Data Protection
Statement and Accountability
SIHGA GmbH
Gewerbepark Kleinreith 4
Ohlsdorf / Gmunden Austria
info@sihga.com
Gewerbepark Kleinreith 4
Ohlsdorf / Gmunden Austria
info@sihga.com
Thank you for visiting our online shop. Protection of your privacy is significant to us. Below you will find extensive information about how we handle your data.
1. ACCESS DATA AND HOSTING
You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our offer. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our offer that are overriding in the process of balancing of interests. All access data are deleted no later than seven days after the end of your visit on our website.
CONTENT DELIVERY NETWORK
For the purpose of a shorter loading time, we use for some offers a so-called Content Delivery Network (“CDN”). This service provides content, e.g. large media files, via regionally distributed servers of external CDN service providers. For this reason, access data will be processed on the servers of these service providers. We engage our service providers on the basis of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.2. DATA COLLECTION AND USE FOR PROCESSING THE CONTRACT, ESTABLISHING CONTACT AND FOR OPENING A CUSTOMER ACCOUNT
We collect personal data that you voluntarily submit to us when you place an order, contact us (e.g. via contact form or by email) or open a customer account with us. Mandatory fields are marked as such because we absolutely need those data to perform the contract or process your contact request or open your customer account, and you would otherwise not be able to complete your order and/or create your customer account or send the contact request. It is evident in each input form what data are collected.
We use the data that you disclose to us to perform the contract and process your enquiries according to Art. 6 (1) (b) GDPR. You will find further information on the processing of your data, in particular on forwarding the data to our service providers for the purpose of order, payment and shipping processing, in the following sections of this privacy policy. Upon contract completion, any further processing of your data will be restricted, and your data will be deleted upon expiry of any retention period applicable under relevant regulations according to Art. 6 (1) lit. c) GDPR, unless you expressly agree to the further use of your data according to Art. 6 (1) lit. a) GDPR, or we reserve the right to otherwise use your personal data in the scope and manner permitted by law, of which we inform you in this privacy policy. Your customer account can be deleted at any time. For this purpose, you can either send a message to the contact option specified in this privacy policy or use the relevant function available in the customer account.
We use merchandise management systems of external service providers for order and contract processing. We engage our service providers on the basis of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
DATA TRANSMISSION FOR THE PURPOSE OF AGE VERIFICATION
If your order includes goods the sale of which is subject to age restrictions, we ensure that the person ordering has reached the required minimum age by using a reliable procedure including a personal identity and age check. For this purpose, the SCHUFA IdentityCheck is used on our website. This service is operated by SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany (hereinafter SCHUFA). In order to ensure the required minimum age, individual personal data (e.g. name, address and date of birth) are transmitted to SCHUFA Holding AG within this framework. A so-called identity check with Q-bit is then carried out, which was positively evaluated by the Commission for the Protection of Minors in the Media (KJM) for age verification. According to Art. 6 (1) (f) GDPR, the transmission of data to SCHUFA serves to safeguard our legitimate interests in ensuring an offer conforming to the protection of minors as well as the protection of the statutory provisions for the protection of minors that are overriding in the process of balancing interests. In this respect, there is no credit assessment.3. DATA PROCESSING FOR THE PURPOSE OF SHIPMENT
We forward your data to the shipping company within the scope required for the delivery of the ordered goods according to Art. 6 (1) (b) GDPR.
