View Cart0 items / 0.00

Privacy Policy (English)

Privacy Policy

We have written this privacy policy (version 23.06.2021) to provide you with information in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 as well as to explain what information we collect, how we use data and what choices you have as a visitor to this website.

Technical terms are explained in a reader-friendly manner whenever possible.
Should you still have questions, we kindly ask you to follow the existing links to see further information on third-party websites, or to simply write us an email. You can find our contact information in our website’s imprint.

Field of application

This data protection declaration applies to all personal data processed by us in this business and to all personal data processed by companies commissioned by us (data processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this data protection declaration includes:

  • All online presence (websites, online shops) that we operate
  • Social media presence and email communication
  • Mobile apps for smartphones and other devices

In short: This data protection declaration applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. Should we enter legal relations with you outside of these channels, we will inform you separately.

Legal basis

In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation (GDPR), which enable us to process personal data. As far as the EU law is concerned, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can read this EU data protection regulation online at EUR-Lex, the access to EU law, at: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  2. Contract (Article 6 Paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
  3. Legal obligation (Article 6 Paragraph 1 lit. c GDPR): When we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for bookkeeping. These usually contain personal data.
  4. Legitimate interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. For example, certain data has to be processed in order to be able to operate the website securely and economically efficient. This process is therefore a legitimate interest.

Other conditions such as the taking of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do usually not apply to us. If such a legal basis should be relevant, it will be shown at the appropriate point.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the federal law for the protection auf natural persons when processing personal data (Datenschutzgesetz, engl.: data protection law), DSG for short.

Should other regional or national laws apply, then we will inform you about them in the following sections.

Contact details of the data protection controller

If you have any question about data protection, please find the contact details of the body or person responsible for data protection below:


Minnelind Kreations e.U.
Owner: Marie Brustmann
Margaretengürtel 100-102/12/19, 1050 Vienna, Austria
Email: [email protected]
Phone: +43 660 5435488


If you have any further questions about data protection or other matters relating to the website provider, you can contact Big Cartel.
In addition, we would like to note that a data processing agreement, which contains EU standard contractual clauses, exists between us and Big Cartel. This agreement was made because Big Cartel can process and possibly store data as a third party outside the EU (in this case: United States).
The data processing agreement intends to ensure that data is handled in accordance with the GDPR.

Storage of personal data and storage duration

We only store data for as long as is absolutely necessary for the provision of our services and products. This is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer exists, for example for accounting purposes.

If you want your data to be deleted or if you revoke your consent to data processing, the data will be deleted as soon as possible, unless there is an obligation to store it.

Personal data that you transmit to us electronically via this website, such as name, email address, postal address or other personal information in the context of submitting a form, are saved together with the time and the IP address (through cookies) only used for the specified purpose (for example placing the goods in the placing the good in the shopping cart, checkout) and saved and safely stored by the operator for this purpose.
We only pass on data to third parties if this is expressly necessary for the fulfillment of the contract and accounting: credit card data/bank account data to payment service providers, shipping data to shipping companies, invoice data to our tax advisor/accounting department.
Furthermore, after a contract (purchase) has been concluded, your data, including name, address, purchased goods, purchase date and other data required for the conclusion of the contract will be securely stored for the purpose of the tax retention period of 7 years.

We only use personal data for communication with visitors who expressly request contact and for the sale of the products to be purchased on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data may be viewed in the event of illegal behavior.

If you send us personal data by email - outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email.

Rights in accordance with the General Data Protection Regulation

You are granted the following rights in accordance with the provisions of the GDPR (General Data Protection Regulation) and the Austrian Data Protection Act (DSG):

  • Right to rectification (article 16 GDPR)
  • Right to erasure (“right to be forgotten“) (article 17 GDPR)
  • Right to restrict processing (article 18 GDPR)
  • Right to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
  • Right to data portability (article 20 GDPR)
  • Right to object (article 21 GDPR)
  • Right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)


If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if it is required by law or contractually necessary and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason that we have data processed in third countries.

