GDPR

GDPR

Personal data (hereinafter mostly referred to as “data”) is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the controller
II. Rights of usersand data subjects
III. Information on data processing

I. Information about us as the controller

The responsible provider of this website in terms of data protection law is

Catharina Bond
Hockegasse 46/5
1180 Vienna
Austria

Phone: +43 650 5009183
E-mail: office@hearts-in-hands.at

II Rights of users and data subjects

With regard to the data processing described in more detail below, usersand data subjects have the right to

  • to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
  • to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
  • to the immediate erasure of the data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is required pursuant to Art. 17 para. 3 GDPR is required, to restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out on the basis of Articles 16, 17 para. 1, 18 GDPR takes place. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, users have a right to information about these recipients.

In accordance with Art. 21 GDPR, users and data subjects also have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR are processed. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

Server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider via your Internet browser. With these so-called server log files, the type and version of your Internet browser, the operating system, the website from which you have switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access and the IP address of the Internet connection from which the use of our Internet presence takes place are collected, among other things.

The data collected in this way is stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, all or part of the data will be excluded from deletion until the incident has been finally clarified.

Cookies

a) Session cookies/session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. These cookies process certain information from you, such as your browser or location data or your IP address, to an individual extent.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 para. 1 lit. b.) GDPR, insofar as these cookies are processed for contract initiation or contract processing.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis in this case is Art. 6 para. 1 lit. f) GDPR.

These session cookies are deleted when you close your Internet browser.

b) Third-party internal cookies

Our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionalities of our website.

For details on this, in particular on the purposes and legal basis of the processing of such third-party cookies, please refer to the following information.

c) Possibility of elimination

You can prevent or restrict the installation of cookies by changing the settings of your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Contract processing

The data transmitted by you to make use of our range of goods and/or services is processed by us for the purpose of processing the contract and is necessary in this respect. Conclusion and processing of the contract are not possible without the provision of your data.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service providers, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Customer internal account / registration function

If you create a customer account with us via our website, we will collect and store the data you enter during registration (e.g. your name, your address or your e-mail address) exclusively for pre-contractual services, for the fulfillment of the contract or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called notepad function). At the same time, we store the IP address and the date and time of your registration. Of course, this data will not be passed on to third parties.

As part of the further registration process, your consent to this processing will be obtained and reference will be made to this privacy policy. The data collected by us will be used exclusively for the provision of the customer account.

Insofar as you consent to this processing, Art. 6 para. 1 lit. a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 para. 1 lit. b) GDPR.

You can revoke the consent you have given us to open and maintain the customer account in accordance with Art. 7 para. 3 GDPR at any time with effect for the future. All you have to do is inform us of your revocation.

The data collected in this respect will be deleted as soon as processing is no longer necessary. However, we must comply with retention periods under tax and commercial law.

Contact requests / contact option

If you contact us via contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for processing and answering your inquiry – without it we cannot answer your inquiry or can only answer it to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted if your request has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Pinterest

We maintain an online presence on Pinterest to present our company and our services and to communicate with customers/prospects. Pinterest is a service of Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, subsequent access to internal user data may be made more difficult. We also have no access to this user data. The access option lies exclusively with Pinterest.

You can find Pinterest’s privacy policy at

https://policy.pinterest.com/de/privacy-policy

Vimeo

We maintain an online presence on Vimeo to present our company and our services and to communicate with customers/interested parties. Vimeo is a video service provided by Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, subsequent access to internal user data may be made more difficult. We also have no access to this user data. The possibility of access lies exclusively with Vimeo.

You can find Vimeo’s privacy policy at

https://vimeo.com/privacy

Facebook

We operate a company presence on the Facebook platform to advertise our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook’s data protection officers can be contacted via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the mutual obligations, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is described below is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user’s consent pursuant to Art. 6 para. 1 lit. a GDPR vis-à-vis the platform operator. Users can revoke their consent to this at any time in accordance with Art. 7 para. 3 GDPR at any time by notifying the platform operator for the future.

When our online presence is accessed on the Facebook platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s inquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the settings of the browser, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Further information on the processing activities, their prevention and the deletion of the data processed by Facebook can be found in Facebook’s data policy:

https://www.facebook.com/privacy/explanation

It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

We operate a company presence on the Instagram platform to promote our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Instagram’s data protection officers can be contacted via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the mutual obligations, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is described below is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user’s consent pursuant to Art. 6 para. 1 lit. a GDPR vis-à-vis the platform operator. Users can revoke their consent to this at any time in accordance with Art. 7 para. 3 GDPR at any time by notifying the platform operator for the future.

When our online presence is accessed on the Instagram platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside Instagram based on their interests. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the personal data entered by the user on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s inquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Further information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram’s data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

We also advertise presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media advertisement is accessed in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic are users redirected to the service of the respective social network.

After the user has been forwarded, the respective network collects information about the user. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account of the respective network during this time, the network operator may be able to assign the information collected about the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and published if necessary. If the user wishes to prevent the information collected from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site through links:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

Privacy policy: https://www.facebook.com/policy.php

Pinterest

Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.

