Privacy Policy

Status: 20.05.2021

1. General Information

The protection of your personal data is of particular concern to us. We process your personal data exclusively based on the legal provisions (DSGVO, DSG, TKG 2003). For the provision of our website, for the processing of the sale of our goods and provision of our services, we process information about you, so-called personal data - or in the following "data" for short. The term "processing" is understood to mean any handling of data, such as the collection, storage, use, deletion of personal data. In this data protection information, we inform you about the most important aspects of data processing within the scope of our website as well as our business activities. Responsible for the processing of your personal data is:

Go2Market GmbH
Liniengasse 11
1060 Vienna
 

If you have any complaints, questions, or suggestions regarding data protection, please do not hesitate to contact us at any time using the above contact details. You can reach our data protection officer at: datenschutzbeauftragter@h-i-p.at or at +43 1 521 75 41. 

2. Data Processing within the Framework of our Website

2.1 General Information

Within the scope of our website, we process data that you disclose to us (for example, in the context of orders), logs (our servers log who makes requests for security reasons) and cookies (these are small text files that are stored on your device and contain information to recognize you). If you do not accept cookies, this may limit the functionality of our website. The web server for the operation of our website is operated on the software side by the IT company  SCRIMO GmbH as an order processor and on the hardware side in the data center of the company Hetzner Online GmbH. To prevent third-party cookies from being set, you can block so-called third-party cookies in your browser. Here you will find instructions on how to do this for the most common browsers: 

Firefox: here
Chrome: here
Internet Explorer: here
Safari: In Apple's Safari, third-party cookies are blocked by default. 

2.2 Data Processing for the Operation and Security of our Website:

2.2.1. Server Logs

Purpose of processing: When you access our website, the web server collects usage data (so-called server logs). The collection of this data is necessary to technically enable the connection to our server and the use of the website. In addition, this data is used for the defense and analysis of attacks. The following server logs are collected: The IP address of the requesting device, together with the date, time, request, which file is requested (name and URL), which amount of data is transferred to you, a message whether the request was successful, identification data of the browser and operating system used, as well as the website from which the access was made (should the access be made via a link). Legal basis of processing: the processing of your data is based on our legitimate interest in ensuring the operation of the service and system security. Recipients of the data: The web server for the operation of our website is operated by the IT company SCRIMO GmbH as an order processor and hardware in the data center of the company Hetzner Online GmbH. The data from the server logs will - should there have been a hacker attack - be passed on to the law enforcement authorities. Any disclosure to third parties beyond this does not take place. Further information: The server logs are stored for a maximum of 12 months.Zweck der Verarbeitung: Wenn Sie unsere Website aufrufen, erhebt der Webserver Nutzungsdaten (sog. Serverlogs). Die Erhebung dieser Daten ist erforderlich, um den Verbindungsaufbau zu unserem Server und die Nutzung der Website technisch zu ermöglichen. Zudem dienen diese Daten zur Abwehr und Analyse von Angriffen. Folgende Serverlogs werden erhoben: Die IP-Adresse des anfragenden Geräts, gemeinsam mit dem Datum, der Uhrzeit, der Anfrage, welche Datei angefragt wird (Name und URL), welche Datenmenge an Sie übertragen wird, eine Meldung, ob die Anfrage erfolgreich war, Erkennungsdaten des verwendeten Browsers und des verwendeten Betriebssystems, sowie die Website, von der der Zugriff erfolgte (sollte der Zugriff über einen Link erfolgen). Rechtsgrundlage der Verarbeitung: Die Verarbeitung Ihrer Daten erfolgt aufgrund unseres berechtigten Interesses, den Betrieb des Dienstes und die Systemsicherheit zu gewährleisten.
Empfänger der Daten: Der Webserver für den Betrieb unserer Website wird durch die IT-Firma SCRIMO GmbH als Auftragsverarbeiter und hardwareseitig im Rechenzentrum der Firma Hetzner Online GmbH betrieben. Die Daten aus den Serverlogs werden – sollte es einen Hackerangriff gegeben haben – an die Strafverfolgungsbehörden weitergegeben. Eine darüberhinausgehende Weitergabe an Dritte erfolgt nicht. Weitere Informationen: Die Serverlogs werden für maximal 12 Monate gespeichert.

