- Information about the collection of personal data and contact details of the person responsible
- Data collection when visiting our website
- Data processing when opening a customer account and for contract execution
- Comment function
- Use of your data for direct mail
- Data processing for order processing
- Use of Social Media: Social Plugins
- Online Marketing
- Web analysis services
- Tools and Others
- Rights of the affected
- Duration of storage of personal data
1. INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DATA OF THE RESPONSIBLE
1.1 We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is all data that allows you to be personally identified.
1.2 Responsible for the data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is Kissa Tea GmbH, Kohlmarkt 16, 1010 Vienna, Austria, Tel.:004315350665, Fax: 00431535066589, E-Mail: firstname.lastname@example.org. The person responsible for the processing of personal data is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data.
1.3 For reasons of security and to protect the transmission of personal data and other confidential content (for example, orders or inquiries to the person responsible), this website uses an SSL or Internet connection. TLS encryption. You can recognize an encrypted connection by the string “https: //” and the lock icon in your browser bar.
2. DATA COLLECTION WHEN VISING OUR WEBSITE
In the case of merely informative use of our website, ie if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following information that is technically necessary for us to display the website:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source / reference from which you came to the page
- Used browser
- Operating system used
- Used IP address (possibly in anonymous form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles should concrete evidence point to unlawful use.
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, ie after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal cookies are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f DSGVO for safeguarding our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
We may work with advertising partners to help us make our web site more interesting to you. For this purpose, cookies may also be stored on your hard drive when you visit our website (third-party cookies). About the use of such cookies and the extent of the information collected in each case, you will be informed individually and separately within the following paragraphs.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:
Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us (for example via contact form or e-mail), personal data is collected. Which data are collected in the case of a contact form can be seen from the respective contact form. These data are stored and used solely for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at concluding a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter in question is finally clarified and provided that no statutory storage requirements are in conflict.
5. DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTRACT TRACKING
According to Art. 6 para. 1 lit. Personal data will continue to be collected and processed if you inform us of this when carrying out a contract or opening a customer account. Which data are collected, can be seen from the respective input forms. A deletion of your customer account is possible at any time and can by a message to the o.g. Address of the person responsible. We save and use the data you have provided for the execution of the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your data or a legally permitted further data use by our side which we will inform you accordingly below.
6. COMMENT FUNCTION
As part of the commentary function on this website, in addition to your commentary, information on the time the commentary was created and the commentary name you have chosen will be saved and published on the website. Furthermore, your IP address will be logged and saved. This storage of the IP address is made for security reasons and in the event that the data subject violates the rights of third parties or posts illegal contents by submitting a comment. We need your e-mail address in order to contact you if a third party objects to your published content as unlawful. The legal basis for storing your data is Art. 6 para. 1 lit.b and f DSGVO. We reserve the right to delete comments if they are objected to by third parties as unlawful.
7. USE OF YOUR DIRECT ADVERTISING DATA
7.1 Registration for our newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our offers. Mandatory information for sending the newsletter is your e-mail address alone. The indication of further possible data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have explicitly confirmed to us that you agree to the sending of the newsletter. We will then send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive newsletters in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we will save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for promotional purposes by means of the newsletter. You can cancel the newsletter at any time via the provided link in the newsletter or by sending a message to the person named above. After cancellation, your e-mail address will be deleted immediately in our newsletter distribution, as far as you have not expressly consented to a further use of your data or we reserve the right to further data usage, which is permitted by law and about which we inform you in this statement.
7.2 Newsletter dispatch via MailChimp
The shipping of our e-mail newsletters is via the technical service provider The Rocket Science Group, LLC d / b / a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http: //www.mailchimp .com /), to which we pass on your data provided during the newsletter registration. This transfer is made in accordance with Art. 6 para. 1 lit. f DSGVO and serves our legitimate interest in the use of a promotional, secure and user-friendly newsletter system. Please note that your data is usually transmitted to and stored by a MailChimp server in the USA.
MailChimp uses this information for sending and statistical evaluation of the newsletter on our behalf. For the evaluation, the emails sent include so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This way you can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). The data are collected exclusively pseudonymized and are not linked to your other personal data, a direct personal reference is excluded. This data is for statistical analysis of newsletter campaigns only. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipient.
If you want to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, MailChimp may use this data in accordance with Art. 6 para. 1 lit. f Use DSGVO itself for its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them down or to pass them on to third parties.
