1. General Information
The protection of your personal data is of particular concern to us. We process your personal data exclusively based on the legal provisions (DSGVO, DSG, TKG 2003). For the provision of our website, for the processing of the sale of our goods and provision of our services, we process information about you, so-called personal data - or in the following "data" for short. The term "processing" is understood to mean any handling of data, such as the collection, storage, use, deletion of personal data. In this data protection information, we inform you about the most important aspects of data processing within the scope of our website as well as our business activities. Responsible for the processing of your personal data is:
If you have any complaints, questions, or suggestions regarding data protection, please do not hesitate to contact us at any time using the above contact details. You can reach our data protection officer at: email@example.com or at +43 1 521 75 41.
2. Data Processing within the Framework of our Website
2.1 General Information
Within the scope of our website, we process data that you disclose to us (for example, in the context of orders), logs (our servers log who makes requests for security reasons) and cookies (these are small text files that are stored on your device and contain information to recognize you). If you do not accept cookies, this may limit the functionality of our website. The web server for the operation of our website is operated on the software side by the IT company SCRIMO GmbH as an order processor and on the hardware side in the data center of the company Hetzner Online GmbH. To prevent third-party cookies from being set, you can block so-called third-party cookies in your browser. Here you will find instructions on how to do this for the most common browsers:
Internet Explorer: here
Safari: In Apple's Safari, third-party cookies are blocked by default.
2.2 Data Processing for the Operation and Security of our Website:
2.2.1. Server Logs
Purpose of processing: When you access our website, the web server collects usage data (so-called server logs). The collection of this data is necessary to technically enable the connection to our server and the use of the website. In addition, this data is used for the defense and analysis of attacks. The following server logs are collected: The IP address of the requesting device, together with the date, time, request, which file is requested (name and URL), which amount of data is transferred to you, a message whether the request was successful, identification data of the browser and operating system used, as well as the website from which the access was made (should the access be made via a link). Legal basis of processing: the processing of your data is based on our legitimate interest in ensuring the operation of the service and system security. Recipients of the data: The web server for the operation of our website is operated by the IT company SCRIMO GmbH as an order processor and hardware in the data center of the company Hetzner Online GmbH. The data from the server logs will - should there have been a hacker attack - be passed on to the law enforcement authorities. Any disclosure to third parties beyond this does not take place. Further information: The server logs are stored for a maximum of 12 months.Zweck der Verarbeitung: Wenn Sie unsere Website aufrufen, erhebt der Webserver Nutzungsdaten (sog. Serverlogs). Die Erhebung dieser Daten ist erforderlich, um den Verbindungsaufbau zu unserem Server und die Nutzung der Website technisch zu ermöglichen. Zudem dienen diese Daten zur Abwehr und Analyse von Angriffen.
Folgende Serverlogs werden erhoben: Die IP-Adresse des anfragenden Geräts, gemeinsam mit dem Datum, der Uhrzeit, der Anfrage, welche Datei angefragt wird (Name und URL), welche Datenmenge an Sie übertragen wird, eine Meldung, ob die Anfrage erfolgreich war, Erkennungsdaten des verwendeten Browsers und des verwendeten Betriebssystems, sowie die Website, von der der Zugriff erfolgte (sollte der Zugriff über einen Link erfolgen).
Rechtsgrundlage der Verarbeitung: Die Verarbeitung Ihrer Daten erfolgt aufgrund unseres berechtigten Interesses, den Betrieb des Dienstes und die Systemsicherheit zu gewährleisten.
Empfänger der Daten: Der Webserver für den Betrieb unserer Website wird durch die IT-Firma SCRIMO GmbH als Auftragsverarbeiter und hardwareseitig im Rechenzentrum der Firma Hetzner Online GmbH betrieben. Die Daten aus den Serverlogs werden – sollte es einen Hackerangriff gegeben haben – an die Strafverfolgungsbehörden weitergegeben. Eine darüberhinausgehende Weitergabe an Dritte erfolgt nicht. Weitere Informationen: Die Serverlogs werden für maximal 12 Monate gespeichert.
2.3 Data Processing for Marketing Purposes:
2.3.1 Web Analysis
We process data about your use of our website via the tool listed below to be able to adapt it to your interests in the best possible way.
Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Purpose of processing: Google Analytics stores cookies to recognize you and subsequently create personalized user statistics about your website activities. In addition, we have activated Google's "anonymize IP" module. This involves Google anonymizing the IP address assigned to you within the European Union.
