Data protection

DATA PROTECTION
Status: 07/01/2020

Data protection responsibility
Ursula Vilis, sole proprietorship Wiener Schoko Mädl, Wollzeile 34, 1010 Vienna (hereinafter referred to as the seller) is responsible for the data processing associated with the use of the website (Art. 4, line 7 of the General Data Protection Regulation or “GDPR”).

You can find our contact details in the legal notice and in the terms and conditions.

Orders in the online shop

purpose
The seller collects and processes the buyer’s data as part of the product order in the online shop (with or without registration). If the billing / delivery address is different, it can also involve data from third parties. These data include: name, date of birth, delivery / pick-up and billing address, shopping cart, order content, billing data, payment data, etc. to enable the purchase of our products in the online shop.

In addition, the seller processes the above order data to carry out evaluations for marketing purposes (e.g. personalization of any subscribed newsletter).

Legal basis
The processing of your data is necessary for the conclusion and fulfillment of online sales contracts (Art. 6 Para. 1 lit. b GDPR) as well as for the fulfillment of legal storage obligations (Art. 6 Para. 1 lit. c GDPR).

Insofar as the seller processes data for the purpose of carrying out evaluations for marketing purposes, this is done on the basis of the legitimate interests of the seller in the best possible marketing of our online shops and services (Art. 6 Para. 1 lit. f. GDPR).

Storage / deletion
The buyer’s data are generally stored until the customer account is deactivated, provided that statutory retention requirements do not prevent deletion and the data are not required in individual cases to defend or enforce legal claims. The data relating to the individual orders and transactions are stored in accordance with the statutory retention requirements and at least for a period of seven years.

receiver
The seller forwards the buyer’s data necessary for payment processing to the payment service provider selected by him. The seller forwards the data required for delivery to the logistics partner.

Creation of a customer account / registration in the online shop

purpose
If you have created a customer account, the seller collects and processes the buyer’s data for the purpose of creating a customer account on the basis of the buyer’s consent (Art. 6 Para. 1 lit. a GDPR).

The buyer has the right to revoke his / her consent at any time free of charge by deactivating the customer account by sending an email to: office@wienerschokomaedl.at. Thereafter, the buyer data will continue to be stored on the basis of legitimate interests for documentation purposes (Art. 6 Paragraph 1 lit. f GDPR).

Storage / deletion
The buyer data is generally stored until the customer account is deactivated and then for a period of two years, provided that statutory retention requirements do not prevent deletion and the data is not required in individual cases to defend or enforce legal claims.

Other functions in the online shop

Legal basis
The data processing takes place for the implementation of (pre-) contractual measures (Art. 6 Para. 1 lit.b GDPR) or due to the legitimate interest of the seller to display relevant and interesting products for the buyer and to provide the buyer with useful functionalities (Art. 6 para. 1 lit.f GDPR).

Storage / deletion
The buyer’s data is generally stored until the customer account is deactivated and then for a period of two years, unless statutory retention requirements prevent deletion and we do not need the data in individual cases to defend or enforce legal claims.

receiver
In the case of payment by credit card, PayPal or bank transfer, the customer data will be forwarded to the companies Stripe, PayPal and Klarna and their data protection provisions apply.

Newsletter

purpose
The e-mail address provided by the buyer will be processed by the seller for the purpose of sending the respective subscribed newsletter.
Any information you provide voluntarily and data from orders in the online shop (see point 1) are processed by the seller with the purpose of providing the buyer with targeted information. These data include:
– Personal address in the newsletter (title, name)
– Birthday newsletter (date of birth)
– Transmission of content that is specifically relevant to you through segmentation by postcode, gender, and last order date.

The information voluntarily provided by the buyer can be viewed, changed, supplemented or deleted at any time by clicking on “Change data” in the respective newsletter. In addition, the performance of the newsletter can be read by opening the newsletter (yes / no) (“opening rate”), information about which articles in the newsletter were clicked on (“click behavior”) and information about the technical delivery of the newsletter (“bounces”) , e.g. undeliverability due to an incorrect e-mail address). This data is generated by the system.

Legal basis
The processing of the buyer data e.g. E-mail address is based on the consent given in accordance with Section 107 of the Telecommunications Act and Art. 6 Para. 1 lit. a GDPR. The buyer has the right to revoke this consent at any time free of charge. In order to declare the revocation, please click on the unsubscribe link in the respective newsletter or write an email to: office@wienerschokomaedl.at

We base the processing of the voluntarily provided information and the collection of data for performance measurement on the legitimate interests of Mag. Ursula Vilis, sole proprietorship Wiener Schoko Mädl. Wollzeile 34, 1010 Vienna, for marketing purposes; Art. 6 para. 1 lit. f GDPR. After unsubscribing from the newsletter, your declaration of consent will continue to be stored on the basis of legitimate interests (Art. 6 Paragraph 1 lit. f GDPR).
The legitimate interests of the seller consist in the necessary documentation of the given consent for evidence purposes. The buyer provides his data to the seller voluntarily, without any legal or contractual obligation. However, the processing of the email address is necessary in order to be able to send the respective newsletter. Failure to provide the email address means that newsletters cannot be sent. Failure to provide “voluntary information” means that the buyer cannot be supplied with targeted information, but non-targeted information is still transmitted.