To protect your information in the United States, we have entered into a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to allow the transfer of your personal information to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address: http://mailchimp.com/legal/forms/data-processing-agreement/.
In addition, MailChimp is certified under the us European privacy protection agreement “Privacy Shield” and is committed to complying with EU data protection requirements.
8. DATA PROCESSING FOR ORDER PROCESSING
8.1 In order to process your order, we cooperate with the following service providers who assist us wholly or partially in the execution of concluded contracts. These personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of the contract, insofar as this is necessary for the delivery of the goods. We will pass on your payment details to the commissioned bank as part of the payment process, if this is necessary for the payment process. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of the data is Art. 6 para. 1 lit. b DSGVO.
8.2 Use of payment service providers (payment service providers)
For payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we will transfer your payment data to Paypal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). The disclosure is made in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment process.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
9. USE OF SOCIAL MEDIA: SOCIAL PLUGINS
9.1 Facebook as a standard plugin
Our website uses so-called social plugins (“plugins”) of the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in of Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
When you visit a page of our website that contains such a plugin, your browser connects directly to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the US and stored there.
If you are logged in to Facebook, Facebook can immediately assign the visit to our website to your Facebook profile. If you interact with the plugins, for example, click the “Like” button or leave a comment, this information is also transmitted directly to a Facebook server and stored there. The information will also be published on your Facebook profile and displayed to your Facebook friends.
The data processing operations described are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interests of Facebook in the display of personalized advertising, to inform other users of the social network about your activities on our website and to tailor-made the service.
If you do not want Facebook to directly link the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You may also object to the future loading of the Facebook plugins and thus the data processing operations described above with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Based in the US, Facebook Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
Use of Facebook social plugins
This offer uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are recognizable by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
When a user calls a web page of this offer that contains such a plugin, its browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by him into the website. The provider therefore has no influence on the amount of data that Facebook collects with the help of this plugin and therefore informs users according to their level of knowledge:
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him via this offer and associate it with his member data stored on Facebook, he must log out of Facebook before visiting the website.
Other settings and inconsistencies regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info / choices / or the EU page http://www.youronlinechoices.com/. The settings are platform independent, i. they are adopted for all devices, such as desktop computers or mobile devices.
Facebook remarketing / retargeting
Conversion measurement with the Facebook visitor action pixel
With your consent, we use the “visitor action pixel” of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can track users’ actions after they’ve seen or clicked a Facebook ad. This allows us to track the effectiveness of Facebook advertising for statistical and market research purposes. The data collected in this way is anonymous for us, ie we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our knowledge. Facebook can connect this data with their Facebook account and also for their own advertising purposes, according to Facebook’s data usage policy https://www.facebook.com/about/privacy/. You can enable Facebook and its affiliates to display ads on and off Facebook. It may also be stored for these purposes, a cookie on your computer.
This consent may only be declared by users older than 13 years old. If you are younger, we ask that you ask your guardians for advice.
Please click here if you wish to revoke your consent.
Communication via Facebook Messenger
This offer uses Facebook Inc.’s Facebook Messenger, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) as an additional communication medium. The data and contents of the communication are processed via servers in the USA. Facebook also evaluates the meta-data of communication for advertising purposes, but not the content of the news.
9.2 Twitter as default plugin
Our website uses so-called social plugins (“plugins”) from the Twitter microblogging service operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plugins are marked with a Twitter logo, for example in the form of a blue “Twitter bird”. An overview of the Twitter plugins and their appearance can be found here: https://about.twitter.com/resources/buttons
If you visit a page of our website that contains such a plugin, your browser connects directly to the servers of Twitter. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. By integrating Twitter receives the information that your browser has accessed the appropriate page of our website, even if you do not have a profile on Twitter or just not logged in to Twitter. This information (including your IP address) is sent from your browser directly to a Twitter server in the United States and stored there.
If you are logged in to Twitter, Twitter can immediately assign your visit to our website to your Twitter account. If you interact with the plugins, for example by clicking on the “Tweet” button, the corresponding information is also transmitted directly to a server of Twitter and stored there. The information will also be posted on your Twitter account and displayed there to your contacts.
According to Art. 6 para. 1 lit.f DSGVO, the described data processing operations are carried out on the basis of the justified interests of Twitter in the display of personalized advertising in order to inform other users of the social network about their activities on our website and to design the service as required.