2.3 Data Processing for Marketing Purposes:

2.3.1 Web Analysis

We process data about your use of our website via the tool listed below to be able to adapt it to your interests in the best possible way.

Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Purpose of processing: Google Analytics stores cookies to recognize you and subsequently create personalized user statistics about your website activities. In addition, we have activated Google's "anonymize IP" module. This involves Google anonymizing the IP address assigned to you within the European Union.

Google Analytics stores the following cookies on your device:

Name:
Duration:
Purpose:
IDE
1 year
Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites across domains and play personalized advertising.

Legal basis of processing: The processing of your data is based on your consent. If you check the "Optional cookies" box on our cookie banner and then confirm the cookie banner by clicking the "Ok" button, you consent to us processing your data to the extent described here. Recipients of the data: The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. The appropriate level of protection for the transfer is derived from standard contractual clauses pursuant to Art 46 DSGVO. For more information on standard contractual clauses and appropriate or adequate safeguards, please visit https://privacy.google.com/businesses/processorterms/. Google acts as a processor for us and may only use the transmitted data to process the specific orders and is contractually obligated to us to comply with the statutory provisions on data protection. Further information: You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the websites (including your anonymized IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

2.4 Data Processing in the Context of our Social Media Activities:

We use so-called "social media plugins". These allow us to show you interaction elements or content (e.g., text posts, graphics, images, and videos) from social media services. Via these plugins, data, including personal data, can be transmitted to the social media service providers, and possibly used by them. When you visit our website, a direct connection between your browser and the server of the social media service provider is only established via the social media plugins if you have consented to the transmission of the data. We currently use social media plugins from the following services: YouTube: We use plugins of the YouTube service on our website. The plugins can display interaction elements or content (e.g., videos, graphics, or text contributions). Via these plugins, data can be sent to YouTube and possibly used by YouTube. Data is only transmitted to YouTube if you have consented to its use. If you are logged into your YouTube account while visiting our website, YouTube may be able to associate your visit and the respective video with your profile. YouTube may set various cookies on your computer. Many of these are for statistical purposes, to record your preferences and available bandwidth, but may also be used to determine your location and to serve personalized advertisements.

YouTube stores the following cookies on your device:

Name:
Duration:
Purpose:
yt.innertube
unrestricted
yt.innertube unrestricted Stores an ID to identify which videos the user has already watched.
yt-remote-connected-devices, yt-remote-device-id
unrestricted
yt-remote-connected-devices, yt-remote-device-id unrestricted Stores information about the preferences made by the user.
yt-remote-cast-installed, yt-remote-fast-check-period
Session
yt-remote-cast-installed, yt-remote-fast-check-period Session Stores information to recognize the user and which videos the user has watched.

For more information about YouTube and the exact scope and purpose of data processing, please see Google's privacy policy at https://policies.google.com/privacy. The data controller is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 - LinkedIn: We use an analysis service of LinkedIn Ireland Unlimited Company, with which user behavior can be analyzed and personalized advertising can be played. 

LinkedIn stores the following cookies on your device: 

Name:
Duration:
Purpose:
_bcookie
2 years
This cookie is a browser identifier. This uniquely identifies devices accessing LinkedIn to detect misuse of the platform. 
bscookie
2 years
This cookie is used to store the two-factor authentication status of a user who is logged in. 
UserMatchHistory
30 days
This cookie is used to synchronize the IDs of LinkedIn Ads. 

