Privacy policy

1. Contact information of Responsible

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:


DI Wolfgang Habian
Aggsbach Markt 152
3641 Aggsbach Markt
Tel.: +43 670 559 53 80
E-Mail: office@zick-zack.at

2. General information on data processing


2.1 Scope of processing of personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

2.2 Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 Paragraph 1 lit. b
GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

2.3 Data Deletion and Retention Period

We only store your personal data in accordance with Article 5 Paragraph 1 Letter e GDPR for as long as it is necessary for the respective purpose. The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. If you have given us your express consent in accordance with Article 6 (1) (a) GDPR, your data will be stored until you object to data processing. If data processing is necessary to protect the legitimate interests of the person responsible or a third party and the interests or fundamental rights and freedoms of the data subject do not prevail (Art. 6 Para. 1 lit. f GDPR), the data will be stored until the right to object according to Art. 21 Para. 2 DSGVO is exercised.

3. Provision of the website and creation of log files


3.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected here:

  • Information about the browser type and version used
  • The user's operating system
  • The IP address of the user
  • Date and time of access

  • Websites from which the user's system accesses our website

  • Websites accessed by the user's system through our website


This data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.



3.2 Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) (f) GDPR.



3.3 Purpose of data processing


The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes.


4. Hosting

We use the shop system of Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of hosting and displaying the online shop on the basis of a processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data can also be sent to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments or Shopify (USA ) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission’s adequacy decision ensures the appropriate level of data protection.

Further information on Shopify's data protection is available on the following website: https://www.shopify.de/legal/datenschutz. Further processing on servers other than those of Shopify mentioned above only takes place within the scope communicated below.


5. Use of Cookies

5.1 Description, scope and purpose of data processing

Cookies are used on our site to enable certain functions and to make the website more user-friendly. These are data sets that are stored on the user's device when the website is accessed. Cookies are used that are deleted after the browser is closed, as well as those that are retained to identify the browser when the site is called up later. When cookies are set, they store certain user information (browser, location data and IP addresses).

When you visit our website, you will be informed by an info banner about the use of cookies and your consent to the processing of the personal data used in this context will be obtained. Information on the storage period of the cookies can be found in the cookie settings of your respective web browser. There you also have the option of defining how cookies should be handled. Cookies that have already been saved can be deleted at any time.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies (e.g. shopping cart). For these it is necessary that the browser is recognized even after a page change. In addition, cookies enable us to improve the quality of our website and the content. Our legitimate interest in the processing of personal data in accordance with Article 6 (1) (f) GDPR also lies in these purposes.

 

5.2 Legal Basis for Using Cookies

The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 lit. f GDPR. If cookies are set as part of the order processing, this is done in accordance with Article 6 (1) (b) GDPR. The legal basis for the processing of personal data using cookies in order to offer optimal user-friendliness and the best possible range of functions is Article 6 (1) (a) GDPR if the user has given their consent.

6. Contact form and email contact

6.1 Description, scope and purpose of data processing

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. At the time the message is sent, the user's IP address and the date and time of registration are also saved.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data that was saved in the course of making contact will be deleted in this case.

6.2 Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.
The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

 

7. Registration of a customer account and contract processing

7.1 Description, scope and purpose of data processing


On our website we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The scope of the stored data can be seen from the corresponding input forms. At the time of registration, the user's IP address and the date and time of registration are also saved.

Registration of a customer account is required for the provision of certain content and services on our website (overview of past orders). In order to process an order, the details of the contractual partner's personal data are absolutely necessary in order to be able to fulfill the contract.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if you cancel or change the registration on our website. This is the case during the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to collect personal data from the contractual partner
to store exist in order to comply with contractual or legal obligations.

To delete your customer account and change or delete your stored personal data, please contact the person responsible above or use the integrated app to implement the GDPR.

7.2 Legal basis for data processing

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent.

If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.

 

8. Order Processing

If it is necessary for delivery and payment purposes, the personal data collected will be passed on to the commissioned transport company and the commissioned payment processor in accordance with Article 6 (1) (b) GDPR.

When processing orders, we work with the following service providers and transmit the personal data required in each case to them:

8.1 Shipping service provider:

  • Austrian Post (Österreichische Post AG, Rochusplatz 1, 1030 Vienna, Austria)
    For the purpose of delivery in accordance with Article 6 (1) (b) GDPR, we pass on the name and delivery address of the recipient to Austrian Post, provided that we have selected this as the transport service provider. In order to coordinate the delivery date or to provide status information about the delivery, your e-mail address will also be sent to the Austrian Post. The consent to the transfer can be revoked for future order processing to the data protection officer mentioned above or to the Austrian Post.
  • DPD (DPD Germany GmbH, Wailandtstrasse 1, 63741 Aschaffenburg)
    For the purpose of delivery in accordance with Article 6 Paragraph 1 Letter b GDPR, we pass on the name and delivery address of the recipient to DPD if this company has been selected by us as the transport service provider. In order to coordinate the delivery date or to be able to provide status information about the delivery, your e-mail address will also be sent to DPD. The consent to the transfer can be revoked for future order processing to the above-mentioned data protection officer or to DPD.

 

8.2 Payment service providers:

  • Shopify Payments
    We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. The following payment methods are offered via Shopify Payments: EPS transfer, MasterCard, Maestro, Visa. If you decide to use a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will send your information during the ordering process Pass on information along with information about your order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Shopify Payments' privacy policy, visit the following web address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy.