The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may mean that data may not be processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, it can happen that the data collected is linked to data from other services from the same provider, in case you have a corresponding user account. If possible, we try to use server locations within the EU, provided that this is offered.

At the appropriate places in this data protection regulation, we will provide you with more detailed information about data transfer to third countries.

Data processing security

In order to protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. As a result, we make it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR speaks of “data protection through technology design and data protection-friendly default settings” and means that for both software (e.g. forms) and hardware (e.g. access to the server room) we always think of security and appropriate security measures. If necessary, we will go into specific measures below.

TLS encryption with https

The terms TLS, encryption and https sound very technical, which they are indeed. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transfer data on the Internet.
This means that the entire transmission of all data from your browser to the web server is secured – nobody can “listen in”.

We have thus introduced an additional layer of security and meet privacy requirements through technology design (Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information.
You can recognise the use of this safeguarding tool by the little lock-symbol , which is situated in your browser’s top left corner in the left of the internet address (e.g. examplepage.uk), as well as by the display of the letters https (instead of http) as a part of the web address.
If you want to know more about encryption, we recommend you to do a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.


Communication

When you contact us and communicate by phone, email or online form, personal data may processed.

The data will be processed for the handling and processing of your question or request and the related business transaction. The data will be stored for that time or for as long as the law requires.

Affected parties

The above-mentioned processes affect all those who seek contact with us via the communication channels we have provided.

Telephone

When you call us, the call data is pseudonymized on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can then be sent by email and saved for answering inquiries. The data will be deleted as soon as the business case has ended and legal requirements allow.

Email

When you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone…) and data is saved on the email server. The data will be deleted as soon as the business case has ended and legal requirements allow.

Online forms

When you communicate with us using an online form, data will be stored on the web server and, if necessary, forwarded to an email address from us. The data will be deleted as soon as the business case has ended and legal requirements allow.

Legal basis

The processing of the data is based on the following legal bases:

  • Article 6 (1) (a) GDPR (consent): You give us your consent to save your data and continue to use it for the purposes of the business case;
  • Article 6 (1) (b) GDPR (contract): There is a need to fulfill a contract with you or a processor such as the telephone provider or we have to process the data for pre-contractual activities, such as the preparation of an offer;
  • Article 6 (1) (f) GDPR (legitimate interests): We want to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical installations such as email programs, exchange servers and mobile providers are necessary to operate communication efficiently.

 

Automatic Data Retention

Every time you visit a website nowadays, certain information is automatically created and stored, just as it happens on this website. This data should be collected as sparingly as possible, and only with good reason. By website, we mean the entirety of all websites on your domain, i.e. everything from the homepage to the very last subpage (like this one here). By domain we mean example.uk or examplepage.com.

Even while you are currently visiting our website, the web server – this is the computer this website is stored on, usually automatically retains data such as the below – for reasons such as operational security or for creating access statistics etc.

  • the full address (URL) of the accessed website (e. g. https://www.examplepage.uk/examplesubpage.html/)
  • browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited site (referrer URL) (z. B. https://www.examplepage.uk/icamefromhere.html/)
  • the host name and the IP-address of the device the website is accessed from (e.g. COMPUTERNAME and 194.23.43.121)
  • date and time
  • in so-called web server log files.

Generally, these files are stored for two weeks and are then automatically deleted. We do not pass these data to others, but we cannot exclude the possibility that this data may be looked at by the authorities in case of illegal conduct.

In short: your visit is logged by our provider (company that runs the website on servers), but we do not pass on your data!

Legal basis

The legality of the processing of personal data in the context of web hosting results from Article 6 (1) (f) GDPR (legitimate interests), because the use of professional hosting with a provider is necessary to keep the company safe and user-friendly on the internet and to be able to track attacks and claims from them if necessary.

Cookies

This website uses HTTP-cookies to store user-specific data.
For your better understanding of the following Privacy Policy statement, we will explain to you below what cookies are and why they are in use.