4. DATA PROCESSING FOR THE PURPOSE OF PAYMENT
As part of the payment process in our online shop, we work together with these partners: technical service providers, credit institutions
4.1 DATA PROCESSING FOR THE PURPOSE OF TRANSACTION PROCESSING
Depending on the selected payment method, we forward the data necessary for processing the payment transaction to our technical service providers, who act for us on the basis of processing on our behalforto the authorized credit institutions or to the selected payment service provider insofar as this is necessary for the payment process. This serves the fulfilment of the contract according to Art. 6 (1) (b) GDPR. In certain cases, payment service providers collect the data required for processing the payment themselves, e.g. on their own website or via technical solution within the ordering process. In this respect, the privacy policy of the respective payment service provider applies. If you have any questions about our payment processing partners and the basis of our cooperation with them, please use the contact option described in this privacy policy.4.2 DATA PROCESSING FOR THE PURPOSE OF FRAUD PREVENTION AND OPTIMISATION OF OUR PAYMENT PROCESSES
We may forward other data to our service providers, which they use for the purpose of fraud prevention and to optimize our payment processes (e.g. invoicing, processing of contested payments, accounting support) together with the data necessary to process the payment as our processors. This serves to safeguard our legitimate interests in fraud prevention or an efficient payment management in accordance with Art. 6 (1) (f) GDPR that are overriding in the process of balancing of interests.4.3 CREDIT ASSESSMENT
In cases where we make deliveries before payment, e.g. in the case of a purchase on invoice, we will have to obtain information about your identity and creditworthiness using the services of specialized service providers (credit reference agencies) for the purpose of contract formation according to Art. 22 (2) (a) GDPR. To this end, we will transfer your personal data needed for the credit assessment to the following company:Creditreform Boniversum GmbH
Hellersbergstraße 11
41460 Neuss
Germany
Hellersbergstraße 11
41460 Neuss
Germany
This serves to safeguard our legitimate interests in assessing the creditworthiness and willingness to pay of our potential customers prior to the conclusion of the contract and thus to avoid financial losses in accordance with Art. 6 (1) (f) GDPR, that are overriding in the process of balancing of interests. This is necessary for the conclusion of the contract in accordance with Art. 22 (2) (a) GDPR. In this process, we will apply appropriate measures to respect your rights, freedoms and legitimate interests. You can contact us via the contact option specified in this privacy policy to present your position and contest the decision.
After full implementation of the contract and after expiry of the tax and commercial legal retention periods, your data processed for this purpose will be deleted, unless you have expressly consented to further use of your data, or we reserve the right to use your data for other purposes which are permitted by law and about which we inform you in this notice.
4.4 ENGAGEMENT OF DEBT COLLECTION COMPANIES
In order to fulfil the contract according to Art. 6 (1) (b) GDPR, we forward your data to an authorized debt collection agency if our payment claim has not been settled despite a previous reminder. In this case, the claim will be collected directly by the collection agency. In addition, the transmission of data serves to safeguard our legitimate interests in an effective assertion or enforcement of our payment claim in accordance with Art. 6 (1) (f) GDPR that are overriding in the process of balancing interests.5. MARKETING VIA E-MAIL
5.1 E-MAIL ADVERTISING UPON SUBSCRIPTION TO THE NEWSLETTER
If you subscribe to our newsletter, we will regularly send you our email newsletter based on your consent according to Art. 6 (1) (a) GDPR, using the data required or disclosed by you separately for this purpose. You can unsubscribe from the newsletter at any time. This can either be done by sending a message to the contact option described in this privacy policy or via a link provided for this purpose, in the newsletter. After unsubscribing, we will delete your e-mail address from the list of recipients, unless you have expressly consented to the further use of your data, or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.5.2 SENDING REVIEW REQUESTS BY E-MAIL
If you have given us your explicit consent to do so during or after placing your order in accordance with Art. 6 (1) (a) GDPR, we will use your e-mail address to request a review of your order via the review system we use. This consent can be withdrawn at any time by sending a message to the contact option described in this privacy policy or via a link provided for this purpose, in the review request. The review requests may also be sent by our service providers on the basis of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.6. COOKIES AND FURTHER TECHNOLOGIES
GENERAL INFORMATION
In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser during your next visit (persistent cookies). We use such technologies that are strictly necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies are used to collect and process IP addresses, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping basket). This serves to safeguard our legitimate interests in an optimized presentation of our offer in accordance with Art. 6 (1) (f) GDPR that are overriding in the process of balancing of interests. Marketing Cookies: These cookies record information about your visit to the website, previously viewed pages and links you clicked. We use this information to tailor our website and displayed ads to your interests. Functional cookies: These cookies are used for certain features of our website, e.g. to improve the website’s navigation, or deliver to you customized and relevant information (e.g. ads that match your interests). In addition, we use technologies to fulfil the legal obligations, which we are subject to (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy. You can find the cookies settings for your browser by clicking on the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™ If you have consented to the use of the technologies in accordance with Art. 6 (1) (a) GDPR, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy or7. USE OF COOKIES AND OTHER TECHNOLOGIES FOR WEB ANALYTICS AND ADVERTISING PURPOSES