If you are a member of Twitter’s social network and you want to limit the collection of information through our website and the aggregation of your user data with the data stored about you on the social network Twitter, you should log out of Twitter before visiting our website.
You may also object to the future loading of the Twitter plugins, and thus the data processing operations described above, with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Based in the US, Twitter Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
10. ONLINE MARKETING
Use of Google AdWords Conversion Tracking
This website uses the Google AdWords online advertising program and, as part of Google AdWords, Google LLC conversion tracking, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on a Google-served AdWords ad. Cookies are small text files that are stored on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can not be tracked through AdWords advertisers’ websites. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in tracking, you can block this usage by disabling the Google Conversion Tracking cookie through its Internet browser under User Preferences. You will not be included in the conversion tracking statistics. We use Google Adwords based on our legitimate interest in a targeted advertising gem. Art. 6 para. 1 lit. f DSGVO.
US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
You can permanently deactivate cookie cookies by blocking them by setting your browser software accordingly or by downloading and installing the browser plug-in available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=deAs an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from entering this website in the future (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you must click this link again):
Disable Google AnalyticsUS-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
This site also uses Google Analytics for cross-device analysis of visitor traffic conducted through a user ID. You can disable the cross-device analysis of your usage under My Data, Personal Information in your customer account.
13. RIGHTS OF THE AFFECTED
13.1 The applicable data protection law grants you comprehensive data protection rights (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:
– Right of access according to Art. 15 GDPR: In particular, you have a right to information about the personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data has been disclosed or will be planned storage period or the criteria for determining the storage period, the right of rectification, deletion, limitation of processing, objection to the processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making including profiling and possibly meaningful information on the logic involved and the scope and effect of such processing, as well as your right to be informed, which guarantees under Art. 46 GDPR when forwarded Your data to third countries;
– Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
– Right to cancellation pursuant to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. However, that right does not apply, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights;
– Right to restriction of the processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data, as long as the correctness of your data, which you contested, is checked, if you refuse a deletion of your data due to inadmissible data processing and instead require the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal rights, after we no longer need this data after purpose or if you objected for reasons of your special situation, as yet as it is not certain, whether our legitimate reasons prevail;
– Right to information in accordance with Art. 19 GDPR: If you have the right to rectify, delete or limit the processing to the person responsible, he / she is obliged to rectify or delete the data to all recipients to whom the personal data relating to you have been disclosed or limitation of processing, unless proving to be impossible or disproportionate. You have the right to be informed about these recipients.
– Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible, as far as this is technically feasible ;
– Right of revocation of granted consent pursuant to Art. 7 para. 3 DSGVO: You have the right to revoke consent once given in the processing of data at any time with effect for the future. In the revocation, we will delete the data concerned immediately, as far as further processing can not be based on a legal basis for consentless processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to appeal under Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you: The view is that the processing of your personal data violates the GDPR.
13.2 OPPOSITION RIGHT
IF, IN THE CONTEXT OF INTEREST ACCOUNTABILITY, WE PROCESS OUR PERSONAL DATA BASED ON OUR MAJOR LEGITIMATE INTEREST, YOU HAVE ANY PRESENT RIGHT TO SUBMIT AGAINST THIS PROCESSING FOR CONSEQUENCES WITH EFFECT ON THE FUTURE FOR REASONS OBTAINED FROM YOUR SPECIFIC SITUATION.
MAKE USE OF YOUR OPPOSITION RIGHT, WE FINISH THE PROCESSING OF THE AFFECTED DATA. FURTHER PROCESSING REMAINS SUBJECT TO EXERCISE WHEN WE MAY PROVIDE IMPERATIVE REASONABLE REASONS FOR PROCESSING WHICH EXCEED ITS INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE PRESENTATION, EXERCISE OR DEFENSE OF LEGAL CHARGES.
IF YOUR PERSONAL DATA IS PROCESSED BY US TO OPERATE DIRECT ADVERTISING, YOU HAVE THE RIGHT TO INTRODUCE ANY CONTESTING AGAINST THE PROCESSING OF YOU OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OPPOSITE AS DESCRIBED ABOVE.
MAKE USE OF YOUR CONTINGENCY RIGHT, WE FINISH THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ACCEPTANCE.
14. DURATION OF STORAGE OF PERSONAL DATA
The duration of the storage of personal data is based on the respective legal retention period (eg commercial and tax retention periods). After the deadline, the corresponding data are routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract and / or on our part no legitimate interest in the re-storage persists.