What exactly are cookies?

Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.

What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which this website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.

Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open the website, your browser submits these “user specific” information back to the site. Thanks to cookies, this website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by this site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.

This is an example of how cookie-files can look:

name: _ga
value: GA1.2.1326744211.152111767426-9
purpose: differentiation between website visitors
expiration date: after 2 years

A browser should support these minimum sizes:

  • at least 4096 bytes per cookie
  • at least 50 cookies per domain
  • at least 3000 cookies in total


What types of cookies are there?

What exact cookies we use, depends on the used services. We will explain this in the following sections of the Privacy Policy statement. Firstly, we will briefly focus on the different types of HTTP-cookies.

There are 4 different types of cookies:

Essential Cookies
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.

Purposive Cookies
These cookies collect info about the user behavior and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behavior within different browsers.

Target-orientated Cookies
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.

Advertising Cookies
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.

Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.

Cookie storage period

The storage duration depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, others can remain on a computer for several years.

You also have an influence on the storage duration yourself. You can manually delete all cookies at any time via your browser. Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of storage remains unaffected until then.

How can I delete cookies?

You yourself take the decision if and how you want to use cookies. Thus, no matter what service or website cookies are from, you always have the option to delete, deactivate or only partially allow them. Therefore, you can for example block cookies of third parties but allow any other cookies.

If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete cookies in Microsoft Edge

If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.

How is my data protected?

There is a “cookie policy” that has been in place since 2009. It states that the storage of cookies requires the user’s consent. However, among the countries of the EU, these guidelines are often met with mixed reactions. In Austria the guidelines have been implemented in § 96 section 3 of the Telecommunications Act (Telekommunikationsgesetz/TKG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this, certain cookies are often absolutely necessary.

Unless absolutely necessary cookies are used, this will only be done with your consent. The legal basis for this is Article 6 (1) (a) GDPR.

In the following sections you will be informed in more detail about the use of cookies, provided that the software cookies are used.

If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.


Cookie Consent Management Platform

What is a cookie consent management platform?

We use a Consent Management Platform (CMP) software on this website, which makes it easier for us and you to handle the scripts and cookies used correctly and securely. The software automatically creates a cookie pop-up, scans and controls all scripts and cookies, provides you with a cookie consent required under data protection law and helps you and us to keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or not.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can save and process your data. It is also your right to decide for yourself which cookies you accept and which you do not.
In order to grant you this right, we first need to know exactly which cookies actually land on this website. Thanks to a cookie management tool, which regularly scans the website for all cookies present, we know about all cookies and can provide you with GDPR-compliant information. You can then use the consent system to accept or reject cookies.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of you’re can also prove your consent if required by law. This is saved either in an opt-in cookie or on a server. The storage time of your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, detailed information on the cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies are stored for different amounts of time. Some cookies are deleted after you leave the website, others can be stored in your browser for a couple years. The exact duration of the data processing depends on the tool used, in most cases you should be prepared for a storage period of several years. In the respective data protection declarations of the individual providers, you will usually receive precise information about the duration of the data processing.

Right to object

You also have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie consent management tool or other opt-out options. For example, you can prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

When you agree to cookies, your personal data will be processed and stored via these cookies. When we are allowed to use cookies with your consent (Article 6 (1) (a) GDPR), this consent is also the legal basis for the use of cookies and the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in an efficient manner in accordance with the law, which is a legitimate interest (Article 6 (1) (f) GDPR).


Payment Providers

What is a payment provider?

We use online payment systems on the website that enable us and you to have a smooth and secure payment process. Among other things, personal data can also be sent to the respective payment provider and stored and processed there. Payment providers offer online payment systems that enable you to place an order via online banking. The payment processing is carried out by the payment provider of your choice. We will then receive information about the payment made. This method can be used by any user who has an active online banking account with a PIN and a TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on this website?

