This Privacy Policy describes how www.apodep.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Contact

We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is E35 SHOP GmbH. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at shop@apodep.com or by mail using the details provided below: E35 SHOP GmbH, Schloss Rohrau 1 /7 (Innenhof), 2471 Rohrau, Austria

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and the information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why. Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

• Device information
• Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
• Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
• Disclosure for a business purpose: shared with our processor Shopify.
• Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
• Order information
• Purpose of collection: to provide products or services to you to fulfill our contract, process your payment information, arrange for shipping, provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Shopify. In order to process your order, we also work together with the service provider(s) for payment and shipping mentioned in the section "Sharing personal Information" here below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the information here below.
• Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers and PayPal, email address, and phone number.
• Data Processing When Opening a Customer Account and for Contract Processing
• Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or another lawful request for information we receive, or to otherwise protect our rights.
• In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
  Passing on Personal Data to Shipping Service Providers
  - Austrian Post
  If delivery of goods takes place by the transport service provider Austrian Post (Austrian Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will pass on your e-mail address to Austrian Post in accordance with Art. 6 (1) point a GDPR, prior to delivery of the goods, for the purpose of coordinating a date of delivery or of a notice about the shipment status, only if you have given your express consent during the ordering process. Otherwise, only the name of the recipient and the delivery address will be passed on to Austrian Post for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior agreement on the delivery date with the Austrian Post or transmission of status information for shipment delivery is not possible.
  The consent can be revoked for future deliveries at any time, either with the controller or with the transport service provider Austrian Post.
  - FedEx
  If delivery of goods takes place by the transport service provider FedEx (FedEx Express Germany GmbH, Langer Kornweg 34 k,65451 Kelsterbach)), we will pass on your e-mail address to FedEx in accordance with Art. 6 (1) point a GDPR, prior to delivery of the goods, for the purpose of coordinating a date of delivery or of a notice about the shipment status, only if you have given your express consent during the ordering process. Otherwise, only the name of the recipient and the delivery address will be passed on to FedEx for the purpose of delivery in accordance with Art. 6 (1) point b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior agreement on the delivery date with FedEx or transmission of status information for shipment delivery is not possible.
  The consent can be revoked for future deliveries at any time, either with the controller or with the transport service provider FedEx.
  Use of Payment Service Providers
  - Apple Pay
  If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to release payment, it is, therefore, necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your terminal.
  For the purpose of payment processing, your information provided during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website from which the purchase was made can access the payment information. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment.
  If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
  Apple retains anonymized transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymisation completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
  When you use Apple Pay on iPhone or the Apple Watch to complete a purchase made through Safari on Mac, the Mac, and the authorization device communicates through an encrypted channel on Apple's servers. Apple does not process or store this information in any format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone preferences. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac".
  For more information about Apple Pay privacy, please visit the following web address: https://support.apple.com/en-gb/HT203027
  - Google Pay
  If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited at Google Pay or a payment system verified there (e.g. PayPal). For the release of payment via Google Pay in the amount of more than 25,- € the prior unlocking of your mobile device by the respective verification measure (e.g. face recognition, password, fingerprint, or pattern) is required.
  For the purpose of payment processing, your information provided during the ordering process, together with the information about your order, will be forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify a payment. This transaction number does not contain any information about the real payment data of your means of payment deposited with Google Pay but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google acts merely as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.
  If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.
  Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant's location and description, a description provided by the merchant of the goods or services purchased, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
  According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the functionality of the Google Pay service.
  Google also reserves the right to combine the processed transaction data with other information which is collected and stored by Google when using other Google services.
  The terms of use of Google Pay can be found here:
  https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
  Further information on data protection at Google Pay can be found at the following Internet address:
  https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
  - Klarna
  If the payment method "Klarna invoice purchase" or (if offered) the payment method "Klarna Installment Purchase" is selected, payment is processed by Klarna AB (publ )[https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable payment to be processed, your personal data (first and last name, street, house number, postcode, city, gender, e-mail address, telephone number, and IP address), as well as data related to the order (e.g. B. Invoice amount, article, delivery type), is forwarded to Klarna for the purpose of identity and creditworthiness check, provided you have expressly consented to this in accordance with Art. 6 (1) point a GDPR within the ordering process. You can view to which credit agencies your data may be forwarded at: https://www.klarna.com/international/privacy-policy/
  The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on recognized scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received on the statistical probability of non-payment for a balanced decision on the establishment, implementation, or termination of the contractual relationship.
  You can revoke your consent at any time by sending a message to the controller responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.
  - Paypal
  When you pay via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "purchase on account" or "payment by installments" via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 (1) point b GDPR and only insofar as this is necessary for payment processing.
  PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal, direct debit via PayPal or, if offered, "purchase on account" or "payment by installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency pursuant to Art. 6 (1) point f GDPR. PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on recognized scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal's data protection declaration at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
  You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
  - Paypal Checkout
  This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third-party providers.
  When paying via PayPal, credit card via PayPal, direct debit via PayPal, or - if offered - "Pay Later" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.
  For the payment methods, credit card via PayPal, direct debit via PayPal, or - if offered - "pay later" via PayPal - PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
  If you select the PayPal payment method "purchase on account", your payment data will first be transmitted to PayPal in preparation for payment, whereupon PayPal will forward this data to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") in order to process the payment. The legal basis in each case is Art. 6 para. 1 lit. b GDPR. In this case, RatePay carries out an identity and creditworthiness check on its own behalf to determine solvency in accordance with the principle already mentioned above and passes on your payment data to credit agencies on the basis of the legitimate interest in determining solvency in accordance with Art. 6 Para. 1 lit. f GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
  If you use the payment method of a local third-party provider, your payment data will first be passed on to PayPal in preparation for the payment in accordance with Art. 6 para. 1 lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider in order to carry out the payment in accordance with Art. 6 Para. 1 lit. b GDPR:
  - Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
  - iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
  - giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
  - bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
  - blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
  - eps (STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Frankgasse 10/8, 1090 Vienna, Austria)
  - MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
  - Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
  For further information on data protection, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
  - Shopify Payments
  We use the payment service provider "Shopify Payments", 3rd Floor, Europe House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment is processed by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will forward the information you have provided in connection with your order (name, address, account number, sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) point f GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary. You can view Shopify Payments' privacy policy at: https://www.shopify.com/legal/privacy.
  You can view more information about the privacy policy of Stripe Payments Europe Ltd. at: https://stripe.com/en-de/privacy.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
• We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt-out of targeted advertising by:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

