This privacy policy was last updated on May 25, 2018. Bernd Serafin Thaler reserves the right from time to time to update or amend this Privacy Policy.

The present version is published in English for convenience purposes only. In case of any discrepancies between this version and the German version, the German version shall prevail.

Privacy Policy

A. GENERAL INFORMATION
I. Name and address of the controller
B. DATA PROCESSING PROCEDURES
I. Provision of the website
II. Data processing when using our online shop
III. Use of cookies
IV. Contact form and e-mail address
C. RIGHTS OF PERSONS AFFECTED
D. MISCELLANEOUS
I. Scope of your duty to provide personal information
II. Forwarding to third parties

A. GENERAL INFORMATION

I. Name and address of the responsible person

For the purposes of the General Data Protection Regulation, the national data protection laws in the EU Member States and other data protection provisions, the controller of the Bernd Serafin Thaler Online Shop is:

Bernd Serafin Thaler
Siebenbrunnengasse 88/1/11
1050 Vienna
Austria
E-Mail: office@berndserafinthaler.com

B. Data Processing Procedures

I. Provision of the website

1. Description and scope of data processing
Where you use our website for purely informative purposes, that is, if you do not register with us or otherwise submit information, we collect only the personal information transmitted to our server by your browser when you visit our website:

– IP address (in anonymised, abbreviated form if applicable)
– Date and time of access
– Time zone difference
– Content of the request (specific page)
– Access status / HTTP-status code
– Volume of data transmitted
– Website from which the request originated
– Browser type
– Operating system and interface
– Language and version of the browser software

This data is also stored in our system logfiles. The data is not at any time stored together with other personal information. The anonymous data of the server-logfiles is stored separately from all personal information submitted by a data subject.

a) Third-party hosting services
In the course of order processing, a third-party service provider renders hosting services and services relating to the display of the website. This serves to safeguard our overriding legitimate interest in the correct display of our website. All data collected during the use of this website or submitted in the forms provided in the online shop as described below, are processed on its servers. Processing on other servers takes place only as described herein. The third-party service provider is based in an EU or EEA Member State.

2. Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
When you view our website, we collect the data stated in section 1. which is required for technical purposes in order to display our website correctly and to guarantee the stability and security of the system. Data is stored in logfiles in order to ensure the functionality of the website. In addition, this data helps us to optimise the website and to ensure the security of our IT-systems. These purposes also establish our legitimate interest in the data processing pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of data storage
The data is deleted as soon as it is no longer required for the attainment of the purpose for which it was collected. In the case of the collection of data required in order to correctly display the website, this is the case if the session has ended, i.e. when you leave our website.

5. Right to object and Right to have data removed or deleted
The recording of data for the provision of the website and the storage of data in logfiles is vital for the operation of the Internet site. Therefore, there is no option for the user to object to this.

II. Data processing when using our online shop

1. Description and scope of data processing

a) Purchase in the online shop
If you shop in the Bernd Serafin Thaler Online Shop, the following personal information can be collected, processed and used in order to process your order:
– Last Name
– First Name
– Invoice and delivery address
– E-mail address
– Telephone number
– Payment information

When your data is transmitted to us, it is encrypted using the latest security standard – SSL 256bit encryption (SSL = Secure Socket Layer). The security certificate is issued by AlphaSSL.

To ensure the best possible experience for our customers, as legally permitted, we share your personal information with other companies employed by us as order processors exclusively for the proper performance of the contract and only to the extent necessary. We furthermore ensure that your data is at all times processed only in accordance with our instructions.

b) Payment method
Credit cards, PayPal and SofortBanking Data is not stored, but is instead collected and processed by our payment service provider, “mPay24”. We use technical and organisational measures to secure our website and other systems against the loss, destruction, unauthorised access, alteration or dissemination by unauthorised persons of your personal information.

c) Customer account
Your customer account can only be accessed by entering your personal password. You should always keep your log-in information confidential and close the browser window once you have finished using our website, in particular if you are viewing the website from a shared computer.

d) Parcel tracking
After placing an order through our online shop, you will be sent status updates from the carrier of your parcel. To this end, we provide your e-mail address to the UPS Speditionsgesellschaft m.b.H., Cargo Nord, Objekt 1, 1300 Wien Flughafen, Austria, which are bound by law to comply with data protection requirements. To object to this, simply send an e-mail to the following address: office@berndserafinthaler.com

2. Legal basis for data processing
a) The legal basis for the processing of your data in the course of placing an order and shopping in our online shop is Art. 6 para. 1 lit. b GDPR.
b) The legal basis for the transmission of your data to external payment services providers is Art. 6 para. 1 lit. a and b GDPR.
c) The legal basis for the parcel tracking is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing
a) We use the personal information transmitted to us in the course of your use of our online shop to initiate and process purchase contracts concluded via the online shop, as well as for customer service and support services. In addition, we also use your personal data to assert rights relating to the purchase contracts initiated or concluded with you.
b) The processing of your data during payment is carried out for the purposes of making payment using the method selected by you.
c) The provision of your e-mail address to delivery services is carried out for the purpose of keeping you updated as to the status of your shipment, to allow you to plan accordingly for when the parcel is due to arrive.

