Data Protection
General information
The following information provides a simple overview of what happens to your personal data when you visit our online shop. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.
Data collection in our online shop
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the ‘Information on the responsible body’ section of this privacy policy.
How do we collect your data?
Your data is collected when you provide it to us. This may include, for example, data that you enter in a contact form or provide when placing an order.
Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure that the website functions correctly. Other data may be used to analyse your user behaviour. Further data is required to process your orders and payments.
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
2. Hosting
Hosting with Raidboxes
We host our website with Raidboxes. The provider is Raidboxes GmbH, Hafenweg 16, 48155 Münster (hereinafter: Raidboxes).
When you use our website, Raidboxes collects various log files, including IP addresses. For details, please refer to the Raidboxes privacy policy: https://raidboxes.io/datenschutz/
The use of Raidboxes is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR.
We have concluded a contract for order processing (AVV) with Raidboxes. This is a contract required by data protection law, which ensures that Raidboxes only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3. General information and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Note on the responsible body
The responsible body for data processing on this website is:
BERTRAMS GmbH & Co KG
Stelzhamergasse 4/7
1030 Vienna
Austria
Telephone: +43 1 333 222 1
Email: datenschutz@bertrams.co.at
Company registration number: 5653p
Company registration court: HG Vienna
VAT ID: ATU10769104
The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Storage period
Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place once these reasons no longer apply.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the United States or other third countries that are not secure in terms of data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. We only work with providers in third countries that guarantee an adequate level of data protection through certification under the EU-US Data Privacy Framework (https://dataprivacyframework.gov/list) or through the agreement of standard contractual clauses of the EU Commission.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You may revoke any consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(a) OR (f) GDPR, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN PROVE THAT THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Competent supervisory authority for Austria:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.
Information, correction and deletion
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correct or delete this data. You can contact us at any time with any questions you may have about this or other topics related to personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction of processing applies in the following cases:
- If you dispute the accuracy of your personal data stored by us, we will generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
- If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.
4. Data collection on this website
Cookies
Our websites use so-called ‘cookies’. Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.
Cookies that are necessary for the electronic communication process, for the provision of certain functions you have requested (e.g. for the shopping basket function) or for the optimisation of the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.
Cookiebot
This website uses Cookiebot consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. This technology is provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as ‘Cookiebot’).
When you visit our website, a connection is established to Cookiebot’s servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser to assign the consents you have given or revoked to you. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
We have entered into a data processing agreement (DPA) with Cookiebot. For more information, please refer to Cookiebot’s privacy policy: https://www.cookiebot.com/de/privacy-policy/
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system used
- Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.
Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested.
Registration on this website
You can register on this website to use additional features on the site. We only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6(1)(b) GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will be deleted afterwards. Statutory retention periods remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
We collect, process and use personal data relating to the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill for it.
The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transmission upon conclusion of contract for online shops, retailers and goods dispatch
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to companies entrusted with the delivery of goods or the credit institution responsible for payment processing. No further transfer of data takes place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Data transfer upon conclusion of contract for services and digital content
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution responsible for payment processing.
No further transfer of data will take place unless you have expressly consented to such transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
5. Analysis tools and advertising
Google Analytics 4
This website uses functions of the web analytics service Google Analytics 4. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the user’s respective end device. It is not assigned to a user ID.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data sets collected and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Data transfer to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. Google is also certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.
IP anonymisation
IP anonymisation is enabled by default in Google Analytics 4. This means that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
Google Tag Manager
This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, provided these are implemented with Google Tag Manager.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analysing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/. Google is also certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR. Consent may be revoked at any time.
For more information about Google Conversion Tracking, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de
6. Newsletter
Newsletter data
If you would like to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time, for example via the ‘Unsubscribe’ link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or after the purpose ceases to apply. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit for storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.
7. Plugins and tools
WordPress
We use the WordPress content management system. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
WooCommerce
We use the open source shop system WooCommerce as a plugin within WordPress. This plugin is used to provide shop functionality on our website.
TrustedShops Trustbadge
The Trusted Shops Trustbadge (hereinafter also referred to as ‘Trustbadge’) is integrated into this website. The provider is Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
The Trustbadge is operated jointly by Trusted Shops and us. Trusted Shops is responsible for providing the Trustbadge and processes personal data in this context as an independent controller. We are responsible for triggering the loading of the Trustbadge and the data processing operations carried out in this context.
When the Trustbadge is called up, the web server automatically stores a so-called server log file, which contains your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not evaluated and is automatically deleted at the latest seven days after the end of your visit to the site.
Further personal data is transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered to use a product is automatically checked using a neutral parameter, the email address hashed by a cryptological one-way function. Before transmission, the email address is converted into a hash value that cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.
This is necessary to safeguard our legitimate interests, which prevail in the context of a balancing of interests, in providing the services associated with the Trustbadge and optimising the marketing of our offering in accordance with Art. 6(1)(f) GDPR. Consent to the use of the Trustbadge can be revoked at any time with future effect.
Further information on data processing by Trusted Shops can be found in the privacy policy: https://www.trustedshops.de/impressum/#datenschutz
8. Payment providers
Stripe
We use the payment service provider Stripe on our website. For customers within the EU, Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible.
If you choose a Stripe payment method, payment processing will be handled by the Stripe payment infrastructure. The data necessary for transaction processing (e.g. name, address, bank/credit card details, device and browser data) will be transferred to Stripe. The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.
Stripe also uses the transferred personal data for its own purposes, e.g. to combat fraud, improve its own services and for marketing purposes. For more information on data processing by Stripe, please refer to the privacy policy at: https://stripe.com/de/privacy
Data transfer to the United States is based on the EU Commission’s standard contractual clauses. Stripe is also certified under the EU-US Data Privacy Framework.