Data Protection

I. Overview

If you are a customer or business partner, please read from section III.

If you visit our website, please read from section II.

II. What data do we process when you visit our website?

Welcome to our website!

Find out below how we process your personal data when you visit our website (Article 13, Article 14 GDPR; Article 165(3) of the Austrian Telecommunications Act TKG).

The following data may be processed when you visit our website: 

⦁ Browser type 

⦁ Operating system 

⦁ Country 

⦁ Date 

⦁ Time and duration of access 

⦁ IP address and pages visited on our website, including landing and exit pages

⦁ Contact page on website

⦁ Device data: we may store personal data from your device. These data include geolocation data, IP address and unique identifiers (e.g. MAC address)

⦁ Data you enter on a contact form

⦁ Data you enter in the course of placing an order

⦁ Payment details

⦁ Email address

⦁ Learning progress

⦁ User name

⦁ Address for delivery (pick-up and destination address)

⦁ Phone number

The processing of these data is necessary to operate the website securely and to ensure that the website functions without technical errors. Some of these data are collected using technical cookies. Such technical cookies are used only to the extent necessary (Section 165(3) TKG). Theprocessing of these data is justified by our legitimate interest in operating our website (Article 6(1)(f) GDPR). 

To operate our website, it may be necessary for us to disclose your information to the following recipients:

⦁ Data recipient: [Hetzner GmbH]

⦁ Purpose of data processing: website hosting and website provider

⦁ Legal basis for data processing: primarily legitimate interest (Article 6(1)(f) GDPR)

⦁ Place of business: USA or Germany, Austria etc.

⦁ Basis for transmission to a third country: standard data protection clause according to Article 46(2)(c) GDPR or within the EU

⦁ Data recipient: medani gmbh

⦁ Purpose of data processing: web & online shop host

⦁ Legal basis for data processing: primarily legitimate interest (Article 6(1)(a) GDPR)

⦁ Place of business: Austria

⦁ Basis for transmission to a third country: within the EU

⦁ Data recipient: [Sendinblue, MailChimp, etc.]

⦁ Purpose of data processing: sending our newsletter

⦁ Legal basis for data processing: consent (Article 6(1)(a) GDPR)

⦁ Place of business: USA or Germany, Austria etc.

⦁ Basis for transmission to a third country: Article 49(1)(a) GDPR or within the EU

⦁ Data recipient: Facebook (Instagram); (Meta, Inc)

⦁ Purpose of data processing: social media provider

⦁ Legal basis for data processing: consent (Article 6(1)(a) GDPR)

⦁ Place of business: USA

⦁ Basis for transmission to a third country: Article 49(1)(a) GDPR

⦁ Data recipient: LinkedIn; (Microsoft, Inc)

⦁ Purpose of data processing: social media provider

⦁ Legal basis for data processing: consent (Article 6(1)(a) GDPR)

⦁ Place of business: USA

⦁ Basis for transmission to a third country: Article 49(1)(a) GDPR

⦁ Data recipient: Alphabet, Inc (Google Analytics)

⦁ Purpose of data processing: statistical analysis of the website and advertising

⦁ Legal basis for data processing: consent (Article 6(1)(a) GDPR)

⦁ Place of business: USA

⦁ Basis for transmission to a third country: standard data protection clauses according to Article 46(2)(c) GDPR

II.1. Overview of the "technical" cookies that we use

The above data are stored using cookies. Cookies are text files that are stored on your computer and allow us to analyse how our website is used. They are used to recognise and store temporary data about visitors to our website. We only use cookies to the extent necessary to communicate with you via the website. 

These technical cookies are activated as soon as you visit our website.

The following cookies are used on our platform on the basis of overriding legitimate interest (Article 6(1)(f) GDPR):

⦁ Name of the cookie: PHPSESSID

⦁ Purpose of the cookie: contains a randomly generated session ID. The online shop can use this ID to link a shopping basket to the user.

⦁ Duration of storage: session

⦁ Name of the cookie: PrestaShop

⦁ Purpose of the cookie: contains a numeric value. It is needed to save the choice that was made for consenting to cookies.