Privacy policy: https://policy.pinterest.com/de/privacy-policy

Vimeo

Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

Privacy policy: https://vimeo.com/privacy

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

Privacy policy: https://help.instagram.com/519522125107875

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. This function allows Google to shorten the IP address within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google states that it will not associate your IP address with any other data. In addition, Google keeps under

https://www.google.com/intl/de/policies/privacy/partners

We provide you with further information on data protection law, for example on the options for preventing the use of data.

Google also offers

https://tools.google.com/dlpage/gaoptout?hl=de

We offer you a so-called deactivation add-on together with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Of course, you can also find out whether and which other web analysis services we use in this privacy policy.

Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

The connection to Google established when you access our website enables Google to determine from which website your request has been sent and to which IP address the display of the font is to be transmitted.

Google offers under

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

further information, in particular on the options for preventing the use of data.

CloudFlare

To secure our website and to optimize loading times, we use the CloudFlare service as a so-called CDN (Content Delivery Network). This is a service provided by Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA, hereinafter referred to as “CloudFlare”.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the secure operation of our website and its optimization.

When you visit our website, your requests are routed via the CloudFlare server. Statistical access data about your visit to our website is collected and CloudFlare stores a cookie on your end device via your Internet browser. The access data includes

– Your IP address,

– the website(s) of our Internet presence that you have called up,

– Type and version of the Internet browser you are using,

– the operating system you are using,

– the website from which you switched to our website (referrer URL),

– Your length of stay on our website and

– the frequency of visits to our website.

The data is used by CloudFlare for the purpose of statistical evaluations of access as well as for the security and optimization of the offer.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under “Cookies”.

CloudFlare offers under

https://www.cloudflare.com/privacypolicy/

further information on the collection and use of data and on your rights and options for protecting your privacy.

jsdelivr.net-CDN

We use the jsdeliver.com service, a content delivery network (“CDN”), on our website to optimize the retrieval speed, design and presentation of the content of our website on different end devices. This is an open source service provided by Prospectone Sp.z.o.o., ul. Krolweska 65A, 30-081, Krakow, Poland.

In order to be able to deliver the content of our website quickly, the service uses so-called JavaScript libraries. Corresponding files are loaded from a third-party server that records your IP address. We have no influence on whether your IP address is processed by third parties for statistical purposes.

Prospectone Sp.z.o.o. offers under

https://www.jsdelivr.com/privacy-policy-jsdelivr-net

further data protection information.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in speeding up the loading times of our website and optimizing it.

To prevent the execution of the Java Script code from jsdeliver.net altogether, you can install a so-called Java Script blocker, such as noscript.net or ghostery.com. noscript.net or ghostery.com. However, if you prevent or restrict the execution of the JavaScript code, this may mean that not all the content and functions of our website are available for technical reasons.

jQuery CDN

To optimize the retrieval speed, design and presentation of the content of our website on different end devices, we use the following service on our website

jQuery CDN, a Content Delivery Network (“CDN”). This is a service of the jQuery Foundation, hereinafter referred to as “jQuery”. jQuery is distributed for the JS Foundation via the StackPath CDN.

In order to deliver the content of our website quickly, the service uses JavaScript libraries. Corresponding files are loaded from the CDN server, unless they are already present in your browser cache due to a visit to another website. When you connect to the CDN server, your IP address is recorded. It cannot be ruled out that a connection is made to a server outside the EU.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in speeding up the loading times of our website and optimizing it.

To prevent the execution of the Java Script code of jQuery altogether, you can install a so-called Java Script blocker, such as e.g. noscript.net or ghostery.com. However, if you prevent or restrict the execution of the JavaScript code, this may mean that not all content and functions of our website are available for technical reasons.

Klarna “CHECK-OUT”

For the payment processing of orders via our online store, we use the payment service of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as “Klarna”.

For this purpose, we have integrated Klarna’s so-called check-out into the final order page of our online store.

The legal basis is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b.) GDPR. In addition, we have a legitimate interest in offering effective and secure payment options, so that a further legal basis follows from Art. 6 para. 1 lit. f.) GDPR.

By integrating Klarna, your Internet browser loads the check-out page from a Klarna server. The operating system you are using, the type and version of your Internet browser, the website from which the check-out was requested, the date and time of the call and the IP address are transmitted to Klarna – even without you interacting with the check-out page.

As soon as you complete the order in our online store, the data entered by you in the input fields of the check-out page will be processed by Klarna under its own responsibility for processing the payment.

For the “PayPal” and “Prepayment” payment methods offered, processing without your further consent is limited to the transfer of payment data to us or PayPal.

For the offered payment methods “purchase on account”, “installment purchase”, “credit card”, “direct debit” or “instant bank transfer”, the following personal data in particular is processed by Klarna for the purpose of payment processing and for identity and credit checks:

– Contact information, such as names, addresses, date of birth, gender, e-mail address, telephone number, mobile phone number, IP address, etc.

– Information on the processing of the order, such as product type, product number, price, etc.

– Payment information, such as debit and credit card data (card number, expiry date and CCV code), invoice data, account number, etc.

If you select the payment method “purchase on account” or “installment purchase”, Klarna collects and uses personal data and information about your previous payment history to decide whether to grant you the desired payment method. In addition, probability values for your future payment behavior (so-called scoring) are used. The scoring is calculated on the basis of scientifically recognized mathematical-statistical procedures.

Klarna provides under

https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

further information on the processing described above as well as the applicable data protection provisions.

Sample data protection declaration of the law firm Weiß & Partner