Privacy and Information Protection
Definitions of the terms used, such as “processing” or “personal data,” can be found in Article 4 of the GDPR.
Responsible is Gerhard Mairl
Legal basis, earmarking, storage time, data recipients
The legal basis for the processing of your personal data is the fulfillment of the contract, legitimate interests, the fulfillment of our legal obligations, as well as your consent (e.g. cookies, newsletters, contact). Your personal data will be processed for the duration of the entire business relationship, as well as in accordance with the statutory retention guidelines and warranty periods.
Order processors who could gain access to your personal data in the course of their work, if this data is needed to perform their respective performance, have agreed to us in order to comply with the applicable data protection regulations. Contract processing contracts pursuant to Art. 28 GDPR were concluded.
Webshop – Data storage
We would like to point out that for the purpose of a simpler purchase process, and for the subsequent processing of the contract by Herba-Onlineshop, the IP data of the connection owner is stored, as well as the name, address, email address and payment transactions of the buyer. The data you provide is required to fulfil the contract or to carry out pre-contractual measures. Without this data, we will not be able to conclude the contract with you. Data is not transferred to third parties, with the exception of the transfer of the data required for payment to the processing bank institution/payment service providers for the purpose of debiting the purchase price, to the shipping company contracted by us to the Delivery of the goods as well as to our tax advisor to meet our tax obligations. After the cancellation of the purchase process, the data stored with us will be deleted. In the event of a conclusion of the contract, all data from the contractual relationship will be stored until the expiry of the tax retention period (7 years). The dates name, address, purchased goods and date of purchase are also stored until the end of the product liability (10 years). Data processing is carried out on the basis of the statutory provisions of § 96 (3) TKG and Art 6 (1 lit a) and/or lit b (necessary for the fulfillment of the contract) GDPR.
Information entered in the contact form is transmitted, processed and stored for processing via our mail server. Without your consent form, this data will not be collected or shared. The data processing is based on Art 6 (1 lit a) (consent) GDPR, as well as § 96 (3) TKG.
Our website uses functions of the web analytics service Google Analytics of Google LLC. Cookies are used to analyze the use of our website by our visitors. The resulting information is transferred to the provider’s server and stored there. The cookie acceptance/rejection can be set in the internet browser. We have entered into a corresponding contract with the provider for order data processing. The provider is committed to comply with applicable data protection regulations. For more information on the contract processors we have commissioned, please contact firstname.lastname@example.org. Your IP address will be collected, but immediately anonymized by IP masking. As a result, only rough localization is possible. The relationship with the web analytics provider is based on the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission. Data processing is carried out on the basis of the statutory provisions of § 96 (3) TKG and Art 6 (1 lit a) and f (legitimate interest) GDPR. User data will be kept for 14 months.
Registration for our newsletter is voluntary by submitting the email address to our online shop. In order to provide you with information in a targeted manner, we also collect and process voluntarily provided information about birthday and postcode. You can deduct the receipt of newsletters at any time by e-mail to email@example.com. Data processing is carried out on the basis of the statutory provisions of § 96 (3) TKG and Art 6 (1) lit a (consent) GDPR.
You have the right to information from the person responsible at all times about the personal data in question. To the extent that there is no legal retention requirement, you have the right for deletion of your data as well as object to processing. You also have the right to correct the data and to restrict processing, to data portability and to revoke your consent. If you believe that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria, this is the data protection authority, Wickenburggasse 8-10, 1080 Vienna, firstname.lastname@example.org.
You can contact us using the following methods:
Herba-Onlineshop Gerhard Mairl, Phone +43(0)660 5061488, email@example.com