Using Personal Information

We use your personal information to provide our services to you, which include: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

• Your consent;
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
• Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

 

Your rights

GDPR

Rights of the Data Subject

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, port it to a new service, and ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. 

The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

- Right of access by the data subject pursuant to Art. 15 GDPR: You shall have the right to receive the following information: The personal data processed by us; the purposes of the processing; the categories of processed personal data; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject; the appropriate safeguards pursuant to Article 46 when personal data is transferred to a third country.

- Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and/or the right to have incomplete personal data completed which are stored by us.

- Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR: You have the right to obtain from the controller the erasure of personal data concerning you if the conditions of Art. 17 (2) GDPR are fulfilled. However, this right will not apply to exercising the freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain from the controller restriction of processing your personal data for the following reasons: As long as the accuracy of your personal data contested by you will be verified. If you oppose the erasure of your personal data because of unlawful processing and request the restriction of their use instead. If you require the personal data for the establishment, exercise, or defense of legal claims, once we no longer need those data for the purposes of the processing. If you have objected to processing on grounds relating to your personal situation pending the verification of whether our legitimate grounds override your grounds.

- Right to be informed pursuant to Art. 19 GDPR: If you have asserted the right of rectification, erasure, or restriction of processing against the controller, he is obliged to communicate to each recipient to whom the personal data has been disclosed any rectification or erasure of personal data or restriction of processing unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

- Right to data portability pursuant to Art. 20 GDPR: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to require that those data be transmitted to another controller, where technically feasible.

- Right to withdraw a given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent for the processing of personal data at any time with effect for the future. In the event of withdrawal, we will immediately erase the data concerned, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

- Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

RIGHT TO OBJECT

IF WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH IS USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.

Hosting & Content Delivery Network

- Hosting by Shopify

We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our instructions. All data collected on our website is processed on Shopify's servers. Within the scope of the aforementioned Shopify services, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. for further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequate decision of the European Commission.

For more information on Shopify's privacy policy, please visit the following website: https://www.shopify.com/legal/privacy

Further processing on servers other than the aforementioned servers of Shopify will only take place within the scope of the following information.

- Cloudflare

On our website, we use a content delivery network ("CDN") of the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A Content Delivery Network is an online service used to deliver large media files (such as graphics, page content, or scripts) through a network of regionally distributed servers connected via the internet. The use of Cloudflare's content delivery network helps us to optimize the loading speeds of our website.

The processing takes place in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website.

For more information about Cloudflare's privacy policy, please visit https://www.cloudflare.com/privacypolicy/

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are frequent visitors.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

For more information on how we deal with the cookies which we use to optimize your experience on our Site and to provide our services, please consult our Cookie Policy.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Using the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Art. 6 (1) point GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for the processing is Art. 6 (1) point c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user's consent.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:

- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

- Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

- Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if cookies are not accepted.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Social Media

Facebook

Our website employs components provided by facebook.com. Facebook is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). These Plugins are marked with a Facebook-Logo. An overview of the Facebook Plugins and how they look like, you can find here: https://developers.facebook.com/docs/plugins/

1) Information about the collection of personal data and contact details of the person responsible

1.1 In the following we inform you about the handling of your personal data. Personal data is all data with which you can be personally identified.