We want to offer the best possible service with this website and our integrated online shop, so that you feel comfortable on the site and can use our offers. We know that your time is valuable and that payment processing in particular has to work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

The data that is processed naturally depends on the respective payment provider. Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are saved. This is the necessary data to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit this website, what content you are interested in or which sub-pages you click on, can also be saved. Most payment providers also store you IP address and information about the computer you are using.

The data is usually processed and stored on the payment provider’s servers. The website operator does not receive this data. We are only informed whether the payment worked or not. For identity and credit card checks, it can happen that payment providers forward data to the appropriate body. The business and data protection principles of the respective provider always apply to all payment transactions. It is therefore advisable to read the general terms and conditions and the data protection declaration of the payment provider. You also have the right to have data deleted or corrected at any time. With regard to your rights (right of withdrawal, right to information and right to be affected), you can contact the respective service provider.

Data processing duration

We only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of bookkeeping, this storage period can also be exceeded.

Right to object

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can always contact the person responsible for the payment provider used. You can find contact details either in our specific data protection declaration or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. This works in different ways depending on which browser you are using. Please note that the payment process may then no longer work.

Legal basis

In addition to conventional banking/credit institutions for the processing of contractual or legal relationships (Article 6 (1) (b) GDPR), we also offer other payment service providers. The data protection declarations of the individual payment providers (PayPal and Stripe) give you a precise overview of data processing and storage. In addition, you can always contact those responsible if you have any questions about data protection issues.

You can find information about the individual payment providers in the following sections.

 

PayPal Privacy Policy

We use the online payment service PayPal on this website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is mainly done by PayPal. This can lead to data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It can also happen that this data is linked to data from other possible PayPal services where you have a user account.

You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe Privacy Policy

On this website we use a payment tool by Stripe, an American technology company and online payment service. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. Therefore, if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Hence, the data required for the payment process is forwarded to Stripe where it is then stored. In this privacy policy we will give you an overview of Stripe’s data processing and retention. Moreover, we will explain why we use Stripe on our website.

What is Stripe?

The technology company Stripe offers payment solutions for online payments. Stripe enables us to accept credit and debit card payments in our webshop while it handles the entire payment process. A major advantage of Stripe is that you never have to leave the website or shop during the payment process. Moreover, payments are processed very quickly via Stripe.

Why do we use Stripe on this website?

We of course want to offer the best possible service with both the website and our integrated online shop. After all, we would like you to feel comfortable on the site and take advantage of our offers. We know that your time is valuable and therefore, payment processing in particular must work quickly and smoothly. In addition to our other payment providers, with Stripe we have found a partner that guarantees secure and fast payment processing.

What data are stored by Stripe?

If you choose Stripe as your payment method, your personal data (transaction data) will be transmitted to Stripe where it will be stored. These data include the payment method (i.e. credit card, debit card or account number), bank sort code, currency, as well as the amount and the payment date. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. These data are necessary for authentication. Furthermore, Stripe may also collect relevant data for the purpose of fraud prevention, financial reporting and for providing its services in full. These data may include your name, address, telephone number as well as your country in addition to technical data about your device (such as your IP address).

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with Stripe. However, data may be forwarded to internal departments, a limited number of Stripe’s external partners or for legal compliance reasons. What is more, Stripe uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456111767426-5
Purpose: This cookie appears when you select your payment method. It saves and recognises whether you are accessing this website via a PC, tablet or smartphone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9111767426-1
Purpose: This cookie is required for carrying out credit card transactions. For this purpose, the cookie stores your session ID.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose: This cookie also stores your ID. Stripe uses it for the payment process on the website.
Expiry date: after end of the session

How long and where are the data stored?

Generally, personal data are stored for the duration of the provided service. This means that the data will be stored until we terminate our cooperation with Stripe. However, in order to meet legal and official obligations, Stripe may also store personal data for longer than the duration of the provided service. Furthermore, since Stripe is a global company, your data may be stored in any of the countries Stripe offers its services in. Therefore, your data may be stored outside your country, such as in the USA for example.

How can I delete my data or prevent data retention?