3. Data Processing in the Context of the Newsletter:

Purpose of processing: If you have signed up for our newsletter, you will receive regular information from us by email about us and our range of services. If you no longer wish to be contacted by us, no problem. Simply unsubscribe at office@go2.markets or use the unsubscribe link in the newsletter. Legal basis of processing: The processing of your data is based on your consent. Recipients of the data: Your data will not be transferred to third parties. Further information: We will process your data until you revoke your consent or unsubscribe from the newsletter (you will find an appropriate link for this in the newsletter).

4. Data Processing in the Context of Business Operations:

4.1 Data Processing in the Context of Contacting us:

Purpose of processing: if you contact us (e.g., by e-mail, contact form), we process the data you disclose while contacting us, only insofar as this is necessary to process the request or its handling. Legal basis of processing: The processing of your data is carried out for the implementation of pre-contractual measures or for the fulfillment of a contractual relationship or is based on our legitimate interest, namely for the organization of the inquiry response. Recipients of the data: A transfer of this data only takes place on the condition that the transfer is necessary for the inquiry response. Further information: We process your data as long as this is necessary for the processing of the inquiry and, in addition, for a further seven years after the last contact with you in the event of a follow-up inquiry.

4.2 Data Processing in the Context of the Customer Account:

Purpose of processing: when you register on our website, we process the data disclosed as part of your registration for the formal handling of the business cases that we have to deal with, for checking and evaluating whether there is customer satisfaction and for assessing the quality of the services used. In addition, all purchases made by the customer are stored in the user account, so that the user can see at any time which purchases he has made and how he has evaluated the purchased products. Legal basis of processing: The processing of your data is carried out for the implementation of pre-contractual measures or for the fulfillment of a contractual relationship. Recipients of the data: This data is transmitted to contractual and business partners in anonymized form. The recipient thus only sees how a product has been rated, but not who has rated the product. Further information: Deletion of your user account is possible at any time. After deletion of your user account your data will be deleted by us.

5. Data Processing in the Context of our Service (Market Research for Retail Products):

Our service is market research for retail products. For this purpose, we provide you with products, some of which are not yet available on the market, which you can pick up in our go2market store.

5.1 Data Processing during your Stay in the go2market Store (Behavioral Analysis)

Purpose of processing: During your stay in our go2market supermarket, your shopping behavior is also statistically evaluated by means of a video-based behavior analysis. The analysis of your shopping behavior is basically anonymous and cannot be traced back to you. This data is evaluated statistically. In addition, video surveillance is used to investigate possible criminal offences committed in our store. Note: A profile is created about your purchasing behavior and other factors. You can find more information about the processing via this profile in point 6.3. Legal basis of the processing: The processing of the image data is based on the contract concluded with you in accordance with Art 6 (1) lit b DSGVO. to analyze your behavior and to create a profile. For this processing, it is necessary that we record your behavior in our store by means of video surveillance. The legal basis of the processing of data from video surveillance for further criminal treatment is based on Art 6 para 1 lit f DSGVO. Our legitimate interest is the prevention of crimes committed against us. Storage period: Unless the image data is required for a specific reason for the realization of the underlying protection or preservation of evidence purposes, we delete the image data after 72 hours at the latest. Recipients of the data: If transfer of the data is necessary due to the prosecution of criminal offenses, the data is transferred to the following recipients:

Competent administrative authorities (for securing evidence and for security police purposes), competent courts (for securing evidence in criminal and civil law cases), insurance companies (exclusively for the settlement of insurance claims) and legal representatives (for the assertion, exercise, or defense of legal claims).

5.2 Data Processing in the Context of Market Research after your Visit to the go2market Store

Purpose of processing: after you have purchased products from our go2market Store, we will send you questions about the product and your experience in our go2market Store a few days after your visit. For this purpose, we will process your contact details, the questions, as well as the answers you voluntarily give us for the purpose of market research. Legal basis of processing: The processing of this data is based on the contract concluded with you pursuant to Art 6 (1) lit b DSGVO. Storage period: We store this data as long as your membership is active. After your active membership has ended, your personal data will be anonymized. Recipients of the data: The data of the questions will be anonymized immediately. This means that the answers to the questions cannot be traced back to you. We then evaluate this data. This evaluation is also not traceable to you, so anonymous. This result of the evaluated data, which cannot be traced back to you, is then passed on exclusively to our contractual and business partners and only in the form that is absolutely necessary for the contractual or business partner.