Please check carefully what personal data you share with us via Facebook. As long as you are logged into your Facebook account and visit our Facebook profile, Facebook can assign this to your Facebook profile. We expressly point out that Meta, as the operator of Facebook, stores the data of its users (e.g. personal information, IP address, etc.) and may also use this for business purposes. You can find more information about data processing by Facebook in Facebook's privacy policy at https://de-de.facebook.com/policy.php.

We have no influence on data collection and further processing by Facebook. Furthermore, it is not clear to us to what extent, where and for how long the data is stored by Facebook, to what extent Facebook fulfills existing deletion obligations, which evaluations and links with the data are carried out by Facebook and to whom the data is passed on by Facebook will. If you would like to prevent Facebook from processing personal data that you have sent to us, please contact us by other means. Our complete contact details can be found in our imprint on Facebook.

1.2 The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is E35 SHOP GmbH, Schloss Rohrau 1/7 (inner courtyard), 2471 Rohrau, Austria, Tel.: +43 2164 28163, email: info@e35shop.com , insofar as we exclusively process the data you transmit to us via Facebook ourselves.

Insofar as the data you transmit to us via Facebook is also or exclusively processed by Meta as the operator of Facebook (Insights data), Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR). In this respect, data processing takes place on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR, which you can view here:

https://www.facebook.com/legal/terms/page_controller_addendum.

Furthermore, an additional agreement between us and Meta Platforms Ireland Ltd applies to the use of certain Facebook products, such as the so-called "Facebook Business Tools", and to the data processing carried out as a result. as joint controller according to Art. 26 GDPR, which can be viewed here:

https://www.facebook.com/legal/controller_addendum

The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2) Data Protection Officer

You can contact the data protection officer of Meta as the operator of Facebook using the online contact form provided at https://www.facebook.com/help/contact/540977946302970.

3) Data processing when contacting you

3.1 We collect personal data ourselves if you e.g. B. contact us via contact form or messenger. You can see which data we collect when you contact us via the contact form from the relevant contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Article 6 (1) (f) GDPR. If you contact us with the aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been processed, provided there are no legal storage requirements to the contrary. We assume a final processing if it can be inferred from the circumstances that the matter in question has been finally clarified.

3.2 Contact via WhatsApp

If you contact us via WhatsApp on the occasion of a specific transaction (e.g. an order placed), we will save and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Article 6 Paragraph 1 lit. b. DSGVO for processing and answering your request. On the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or e-mail address) in order to be able to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries (e.g. about the range of services, availability or our website), we will save and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit . f GDPR on the basis of our legitimate interest in the efficient and timely provision of the desired information.

Your data will always only be used to answer your request via WhatsApp. A disclosure to third parties does not occur.

Please note that WhatsApp has access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. To operate our WhatsApp account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have also contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact details are stored in our address book, when using the app on their device for the first time, by accepting the WhatsApp terms of use in the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 Paragraph 1 lit. a GDPR has consented. A transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

The purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your rights in this regard and setting options for protecting your privacy can be found in WhatsApp's data protection information: https://www.whatsapp.com/legal/?eea=1# privacy policy

Instagram

1) Information about the collection of personal data and contact details of the person responsible

1.1 In the following we inform you about the handling of your personal data. Personal data is all data with which you can be personally identified.

Please carefully consider what personal information you share with us via Instagram. Instagram is part of the Meta group of companies and shares infrastructure, systems and technology with Meta and other Meta companies (https://www.facebook.com/help/111814505650678?ref=dp). We expressly point out that Meta stores the data of the users of its services (e.g. personal information, IP address, etc.) and may also use this for business purposes. For more information on how Meta data is processed by Instagram, see Instagram's privacy policy at https://help.instagram.com/help/instagram/519522125107875/

We have no influence on data collection and further processing by Meta. Furthermore, it is not clear to us to what extent, where and for how long the data is stored, to what extent Meta fulfills existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you wish to prevent Meta from processing personal data that you have submitted to us, please contact us by other means. Our complete contact details can be found in our imprint on Instagram.

1.2 The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is E35 SHOP GmbH, Schloss Rohrau 1/7 (inner courtyard), 2471 Rohrau, Austria, Tel.: +43 2164 28163, email: info@e35shop.com , insofar as we process the data you transmit to us via Instagram exclusively ourselves. Insofar as the data you transmit to us via Instagram is also or exclusively processed by Meta, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland is also responsible for data processing within the meaning of data protection law. General Regulation (GDPR).

The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

2) Data Protection Officer

You can contact Meta's data protection officer using the online contact form provided at https://www.facebook.com/help/contact/540977946302970.

3) Data processing when contacting you

We collect personal data ourselves if you z. B. contact us via contact form or messenger. You can see which data we collect when you contact us via the contact form from the relevant contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Article 6 (1) (f) GDPR. If you contact us with the aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been processed, provided there are no legal storage requirements to the contrary. We assume a final processing if it can be inferred from the circumstances that the matter in question has been finally clarified.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing, and - if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).

If personal data is processed on the basis of express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent.

If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after the expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in the further storage.

When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct marketing on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.

Last updated: August 2022