Stripe is still a participant of the EU-U.S. Privacy Shield Framework which regulated correct and secure transfer of personal data until July 16, 2020. However, since the European Court of Justice declared the agreement to be invalid, the company no longer relies on this agreement, but still acts according to the principles of Privacy Shield.

You always reserve the right to information, correction and deletion of your personal data. Should you have any questions, you can contact the Stripe team at https://support.stripe.com/contact/email.

You can delete, deactivate or manage cookies in your browser that Stripe uses for its functions. This works differently depending on which browser you are using. Please note, however, that if you do so the payment process may no longer work. The following instructions will show you how to manage cookies in your browser:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete cookies in Microsoft Edge

We have now given you a general overview of Stripe’s data processing and retention. If you want more information, Stripe’s detailed privacy policy at https://stripe.com/at/privacy is a good source.

Legal basis

In addition to conventional banking/credit institutions, we also offer the payment service provider Stripe to process contractual or legal relationships (Article 6 (1) (b) GDPR). Successful use of the service also requires your consent (Article 6 (1) (a) GDPR), in case the use of cookies is necessary.

We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is mainly done by Stripe. This can lead to data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other possible Stripe services where you have a user account.

We have now given you a general overview of the processing and storage of data by Stripe. If you want to get more detailed information, read the Stripe data protection declaration at https://stripe.com/at/privacy.

Google reCAPTCHA Privacy Policy

Our primary goal is to provide you an experience on this website that is as secure and protected as possible. To do this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine whether you are a real person from flesh and bones, and not a robot or a spam software. By spam we mean any electronically undesirable information we receive involuntarily. Classic CAPTCHAS usually needed you to solve text or picture puzzles to check. But thanks to Google’s reCAPTCHA you usually do have to do such puzzles. Most of the times it is enough to simply tick a box and confirm you are not a bot. With the new Invisible reCAPTCHA version you don’t even have to tick a box. In this privacy policy you will find out how exactly this works, and what data is used for it.

What is reCAPTCHA?

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used the most when you fill out forms on the Internet. A captcha service is a type of automatic Turing-test that is designed to ensure specific actions on the Internet are done by human beings and not bots. During the classic Turing-test (named after computer scientist Alan Turing), a person differentiates between bot and human. With Captchas, a computer or software program does the same. Classic captchas function with small tasks that are easy to solve for humans but provide considerable difficulties to machines. With reCAPTCHA, you no longer must actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing you must do there, is to tick the text field “I am not a robot”. However, with Invisible reCAPTCHA even that is no longer necessary. reCAPTCHA, integrates a JavaScript element into the source text, after which the tool then runs in the background and analyses your user behavior. The software calculates a so-called captcha score from your user actions. Google uses this score to calculate the likelihood of you being a human, before entering the captcha. reCAPTCHA and Captchas in general are used every time bots could manipulate or misuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on this website?

We only want to welcome people from flesh and bones on this site and want bots or spam software of all kinds to stay away. Therefore, we are doing everything we can to stay protected and to offer you the highest possible user friendliness. For this reason, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a “bot-free” website. Using reCAPTCHA, data is transmitted to Google to determine whether you genuinely are human. reCAPTCHA thus ensures the website’s and subsequently your security. Without reCAPTCHA it could e.g. happen that a bot would register as many email addresses as possible when registering, in order to subsequently “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal user data to determine whether the actions on this website are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA service, may be sent to Google. Within member states of the European Economic Area, IP addresses are almost always compressed before the data makes its way to a server in the USA.
Moreover, your IP address will not be combined with any other of Google’s data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.

The following list of collected browser and user data is not exhaustive. Rather, it provides examples of data, which to our knowledge, is processed by Google.