⦁ Duration of storage: 13 months

⦁ Name of the cookie: PrestaShop

⦁ Purpose of the cookie: contains a randomly generated user/session ID. The online shop can use this ID to recognise the users/visitors and manage login.

⦁ Duration of storage: 13 months

II.2. Overview of the "advertising cookies" we use 

In addition to the technical cookies above, we also use advertising cookies (including "statistical cookies"). These advertising cookies allow us to track and analyse your interests more effectively. We use advertising cookies to combine your browsing behaviour beyond our website with data from other websites. Our aim in this case is to understand the interests of our website visitors better and to be able to address our visitors in a more targeted way. 

We respect the fact that not every visitor to our website wants to use this type of cookie. That is why we only process your data using advertising cookies with your consent (Article 6(1)(a) GDPR). You can withdraw such consent at any time, although the data processing carried out before you withdraw your consent remains justified. 

⦁ Name of the cookie: _ga; (Google) - Google Analytics

⦁ Purpose of the cookie: statistical purposes

⦁ Duration of storage: 2 years

⦁ Country of establishment of the recipient: USA

⦁ How it works: registers a unique ID that is used to create statistical data about website usage.

⦁ Name of the cookie: _gid (Google)

⦁ Purpose of the cookie: statistical purposes

⦁ Duration of storage: 1 day

⦁ Country of establishment of the recipient: USA

⦁ How it works: registers a unique ID that is used to create statistical data about how visitors use the website.

⦁ Name of the cookie: _gat (Google)

Purpose of the cookie: statistical purposes

Duration of storage: 1 minute

Country of establishment of the recipient: USA

How it works: specific data are only sent to Google Analytics a maximum of once per minute. The cookie has a life of one minute. Some types of data transmission are prevented while it is set.

III. For what purposes do we process your data if you are our customer or have a business relationship with us?

In the course of our business relationship with customers and business partners, we process data on the basis of contractual obligations (performing the contract with you, conducting steps prior to entering into a contract, invoicing for services, sending documents, communication to perform the contract) and statutory obligations (legally required retention within the meaning of Section 132 of the Austrian Federal Tax Code (BAO)) (Article 6(1)(b) and (c) GDPR) as well as on the basis of our legitimate interests or on the basis of the legitimate interests of third parties (Article 6(1)(f) GDPR). This includes, for example:

⦁ for the purpose of internal administration and management of your business to the extent necessary (e.g. processing your business, forwarding your business to various departments, filing, archiving, and correspondence with you);

⦁ for the purpose of delivering the purchased goods;

⦁ for the exercise or defence of legal claims;

in all cases, to the extent necessary. Your data are processed for the purpose of initiating, maintaining and handling our business relationships. If you do not provide us with these data, we will unfortunately not be able to process your business.

Where applicable, we process your data based on your voluntary, express consent (Article 6(1)(a) GDPR).

IV. How long will your data be stored?

We only store your data for as long as is necessary for the purposes for which we have collected your data. Statutory retention obligations must also be taken into account in this regard (e.g. contracts and other documents from our contractual relationship must normally be retained for a period of seven years under tax law (Section 132 BAO)). In justified individual cases, such as for the exercise and defence of legal claims, we may also store your data for up to 30 years after the end of the business relationship. 

We store data from potential customers for up to one year from the time of the last contact with the potential customer.

V. Who may access your data?

In the course of our business relationship, it may be necessary for us to send your data to the following recipients:

⦁ Recipient: medani GmbH

⦁ Purpose: e-commerce agency

⦁ Legal basis: legitimate interest

⦁ Country: Austria

⦁ Recipient: insurance providers

⦁ Purpose: insurance of transport

⦁ Legal basis: required under statute and contract

⦁ Country: Austria

⦁ Recipient: shipping service provider (DHL, DPD, Deutsche Post AG, DHL Express, Österreichische Post AG and others)

⦁ Purpose: shipping service provider

⦁ Legal basis: contractual necessity

⦁ Country: Austria, Germany (depending on delivery address)

⦁ Recipient: auditors and tax advisers

⦁ Purpose: tax advice

⦁ Legal basis: contractual necessity

⦁ Country: Austria

⦁ Basis for transmission to third country: within the EEA

⦁ Recipient: BAWAG P.S.K. Bank für Arbeit und Wirtschaft und Österreichische Postsparkasse Aktiengesellschaft