5.3 Data Processing in the Context of Behavioral Analysis:

Purpose of processing: as part of our service, we create a profile about you. For this purpose, data from a wide variety of sources, in particular from the behavioral analysis in our go2market store, from the response to our questionnaire in the context of market research after your visit to our go2market store are used. This profile does not serve as the basis for any non-automated or automated decision. The data is only used for market research. Legal basis of processing: The processing of your data is carried out to fulfill the contract concluded with you in accordance with Art 6 para 1 lit b DSGVO. Recipients of the data: The same provisions apply to this transfer as to the transfer under point 6.2. The data will be anonymized immediately. The evaluated data will only be passed on to contractual or business partners and only to the extent that is absolutely necessary for the contractual or business partner. Further information: We process your data only as long as this is necessary for the fulfillment of the contractual relationship or due to legal obligations (for example, according to tax and company law retention obligations). As a rule, we keep data for seven years.

5.4 Data Processing for the Purpose of carrying out Administrative Activities

Purpose of processing: we operate a customer relationship management system and process your data to document and improve our customer relations with you (documenting the content of communications between our employees and you). Legal basis of processing: Your data is processed based on our legitimate interest in optimizing customer-specific communication with you. Recipients of the data: Your data will not be transferred to third parties pursuing their own purposes. Further information: We store your data until the end of the third year after the last contact with you.

6. Your Rights

6.1 Right to Information about Stored Data according to Art. 15 DSGVO

You have the right to request information about whether we process personal data about you. If this is the case, you have a right to information about this personal data and other information related to the processing.

6.2 Right to Rectification of inaccurate Data Pursuant to Art 16 DSGVO

In the event that personal data we process about you is not (or no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed.

6.3 Right to Deletion of Data according to Art 17 DSGVO

If the legal requirements are met, you may request the deletion of your personal data.

6.4 Right to Restriction of Data according to Art 18 DSGVO

If the legal requirements are met, you may request the restriction of the processing of data relating to you.

6.5 Right to Data Portability according to Art 20 DSGVO

If the legal requirements are met, you may request the transfer of your data in a structured, common, and machine-readable format.

6.6 Right to object to unreasonable Data Processing pursuant to Art 21 DSGVO

For reasons arising from your particular situation, you may object at any time to the processing of data relating to you that we process on the basis of a legitimate interest pursuant to Art 6(1)(f) DSGVO.

6.7 Right to revoke Consent

If processing is carried out based on a declaration of consent, you have the possibility to revoke this at any time without affecting the lawfulness of the processing carried out based on the consent until revocation.

6.8 Right to complain to the Data Protection Authority

If you are of the opinion that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been violated in any other way, you have the possibility to complain to the competent supervisory authority (for Austria, this is the Austrian Data Protection Authority, for Germany, this is the State Commissioner for Data Protection and Information Security). The addresses are:

Austrian Data Protection Authority
Barichgasse 40-42 
1030 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

State Commissioner for Data Protection and Information Security
For the State of North Rhine-Westphalia
Kavalleriestrasse 2-4
40213 Düsseldorf
Phone: +49 211/38424-0
E-mail: poststelle@ldi.nrw.de

7 Further Information:

We need the data that we ask you to provide for the processing of the sale of our goods and provision of our services within the framework of the contractual relationship or to provide information that you have asked us for or when sending our newsletter and other information. If you do not provide the data, we will not be able to provide our services. We do not use automated decision-making including profiling according to Art 22 DSGVO. If we process your personal data for a purpose other than the one for which we collected the data, we will disclose this circumstance to you and inform you about this other purpose.