  • Referrer URL (the address of the page the visitor has come from)
  • IP-address (z.B. 256.123.123.1)
  • Information on the operating system (the software that enables the operation of your computers. Popular operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files that save data in your browser)
  • Mouse and keyboard behavior (every action you take with your mouse or keyboard is stored)
  • Date and language settings (the language and date you have set on your PC is saved)
  • All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image display consists of)

Google may use and analyse this data even before you click on the “I am not a robot” checkmark. In the Invisible reCAPTCHA version, there is no need to even tick at all, as the entire recognition process runs in the background. Moreover, Google have not given details on what information and how much data they retain.

The following cookies are used by reCAPTCHA: With the following list we are referring to Google’s reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo.
For tracking purposes, all these cookies require a unique identifier. Here is a list of cookies that Google reCAPTCHA has set in the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111767426-8
Purpose:This cookie is set by DoubleClick (which is owned by Google) to register and report a user’s interactions with advertisements. With it, ad effectiveness can be measured, and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects website usage statistics and measures conversions. A conversion e.g. takes place, when a user becomes a buyer. The cookie is also used to display relevant adverts to users. Furthermore, the cookie can prevent a user from seeing the same ad more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa1117674260xgZFmiqWppRWKOr
Purpose:We could not find out much about this cookie. In Google’s privacy statement, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID” and “TAID”. ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves to prevent fraudulent logins and to protect user data from unauthorised attacks.
Expiry date: after 19 years

Name: NID
Value: 0WmuWqy111767426zILzqV_nmt3sDXwPeM5Q
Purpose: Google uses NID to customise advertisements to your Google searches. With the help of cookies, Google “remembers” your most frequently entered search queries or your previous ad interactions. Thus, you always receive advertisements tailored to you. The cookie contains a unique ID to collect users’ personal settings for advertising purposes.
Expiry date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc111767426-4
Purpose: This cookie is set when you tick the “I am not a robot” checkmark. Google Analytics uses the cookie personalised advertising. DV collects anonymous information and is also used to distinct between users.
Expiry date: after 10 minutes

Note: We do not claim for this list to be extensive, as Google often change the choice of their cookies.

How long and where are the data stored?

Due to the integration of reCAPTCHA, your data will be transferred to the Google server. Google have not disclosed where exactly this data is stored, despite repeated inquiries. But even without confirmation from Google, it can be assumed that data such as mouse interaction, length of stay on a website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google does generally not get merged with other Google data from the company’s other services.
However, the data will be merged if you are logged in to your Google account while using the reCAPTCHA plug-in. Google’s diverging privacy policy applies for this.

How can I delete my data or prevent data storage?

If you want to prevent any data about you and your behavior to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting this website or use the reCAPTCHA software. Generally, the data is automatically sent to Google as soon as you visit this website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=111767426.

If you use this website, you agree that Google LLC and its representatives automatically collect, edit and use data.

You can find out more about reCAPTCHA on Google’s Developers page at https://developers.google.com/recaptcha/. While Google do give more detail on the technical development of reCAPTCHA there, they have not disclosed precise information about data retention and data protection. A good, basic overview of the use of data however, can be found in the company’s internal privacy policy at https://policies.google.com/privacy?hl=en-GB.

Legal basis

If you have consented that Google reCAPTCHA may be used, the legal basis for the corresponding data processing is this consent. According to Article 6 (1) (a) GDPR (consent), this consent represents the legal basis for the processing of personal data, as can occur when Google reCAPTCHA collects it.

We also have a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). Nevertheless, we only use Google reCAPTCHA if you have given your consent.

We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is mainly done by Google reCAPTCHA. This can lead to data not being processed or stored anonymously. Furthermore, US government authorities may have access to individual data. It can also happen that this data is linked to data from other possible Google services where you have a user account.

You can find out a little more about Google reCAPTCHA on Google’s web developer page at https://developers.google.com/recaptcha/. Google goes into the technical development of reCAPTCHA in more detail here, but you will probably not find detailed information about data storage and data protection issues. A good overview of the basic use of data by Google can be found in the data protection declaration at https://www.google.com/intl/de/policies/privacy/.

All texts are copyrighted.

Source: Created with the help of Datenschutz Generator by AdSimple