⦁ Purpose: payment processing

⦁ Legal basis: contractual obligation

⦁ Country: within the EEA

⦁ Basis for transmission to third country: within the EEA

⦁ Data recipient: Global Payments 

⦁ Purpose of data processing: payment provider

⦁ Legal basis for data processing: primarily legitimate interest (Article 6(1)(f) GDPR)

⦁ Registered office: Austria (subsidiary); USA (parent)

⦁ Basis for transmission to a third country: parent company: USA; standard data protection clauses pursuant to Article 46(2)(c) GDPR

⦁ Recipient: payment providers (Visa, PayPal, AmazonPay, Mastercard, Klarna)

⦁ Purpose: payment processing

⦁ Legal basis: contractual obligation

⦁ Country: within the EEA (Klarna), otherwise USA

⦁ Basis for transmission to third country: within the EEA or contractual necessity

⦁ Recipient: lawyers, courts, dispute resolution bodies

⦁ Purpose: exercise and defence of legal claims

⦁ Legal basis: overriding legitimate interests

⦁ Country: Austria

⦁ Basis for transmission to third country: within the EEA

VI. Collection of data from other sources (Article 14 GDPR)

In the course of a business relationship, or the steps prior to entering into a business relationship, it is of course necessary to conduct research about your business partner. This is done solely to the extent necessary for this purpose. For this purpose, data may be retrieved and processed from the following sources:

Our company does not obtain data from third-party sources.

VII. Is there any automated decision-making or profiling (Article 13(2)(f) GDPR)?

There is no automated decision-making or profiling at our company.

VIII. What rights do you have regarding data processing?

Where the legal requirements are met, you have the following rights:

⦁ The right to access your data that we process (see Article 15 GDPR for details). 

⦁ The right to demand rectification (correction) of your inaccurate or incomplete data (see Article 16 GDPR for details). 

⦁ The right to erasure of your data (see Article 17 GDPR for details). 

⦁ The right to object to processing of your data that is necessary to protect our legitimate interests or those of a third party (see Article 21 GDPR for details). This applies in particular to the processing of your data for advertising purposes. 

⦁ The right to have the data transmitted to you in a structured, commonly used and machine-readable format. 

If we process your data on the basis of your consent, you have the right withdraw your consent at any time by email. This does not affect the lawfulness of the data processing carried out before you withdraw your consent (Article 7(3) GDPR). 

IX. What are your rights to complain?

If, contrary to expectations, there is a breach of your right to the lawful processing of your data, please contact us by post or email. We will endeavour to deal with your concerns promptly. However, you also have the right to lodge a complaint with your local supervisory authority for data protection matters. 

The address of the Austrian data protection authority is:

Austrian Data Protection Authority

Barichgasse 40-42,

1030 Vienna, Austria

X. How can you contact us?

If you have any further questions about the processing of your data, please do not hesitate to contact our data protection coordinator using the contact details below.

XI. Data controller

The data controller within the meaning of Article 4(7) GDPR is:

C&F MensCare GmbH

Turmburggasse 18/1, 1060 Vienna, Austria

Mobile: +436766878767

office@omro.com

____________________________________________________________________________________

1 An IP address is a number assigned to a device. Devices use your IP address to communicate over the Internet. Each IP address contains information about the Internet service provider you use and the physical location of the device you are using. This provides information about the user of the device. 

2 "Third country" includes all states except: (1) the Member States of the European Union and (2) the Member States of the European Economic Area, i.e. EU Member States plus Iceland, Liechtenstein and Norway.

3 "Third country" includes all states except: (1) the Member States of the European Union and (2) the Member States of the European Economic Area, i.e. EU Member States plus Iceland, Liechtenstein and Norway.

4 You can prevent cookies from being stored by changing your browser settings accordingly. However, please note that you may subsequently not be able to use all the features of the website without limitations. 

____________________________________________________________________________________

Copyright holder of this privacy policy: Lawyer Dr Tobias Tretzmüller, LL.M.; www.digital-recht.at

Use of this privacy policy, or any part thereof, without the consent of the copyright holder constitutes copyright infringement.