4. Duration of data storage
As a rule, we process and store your data for the duration of our contractual relationship. This also includes the initiation of a contract (precontractual legal relationship).

In the event of the conclusion of a contract, all data relating to the contractual relationship is stored until such time as the mandatory statutory storage period under tax law (7 years) has expired.

Your name, address, items purchased and order data are furthermore stored until the warranty period under product liability law expires (10 years). The data processing is carried out based on the statutory provisions set forth in Section 96 (3) Telecommunications Act (Telekommunikationsgesetz, TKG) as well as Art 6 para. 1 lit. a (consent) and/or lit. b (necessary for the performance of a contract) of the GDPR.

III. Use of cookies

1. Description and scope of data processing
The Bernd Serafin Thaler website uses cookies in order to make your visit more enjoyable and innovative and to facilitate the use of certain functions (e.g. shopping basket). Cookies are small pieces of data sent from a website and stored on a user’s computer. There are two types of cookies. The first are “session cookies”, which are deleted once the user closes the browser; the second are “persistent cookies”, which remain on the computer, allowing Bernd Serafin Thaler to ‘remember’ the customers when they visit the site again. Bernd Serafin Thaler’s partners are not permitted to use cookies to collect, process or use personal information via this website.

a) Social Media Cookies
This website features social media plug-ins to allow users to recommend and share articles on social media, such as Facebook, Instagram, Twitter and Pinterest. We use a two-phase procedure; data intended for third parties is transmitted only when you, the website visitor, click on one of the icons displayed in the social media bar. Bernd Serafin Thaler has no influence over or access to the cookies used by Facebook, Twitter, etc.

b) Web analysis
If you consented to this pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics, a web analysis service provided by Google LLC (www.google.at). Google (Universal) Analytics uses various methods that allow it to analyse your use of the website, such as, for example, cookies. The automatically collected information on your use of this website is as a rule transmitted to our Google server in the USA, where it is then stored. As a result of the activation of IP-anonymisation on this website, the IP-address is abbreviated prior to transmission within the member states of the European Union and in EEA states. Only in exceptional cases is the full IP-address transmitted to a Google server in the USA and abbreviated there. The anonymized IP address transmitted by your browser in the course of Google Analytics is as a rule not combined with other data held by Google. Where the intended purpose ceases to apply and when our use of Google Analytics comes to an end, the data collected in this connection will be deleted.

Google LLC is headquartered in the USA and certified under the EU-US-Privacy Shield. Click here to view the current certificate. Based on this agreement between the USA and the European Commission, the latter has verified that companies certified under the Privacy Shield Programme have an appropriate level of data protection.

You can withdraw your consent at any time by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de . This prevents the recording of the information created by the cookie relating to your use of the website (including your IP-address), as well as the processing of this data by Google.

Alternatively, click here to prevent Google Analytics from recording any data on this website in future. This installs an opt-out cookie on your device. If you delete cookies, you will be asked to provide consent again.

2. Legal basis for data processing
The legal basis for the processing of data through the use of cookies is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing
Transient cookies are used in order to make our website simpler to use for the individual user. Some functions on our Internet site cannot be provided without using cookies. For these pages, the browser needs to be recognised even when the user switches between different pages. Therefore, transient cookies are used to ensure the basket function works, to record language settings and to recognise search terms.
Persistent analysis cookies are used in order to improve the quality of our website and its content. The analysis cookies tell us how the website is used, thus enabling us to constantly improve our offering.
Without your consent, analysis data is collected only in anonymised or pseudonymised form. We are then unable to personally identify you. These purposes establish our legitimate interest in the processing of personal information pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, Right to object and option to have data removed
Cookies are stored on your computer, from where they transmit information to our website. As such, you, the user, have full control over the use of cookies. You can restrict or disable cookies via your Internet browser settings. Existing cookies can be deleted at any time. Such deletion can also be automated. Please note that you can configure your browser settings such that you are notified of the installation of cookies and can decide on a case-by-case basis whether to accept them or to disable cookies for certain cases or across the board. Every browser is different in terms of how it manages cookie settings. An explanation can be found in the help menu of every browser, which also describes how to change cookie settings. The instructions for the various browsers can be found by clicking on the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Chrome: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Please note that disabling cookies may result in the functionalities of our website being restricted.