Google Analytics stores the following cookies on your device:
|IDE||1 year||Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites across domains and play personalized advertising.|
2.4 Data Processing in the Context of our Social Media Activities:
We use so-called "social media plugins". These allow us to show you interaction elements or content (e.g., text posts, graphics, images, and videos) from social media services. Via these plugins, data, including personal data, can be transmitted to the social media service providers, and possibly used by them. When you visit our website, a direct connection between your browser and the server of the social media service provider is only established via the social media plugins if you have consented to the transmission of the data. We currently use social media plugins from the following services: YouTube: We use plugins of the YouTube service on our website. The plugins can display interaction elements or content (e.g., videos, graphics, or text contributions). Via these plugins, data can be sent to YouTube and possibly used by YouTube. Data is only transmitted to YouTube if you have consented to its use. If you are logged into your YouTube account while visiting our website, YouTube may be able to associate your visit and the respective video with your profile. YouTube may set various cookies on your computer. Many of these are for statistical purposes, to record your preferences and available bandwidth, but may also be used to determine your location and to serve personalized advertisements.
YouTube stores the following cookies on your device:
|yt.innertube||unrestricted||yt.innertube unrestricted Stores an ID to identify which videos the user has already watched.|
|yt-remote-connected-devices, yt-remote-device-id||unrestricted||yt-remote-connected-devices, yt-remote-device-id unrestricted Stores information about the preferences made by the user.|
|yt-remote-cast-installed, yt-remote-fast-check-period||Session||yt-remote-cast-installed, yt-remote-fast-check-period Session Stores information to recognize the user and which videos the user has watched.|
- LinkedIn: We use an analysis service of LinkedIn Ireland Unlimited Company, with which user behavior can be analyzed and personalized advertising can be played.
LinkedIn stores the following cookies on your device:
|_bcookie||2 years||This cookie is a browser identifier. This uniquely identifies devices accessing LinkedIn to detect misuse of the platform. |
|bscookie||2 years||This cookie is used to store the two-factor authentication status of a user who is logged in. |
|UserMatchHistory||30 days||This cookie is used to synchronize the IDs of LinkedIn Ads. |
3. Data Processing in the Context of the Newsletter:
Purpose of processing: If you have signed up for our newsletter, you will receive regular information from us by email about us and our range of services. If you no longer wish to be contacted by us, no problem. Simply unsubscribe at firstname.lastname@example.org or use the unsubscribe link in the newsletter. Legal basis of processing: The processing of your data is based on your consent. Recipients of the data: Your data will not be transferred to third parties. Further information: We will process your data until you revoke your consent or unsubscribe from the newsletter (you will find an appropriate link for this in the newsletter).
4. Data Processing in the Context of Business Operations:
4.1 Data Processing in the Context of Contacting us:
Purpose of processing: if you contact us (e.g., by e-mail, contact form), we process the data you disclose while contacting us, only insofar as this is necessary to process the request or its handling. Legal basis of processing: The processing of your data is carried out for the implementation of pre-contractual measures or for the fulfillment of a contractual relationship or is based on our legitimate interest, namely for the organization of the inquiry response. Recipients of the data: A transfer of this data only takes place on the condition that the transfer is necessary for the inquiry response. Further information: We process your data as long as this is necessary for the processing of the inquiry and, in addition, for a further seven years after the last contact with you in the event of a follow-up inquiry.
4.2 Data Processing in the Context of the Customer Account:
Purpose of processing: when you register on our website, we process the data disclosed as part of your registration for the formal handling of the business cases that we have to deal with, for checking and evaluating whether there is customer satisfaction and for assessing the quality of the services used. In addition, all purchases made by the customer are stored in the user account, so that the user can see at any time which purchases he has made and how he has evaluated the purchased products. Legal basis of processing: The processing of your data is carried out for the implementation of pre-contractual measures or for the fulfillment of a contractual relationship. Recipients of the data: This data is transmitted to contractual and business partners in anonymized form. The recipient thus only sees how a product has been rated, but not who has rated the product. Further information: Deletion of your user account is possible at any time. After deletion of your user account your data will be deleted by us.
5. Data Processing in the Context of our Service (Market Research for Retail Products):
Our service is market research for retail products. For this purpose, we provide you with products, some of which are not yet available on the market, which you can pick up in our go2market store.
5.1 Data Processing during your Stay in the go2market Store (Behavioral Analysis)
Purpose of processing: During your stay in our go2market supermarket, your shopping behavior is also statistically evaluated by means of a video-based behavior analysis. The analysis of your shopping behavior is basically anonymous and cannot be traced back to you. This data is evaluated statistically. In addition, video surveillance is used to investigate possible criminal offences committed in our store. Note: A profile is created about your purchasing behavior and other factors. You can find more information about the processing via this profile in point 6.3. Legal basis of the processing: The processing of the image data is based on the contract concluded with you in accordance with Art 6 (1) lit b DSGVO. to analyze your behavior and to create a profile. For this processing, it is necessary that we record your behavior in our store by means of video surveillance. The legal basis of the processing of data from video surveillance for further criminal treatment is based on Art 6 para 1 lit f DSGVO. Our legitimate interest is the prevention of crimes committed against us. Storage period: Unless the image data is required for a specific reason for the realization of the underlying protection or preservation of evidence purposes, we delete the image data after 72 hours at the latest. Recipients of the data: If transfer of the data is necessary due to the prosecution of criminal offenses, the data is transferred to the following recipients:
Competent administrative authorities (for securing evidence and for security police purposes), competent courts (for securing evidence in criminal and civil law cases), insurance companies (exclusively for the settlement of insurance claims) and legal representatives (for the assertion, exercise, or defense of legal claims).