 

  • PayPal
    We also offer the option of making payment via the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer of personal data takes place in accordance with Article 6 Paragraph 1 Letter b GDPR to the extent necessary for payment processing. PayPal reserves the right to carry out a credit check. For this purpose, payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of PayPal's legitimate interest in the solvency of its customers. Several factors are taken into account using mathematical-statistical methods, including the address data. The provision of the respective payment method at PayPal is influenced by the result of this credit check. PayPal's data protection declaration provides further data protection details: https://www.paypal.com/de/webapps/mpp/ua/privacy-full#6

  • Apple Pay
    Payment with "Apple Pay" is processed by Apple Distribution International ("Apple"), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, with processing being processed via the "Apple Pay" function of a device running iOS, watchOS or macOS becomes. To do this, you have deposited a payment card with "Apple Pay", which will be charged.
    To process the payment, the information transmitted as part of the order as well as information about the order is passed on to Apple in encrypted form. If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR. You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027.
  • Google Pay
    Payment via the "Google Pay" payment method is carried out by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). In this case, payment is processed via the “Google Pay” application on your mobile device. A payment card stored with Google Pay or a payment system verified there (e.g. PayPal) will be charged. In order to process the payment, the information you provide during the ordering process and the information about your order will be passed on to Google.
    If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
    Google reserves the right to process additional transaction-specific information (date, time and amount of the transaction, merchant location and description, a description of the goods provided by the merchant, attached photos, name and email addresses of the seller and the buyer, the payment method used, any given reason for the transaction and, if applicable, the offer associated with the transaction.
    According to Google, this processing takes place exclusively in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and maintenance of the functions of the Google Pay service.
    Google also reserves the right to merge the recorded transaction data with other information that is collected and stored by Google when using other Google services.
    The Google Pay Terms of Service can be found here:
    https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
    Further information on data protection with Google Pay can be found at the following Internet address:
    https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

9.Tools

  • Google reCAPTCHA
    This website uses the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is used to check whether an entry is made by a natural person or whether it is misused by machine and automated processing. The IP address and any other data required by Google for the reCAPTCHA service will be transmitted to Google. This transmission takes place in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in avoiding misuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.

    More information about Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/.

    We obtain your consent to the processing of your personal data for the above-mentioned purposes in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. Deactivate this service in the cookie consent banner provided on the website to exercise your revocation.
  • Pinterest tags, widgets and buttons
    We also use Pinterest tags, widgets and buttons from Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA on our website. In Europe, Pinterest is represented by the company Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland and is responsible for data protection issues in Europe. We use Pinterest to be able to provide images and information to those interested in our products on this widespread platform. This legitimate interest also represents a legal basis for the use of this service in accordance with Art. 6 Para. 1 lit. button), search history, date and time of access and cookie data. For Pinterest users, this data can also be used for Pinterest advertising purposes. Pinterest also processes data in the USA, whereby Pinterest uses standard contractual clauses (Article 46 (2) and (3) GDPR), according to which the company undertakes to comply with European protection standards.

    More information about Pinterest and the privacy policy can be found at: https://policy.pinterest.com/de/privacy-policy.

    We obtain your consent to the processing of your personal data for the above-mentioned purposes in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. Deactivate this service in the cookie consent banner provided on the website to exercise your revocation.

 

  • App for exercising rights under the GDPR (cookie-consent banner, data corrections and data deletion)
    The app, which supports you in exercising your rights under the GDPR, collects your IP and email address in order to process your requests. You can find more information about this here: https://gdprcdn.b-cdn.net/pages/privacy_policy

    As part of the cookie consent banner, you have the option of agreeing to the processing of your personal data for the above-mentioned purpose in accordance with Article 6 (1) (a) GDPR. Your consent can be revoked at any time.
  • Facebook and Instagram
    Zick-Zack is also present on the Facebook and Instagram platforms of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Corresponding links to these platforms can be found at the end of this website. We do not share any personal data from this website with Facebook or Instagram.

    The Zick-Zack profile pages on Facebook and Instagram are provided by Meta Platforms and administrated by us via a user account. The goal is to present the product in a zigzag fashion and to get in touch with potential customers. When accessing the profile pages, anonymous insights data is collected, which allows us to make statistical evaluations of the use of the profiles. In addition, personal data is also processed. The operator of this site and Meta Platforms are responsible for this processing within the meaning of Art. 26 GDPR, whereby Meta bears primary responsibility for processing on the basis of a legal basis.

    If you wish to object to the processing of your data on the operator's Facebook and Instagram profile pages, please contact us using one of the contact options listed above. You can also object to data processing on the profile pages directly at Meta. It is then no longer possible to use the profile pages.

    The responsible data protection officer at Meta can be reached at the following link: https://www.facebook.com/help/contact/540977946302970.

    Information on Insights: https://www.facebook.com/legal/terms/information_about_page_insights_data.

    Please note that the Meta platforms use cookies. The setting of cookies can be restricted or prevented via the browser settings. Details on cookies on Facebook and Instagram can be found here: https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redirect&entry=0

10. Rights of the data subject

As a user of this website whose personal data is being processed, you have the following rights to information and intervention:

  • Right to information according to Art. 15 GDPR
  • Right to rectification according to Art. 16 GDPR
  • Right to restriction of processing in accordance with Art. 18 GDPR
  • Right to erasure according to Art. 17 GDPR
  • Right to information according to Art. 19 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR
  • Right to complain according to Art. 77 GDPR


You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR.

The person responsible will then no longer process the personal data relating to you, unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

To exercise your rights, contact the responsible person.

As the supervisory authority in Austria, the data protection authority is responsible for complaints in connection with the General Data Protection Regulation.