Storage / deletion
The buyer’s cancellation of the newsletter is automatically recorded in the newsletter database. This note ensures that no further newsletters will be sent from the time you unsubscribe. The final deletion of the data takes place within three months calculated from the date of your cancellation, provided that statutory retention requirements do not prevent deletion and the seller does not need the data in individual cases to defend or enforce legal claims.
The consent given to receive the newsletter will be stored for a period of 12 months after you unsubscribe from the newsletter. Performance measurement data is stored for a period of up to one year and then anonymized.

Cookies

You can find all information about cookies here:

Definition of cookies
Cookies are small text files that are downloaded and saved by the buyer’s browser when you visit our website for the first time. When you visit this website again with the same device or browser, the cookie and the information stored in it are either sent back to the respective website that generated it (first-party cookie) or sent to another website to which it belongs (third-party cookie ). This recognizes that the website was called up with the respective browser and changes the display of content with this status. This means that cookies remember e.g. to preferences of the buyer, communicate how the buyer uses a page and adjust the displayed offers to some extent individually.

Functionally necessary cookies
Absolutely necessary, so-called functionally necessary cookies, guarantee the functionality of the website, are used exclusively by the seller and are only stored on your computer during the current browser session. Examples of the use of functionally necessary cookies:

• Storage of your decision regarding the use of cookies on our website
• Assignment of the correct articles in the shopping list
• Login to the websites

The data processing activities that take place through the use of cookies are based on the seller’s interest in providing a fully functional website and the services you require (Art. 6 Paragraph 1 lit. f GDPR, Section 96 Paragraph 3 TKG).
Functionally necessary cookies can be deactivated via the browser settings. However, the seller points out that in this case they may not be able to use all the functions of this website to their full extent.

Non-essential cookies
In addition, we use the following cookies on the basis of any consent given by the buyer (Art. 6 Paragraph 1 lit. a GDPR, Section 96 Paragraph 3 TKG). These are not absolutely necessary to be able to use the website, but they still fulfill important tasks. Without these cookies, functions that enable comfortable surfing on the website are no longer available. Settings made by the buyer cannot be saved and must therefore be requested again on every page. Furthermore, the seller no longer has the opportunity to respond to the buyer with individually tailored offers.

The buyer can revoke his consent at any time by pressing the slider or via the browser settings (see below).

Statistics cookies
Statistics cookies help us to understand how visitors interact with our websites by collecting pseudonymised information on website usage by visitors.

Marketing cookies
Marketing cookies are used to show you personalized content that matches your interests. Personalization is done by tracking user behavior across websites using cookies.

Your cookie settings on this website
You can (de) activate non-essential cookies at any time by pressing the slider.
If you want to completely block or restrict cookies, you can make the changes in the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
The procedures for managing and deleting cookies on the browser side can be found in the help function integrated in the respective browser. Further information can be found under the following links:

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox:
https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverendung-desktop?redirectlocale=de&redirectslug=cookies-erlauben-und-ablehnen
Chrome:
https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari:
https://support.apple.com/de-at/guide/safari/sfri11471/mac
Opera:
https://help.opera.com/de/latest/web-preferences/

Manage and delete cookies
If you want to completely block or delete cookies, you can make these changes in the browser settings of your Internet browser. The procedures for managing and deleting cookies can be found in the help function integrated in the browser. However, the seller points out that in this case they may not be able to use all the functions of this website to their full extent.

Visiting the websites

purpose
Every time you use our website, we collect the data that your browser transmits to our server. These are the following:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– content of the request (specific page)
– Access status / HTTP status code
– Amount of data transferred in each case
– Website from which the request came
– browser
– Operating system and its interface
– Language and version of the browser software
The collection and processing of this data is used to display the website to the user.

Legal basis
The legal basis for this data processing is our legitimate interest (Art. 6 Para. 1 lit. f GDPR). The data processing is technically necessary to display the website and to ensure its stability and security.

Storage / deletion
The data is stored for a maximum of 7 days to detect and track abuse and then deleted.

Data security
The information cannot be read by unauthorized persons while it is being transmitted over the Internet.
During encryption, the characters you enter are converted into a code that can be securely transmitted over the Internet. Credit card details and payment methods are not stored permanently. This data will be deleted as soon as the order process is completed.

Legal appeal
The buyer has the right to information (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection (Art. 21 GDPR). If the data processing is based on the consent of the buyer, this can be revoked at any time. However, the legality of the processing carried out on the basis of the consent up to the point of revocation is not affected by the revocation. To declare the revocation, please click on the unsubscribe link in the respective newsletter or contact: office@wienerschokomaedl.at

If you are of the opinion that the processing of your personal data violates the GDPR, please do not hesitate to inform us of your concerns. For contact details please see terms and conditions. In such cases, you also have the right to lodge a complaint with a supervisory authority.