5.2 Data Processing in the Context of Market Research after your Visit to the go2market Store
Purpose of processing: after you have purchased products from our go2market Store, we will send you questions about the product and your experience in our go2market Store a few days after your visit. For this purpose, we will process your contact details, the questions, as well as the answers you voluntarily give us for the purpose of market research. Legal basis of processing: The processing of this data is based on the contract concluded with you pursuant to Art 6 (1) lit b DSGVO. Storage period: We store this data as long as your membership is active. After your active membership has ended, your personal data will be anonymized. Recipients of the data: The data of the questions will be anonymized immediately. This means that the answers to the questions cannot be traced back to you. We then evaluate this data. This evaluation is also not traceable to you, so anonymous. This result of the evaluated data, which cannot be traced back to you, is then passed on exclusively to our contractual and business partners and only in the form that is absolutely necessary for the contractual or business partner.
5.3 Data Processing in the Context of Behavioral Analysis:
Purpose of processing: as part of our service, we create a profile about you. For this purpose, data from a wide variety of sources, in particular from the behavioral analysis in our go2market store, from the response to our questionnaire in the context of market research after your visit to our go2market store are used. This profile does not serve as the basis for any non-automated or automated decision. The data is only used for market research. Legal basis of processing: The processing of your data is carried out to fulfill the contract concluded with you in accordance with Art 6 para 1 lit b DSGVO. Recipients of the data: The same provisions apply to this transfer as to the transfer under point 6.2. The data will be anonymized immediately. The evaluated data will only be passed on to contractual or business partners and only to the extent that is absolutely necessary for the contractual or business partner. Further information: We process your data only as long as this is necessary for the fulfillment of the contractual relationship or due to legal obligations (for example, according to tax and company law retention obligations). As a rule, we keep data for seven years.
5.4 Data Processing for the Purpose of carrying out Administrative Activities
Purpose of processing: we operate a customer relationship management system and process your data to document and improve our customer relations with you (documenting the content of communications between our employees and you). Legal basis of processing: Your data is processed based on our legitimate interest in optimizing customer-specific communication with you. Recipients of the data: Your data will not be transferred to third parties pursuing their own purposes. Further information: We store your data until the end of the third year after the last contact with you.
6. Your Rights
6.1 Right to Information about Stored Data according to Art. 15 DSGVO
You have the right to request information about whether we process personal data about you. If this is the case, you have a right to information about this personal data and other information related to the processing.
6.2 Right to Rectification of inaccurate Data Pursuant to Art 16 DSGVO
In the event that personal data we process about you is not (or no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed.
6.3 Right to Deletion of Data according to Art 17 DSGVO
If the legal requirements are met, you may request the deletion of your personal data.
6.4 Right to Restriction of Data according to Art 18 DSGVO
If the legal requirements are met, you may request the restriction of the processing of data relating to you.
6.5 Right to Data Portability according to Art 20 DSGVO
If the legal requirements are met, you may request the transfer of your data in a structured, common, and machine-readable format.
6.6 Right to object to unreasonable Data Processing pursuant to Art 21 DSGVO
For reasons arising from your particular situation, you may object at any time to the processing of data relating to you that we process on the basis of a legitimate interest pursuant to Art 6(1)(f) DSGVO.
6.7 Right to revoke Consent
If processing is carried out based on a declaration of consent, you have the possibility to revoke this at any time without affecting the lawfulness of the processing carried out based on the consent until revocation.
6.8 Right to complain to the Data Protection Authority
If you are of the opinion that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been violated in any other way, you have the possibility to complain to the competent supervisory authority (for Austria, this is the Austrian Data Protection Authority, for Germany, this is the State Commissioner for Data Protection and Information Security). The addresses are:
Austrian Data Protection Authority
Telephone: +43 1 52 152-0
State Commissioner for Data Protection and Information Security
For the State of North Rhine-Westphalia
Phone: +49 211/38424-0
7 Further Information:
We need the data that we ask you to provide for the processing of the sale of our goods and provision of our services within the framework of the contractual relationship or to provide information that you have asked us for or when sending our newsletter and other information. If you do not provide the data, we will not be able to provide our services. We do not use automated decision-making including profiling according to Art 22 DSGVO. If we process your personal data for a purpose other than the one for which we collected the data, we will disclose this circumstance to you and inform you about this other purpose.