IV. Contact form and e-mail address

1. Description and scope of data processing
Our website features a contact form and an e-mail address. You can also contact us via various social media platforms (Facebook, Instagram). This means you can contact our customer service team directly. If and insofar as you contact us using the contact form provided on our website by e-mail or through social media platforms and wish to find out about your orders or customer status, to enable us to properly process your request you may need to provide certain personal information, such as name, address, e-mail address, date of birth, order or invoice number. This data is used solely to verify and process your request. In the event that you contact us via a social media platform, please note that these platforms are not owned or controlled by Bernd Serafin Thaler, meaning that it is not possible to protect and maintain the confidentiality of the information provided via the social media platform. Should you have any questions concerning data protection, please contact the owner and operator of the social media platform in question.

In this context, data is not shared with third parties. The data is used solely for the purposes of processing the interaction.

2. Legal basis for data processing
The legal basis for the processing of the data you provide in the course of submitting your request is Art. 6 para. 1 lit. f GDPR. If the contact has the intent of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing
The processing of the personal information submitted through the contact channel in each case serves solely the processing of your request and the handling of the issue to which the request relates. This establishes the necessary legitimate interest in processing the data.

The other personal data processed during the submission serves to prevent abuse of the contact form and to help guarantee the security of our IT-systems.

4. Duration of data storage
The data is deleted as soon as it is no longer required for the attainment of the purpose. This applies to the personal data from the input screen for the contact form, as well as the information sent by e-mail if the conversation with the user concerned has ended. The conversation has ended if it can be concluded from the circumstances that the issue concerned has been conclusively resolved. Under certain circumstances, however, we may need to store certain personal information from the communication for longer (e.g. as evidence if in the course of the conversation agreements are reached concerning purchases made, goodwill decisions by Bernd Serafin Thaler, agreements on payments, claims based on defects, etc.).

C. Rights of Persons affected

Under certain circumstances, you can assert data protection rights against us:

– Right to withdraw consent: if you consented to certain types of processing activities, you can at any time withdraw such consent for the future. Such withdrawal of consent does not, however, have any effect on the lawfulness of the processing prior to the withdrawal of consent or insofar as the processing is justified on a different legal basis.

– Right to information: Pursuant to Art. 15 GDPR, you have the right to obtain information on which of your personal information we store.

– Right to rectification: Pursuant to Art. 16 GDPR, we will on request rectify any inaccurate or erroneous personal information.

– Right to erasure: If you wish, we will delete your data pursuant to the basic principles set forth in Art. 17 GDPR.

– Right to restriction of processing: Taking account of the prerequisites set forth in Art. 18 GDPR, you can request that we restrict the processing of your data.

– Right to objection: In addition, pursuant to Art. 21 GDPR you can object to the processing of your data. This right to object applies where there are grounds relating to your particular situation and only with respect to data processing that is lawful based on an overriding interest, concerning profiling or for the purposes of direct marketing. If you object, we will no longer process your data, unless we are entitled by law to reject your objection. An objection to direct marketing, including profiling, is binding for us, which means that we are no longer permitted to process your data for these purposes.
If you consented to direct marketing and no longer wish to receive such direct advertising, you need to withdraw your consent.

– Right to data portability: You also have the right to obtain your data pursuant to the rules set forth in Art. 20 GDPR in a structured, customary, machine-readable format or to transmit it to a third party.

– Complaint to the Data Protection Authority: Furthermore, you have the right to lodge a complaint with any competent data protection supervisory authority (Art. 77 GDPR). If you think there has been an infringement of data protection law or that your data protection rights have otherwise been contravened, you can lodge a complaint with the data protection supervisory authority.

D. MISCELLANEOUS

I. Scope of your duty to provide personal information
You need only provide the data required for the initiation and performance of the contractual relationship or for a pre-contractual relationship with us or which we are required, by law, to collect. Without this data, we will as a rule not be able to conclude the contract or further execute it. This can also relate to data required later on in the course of the contractual relationship. If we request additional information from you, you will be notified separately of the voluntary nature of the information concerned.

II. Forwarding to third parties
Bernd Serafin Thaler has access to your data only insofar as this is necessary for the attainment of the objectives in line with the internal allocation of tasks. To this end, within the company only those departments that require access will be permitted to access your data.

Service Providers: We have commissioned service providers who as order processors have access to your data and process this data on our behalf for specific purposes specified by us. These order processors can be providers of marketing services, website-hosting services, IT-support services, website analysis services or shipping services.

Other third parties: If necessary for legal or statutory reasons, we are also required to provide certain data to third parties. These may be official bodies, external advisors, business partners, courts, experts as well as executive bodies within the company and supervisory bodies, where necessary.
International data transfer: Although all recipients are currently based in the EU/EEA, it cannot be excluded that recipients will, in future, be located in a country outside the EU/EEA that does not provide a level of data protection comparable to that in Europe. In particular, service providers may, in future, be located in the USA. In this case, Bernd Serafin Thaler will either select service providers certified under the US-EU Privacy Shield Program (Art. 45(1) GDPR) or which have agreed with Bernd Serafin Thaler the EU standard data protection clauses adopted by the EU Commission (Art. 46 (2) (c) or (d) GDPR).