collect this data, we use exclusively cookies, web beacons and similar tried and true and widely used technologies from third parties. We do not provide lists containing personal information to Facebook and do not upload this to Facebook. The data collected will only be transferred to Facebook in an encrypted manner. Personal information of individual users cannot be viewed by us.

You can find additional information on the data protection statement of Facebook at www.facebook.com/about/privacy. If you do not desire any data collection via “Custom Audience", you can deactivate “Custom Audience” here.

The use of this web analysis service is used to constantly improve our functions and services. Non-personal data are used for analysis and reporting purposes. These data will not be linked to other personal information.

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
 

2. Legal reasons for the processing of personal information

The legal foundation for the processing of user data is article 6 (1) (f).

3. Purpose of data processing

The processing of the personal information of the user enables us to perform an analysis of the surfing behaviour of our users. Through the analysis of the data collected, we can compile information of the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Our vested interest in these objectives is also the processing of data pursuant to article 6 (1) (f). Through the anonymisation of the IP address, the interests of the user are taken into consideration in the protection of personal information.

4. Duration of Storage

The data are deleted as soon as they are no longer needed for our recording purposes.

5. Right of objection and removal

Cookies are saved on the user computer and transferred from it to our site. Therefore, you as the user also have full control over the use of cookies. Through a change of settings in your internet browser, you can deactivate or limit the transmission of cookies. Previously saved cookies can be deleted at any time. This can also be automated. If cookies are deactivated for our website, you may not be able to use all of the functions of our website.

We offer our users the option on our website to opt out of the analysis procedure. For this you must follow the relevant link. In this way, and additional cookie is put on your system, which signals our system not to save the user data. If the user deletes the relevant cookie in the interim from their own system, the opt out cookie must be replaced.

For additional information on the privacy settings of the web analysis tools, please see the information listed above.

VII. Webshop

1. Description and scope of data processing

On our internet site, there is the option to change to our online shop shop.handltyrol.at. We collect, save and process your information for the entire handling of your purchase, including any later guarantees for the technical administration, statistical analyses, own marketing purposes and to prevent crimes and fraud or to detect security threats. In addition, we use your data for undertaking the following actions:

  • to provide and improve our service and support;
  • to contact you at your request;
  • for data analyses;
  • for internal testing;
  • for the development of new products;
  • for the determination of trends in use;
  • to detect and prevent security threats, fraud and other malicious activities;
  • to maintain our legal obligations and implement our agreements;
  • to create invoices and statistics on the access behaviour (such as number of accesses on one source, number of accesses of the customer overall and per source, changes in frequency of access).

The collection of your information is done directly from your entries and automatically through the technologies of the online applications.

Within the context of the data processing for the online shop, we do provide data to third parties, which fulfil our orders via the provider Shopify Inc., 150 Elgin Street, Suite 800, Ottawa, N K2P 1L4, Canada. Shopify places cookies. The information collected in this way is saved by the shop provider Shopify on their server in the USA. Shopify is authorized to provide your user information to third parties in certain cases. You can always object to tracking by clicking on the separate link provided in every e-mail or by sending us a message to the e-mail address [speckmeister@handltyrol.at].

Shopify is a Privacy Shield Canadian company. These data transfers to Canada are permissible based on the acceptability directive of the European Commission (2002/ 2/EC).

2. Legal foundation for data processing

The legal foundation for the processing of user data during purchases in our online shop is article 6 (1) (b).

3. Purpose of data processing

The data are used exclusively for processing orders and communication within the context of the order and the customer account. The purpose and scope of data collection and additional processing and use of the data by Shopify and your rights and setting options to protect your private sphere are found in the data protection information: shopify.com/legal/dpa and the conditions for use of Shopify shopify.com/legal/terms.

4. Duration of Storage

The data will be saved by us and/or Shopify and Braintree until the contract is fulfilled and further, if commercial and tax provisions require further storage.

5. Right of objection and removal

The processing of data can be cancelled at any time by the relevant user.

VIII. Rights of the users (rights of the affected party)

If personal information from you is processed, you are the affected party in terms of the GDPR and you have the following rights opposite us as the responsible party:

1. Right to Information

You can ask us for a confirmation of whether your personal information has been processed by us.

If processing has occurred, you can request a notification from us on the following information:

The purpose and categories of personal information that is processed, including the recipients and recipient categories to whom your information is provided or will still be provided as well as the planned duration of storage of your data. If we use profiling technologies, we must provide you with significant information about the logic involved as well as the scope and desired effects of this type of processing for you. In addition we must inform you of your right to complain to the data protection authorities. In addition, you have the right to request information about whether your information has been transferred to a third party country or to an international organization.

2. Right to Notification

You have the right to notification and/or information if your data were processed improperly or are incomplete. If applicable, we will inform you immediately.

3. Right to limitation of processing

Under the following conditions, you can request the processing of your data to be limited:

(1) if you are contesting the correctness of your information for a duration that enables us to check the correctness of your data;
(2) the processing was improper and you decline the deletion of your data and instead wish to limit the use of your data;
(3) we no longer need your data for processing purposes, but you require them for enforcement, execution or defence of legal claims, or
(4) if you have submitted an objection to the processing and it is not yet clear whether our vested reasons supersede your reasons.

If the processing of your information is limited, these data - except from your saving - will only be processed with your consent or for the enforcement, execution or defence of legal claims or to protect the rights of other natural or legal persons.

If the limitation of processing is limited according to the aforementioned conditions, you will be notified by us before the limitation is imposed.

4. Right to Deletion

We are obligated to immediately delete your data if one of the following reasons apply:

(1) Your data are no longer needed for the purposes for which it was collected;
(2) You revoke your consent and there is no other legal reason for processing.
(3) You submit an objection pursuant to article 21 (1) against processing and there are no other paramount reasons on our part for processing or you submit an objection to processing pursuant to article 21 (2).
(4) Your data were improperly processed.

The right to deletion does not apply if processing is required

(1) for fulfilment of a legal obligation that requires processing (such as authorities and agencies), or to complete a task in the public interest that was transferred to us;
(2) to enforce, execute or defend legal claims.

5. Right to Information

If you have exercised the right to notification, deletion or limitation of processing, we are obligated to notify all recipients who have received your information of this notification or deletion of data or limitation of processing, unless this is impossible or associated with an unreasonable expense.

You have the right to be informed via these recipients.

6. Right to Objection

You have the right to submit an objection to the processing of your data for reasons resulting from your special situation pursuant to article 6 (1) (e) or (f); this also applies to profiling supported by these provisions.

In this case we will no longer process your information unless we have urgent reasons for processing that supersede your rights and freedoms or if the processing serves for the enforcement, execution or defence of legal claims.

If your data are processed for direct advertising purposes, you have the right to submit an objection at any time against the processing of your data for the purpose of such advertisement; this also applies to profiling if in connection with such direct marketing.

If you object to the processing for purposes of direct marketing, your data will no longer be processed for this purpose.

7. Right to revoke your declaration of consent under data protection laws

You have the right to revoke your declaration of consent under data protection laws. By revoking your consent, the legality of processing until the time of revocation is not affected.

8. Right to submit a complaint to the oversight authorities

Notwithstanding any other administrative or legal redress, you have the right to lodge a complaint pursuant to article 24FF of the DPA 2018 to the data protection authorities if you think that the processing of your data violates the GPDR.

The data protection authorities will instruct the complaint-lodger about the status and the results of the complaint including the option for legal redress.

Pains, in May 2018.