If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the relevant purpose has been fulfilled, and we have ended the use of the respective technology. You can withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section “cookies and further technologies”. Further information including the legal basis for data processing can be found within the respective technologies. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
7.1 USE OF GOOGLE SERVICES
We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision with respect to the USA by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. If your IP address is collected using Google technologies, it will be shortened by activating IP anonymization before being stored on Google's servers. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. Unless otherwise specified for the specific technologies, data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy [https://policies.google.com/privacy?hl=en].GOOGLE ANALYTICS
For the purpose of website analytics, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies can be used for this purpose. Your IP address will not be merged with other data from Google. The data processing is based on a data processing agreement with Google.GOOGLE FONTS
For the purpose of a uniform presentation of the contents on our website, data (IP address, time of visit, device and browser information) are collected by the script code “Google Fonts”, transmitted to Google and then processed by Google. We have no influence on this subsequent data processing.YOUTUBE VIDEO PLUGIN
In order to integrate third-party content, data (IP address, time of visit, device and browser information) are collected via the YouTube Video Plugin in the expanded data protection mode used by us, transmitted to Google and then processed by Google only when you play a video.7.2 USE OF FACEBOOK SERVICES USE OF FACEBOOK PIXEL
We use the Facebook pixel within the framework of the technologies of Facebook Ireland Ltd [https://en-gb.facebook.com/facebookdublin/], 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook”) as described below. The Facebook pixel is used to automatically collect and store data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration), from which user profiles are created using pseudonyms. For this purpose, a cookie is automatically set by the Facebook pixel when you visit our website, which automatically enables recognition of your browser when visiting other websites by means of a pseudonymous cookie ID. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services associated with website use, in particular personalized and group-based advertising. We have no influence on data processing by Facebook and only receive statistics based on Facebook pixels. The information automatically collected by Facebook technologies about your use of our website is usually transferred to a server of Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information about data processing by Facebook can be found in Facebook's privacy policy. [https://en-gb.facebook.com/policy.php]FACEBOOK ANALYTICS
As part of Facebook Analytics, the statistics created via Facebook pixels enable us to analyse visitor activity on our website. This serves the optimal presentation and marketing of our website.FACEBOOK ADS
We use Facebook Ads to promote this website on Facebook and other platforms. We determine the parameters of the respective advertising campaign. Facebook is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Based on the statistics about visitor activity on our website created via Facebook pixels, we operate group-based advertising on Facebook via Facebook Custom Audience by determining the characteristics of the respective target group. On the basis of the pseudonym cookie ID used by the Facebook pixel and the collected data about your usage behaviour on our website, we operate personalized advertising via Facebook Pixel Remarketing. Via Facebook Pixel Conversions we measure your subsequent usage behaviour for web analytics and event tracking purposes if you have reached our website via a Facebook Ads ad.7.3 OTHER PROVIDERS OF WEB ANALYTICS — AND ONLINE-MARKETING-SERVICES USE OF ADOBE FONTS FOR PRESENTATION OF CONTENT
In order to provide a uniform presentation of the content on our website, the script code “Adobe Fonts” from Adobe, Inc. [http://fonts.adobe.com/] 345 Park Avenue San Jose, CA 95110-2704, USA (“Adobe”) collects data (IP address, time of visit, device and browser information), transmits it to Adobe and then processes it by Adobe. We have no influence on this subsequent data processing. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO.8. INTEGRATION OF THE TRUSTED SHOPS TRUSTBADGE
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Straße 15C, 50823 Cologne, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here [https://www.trustedshops.co.uk/imprint/].
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this, purpose personal data is automatically collected from the order data. Whether you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
This is necessary for the fulfilment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
9. SOCIAL MEDIA
9.1 SOCIAL PLUGINS BY FACEBOOK, INSTAGRAM
Social buttons by social networks are used on our website. These are only integrated into the page as HTML links, so that no connection to the servers of the respective provider is established when our website is accessed. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There you can click e.g. the Like or Share button.9.2 OUR ONLINE PRESENCE ON FACEBOOK, YOUTUBE, INSTAGRAM, PINTEREST, LINKEDIN
If you have given your consent to the respective social media provider in accordance with Art. 6 (1) (a) GDPR, when you visit our online presence on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media provider, as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the provider's privacy policies linked below. Should you still require assistance in this regard, please contact us.Facebook is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook Ireland”) The information automatically collected by Facebook Ireland about your use of our online presence on Facebook is usually transferred to a server of Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing in the context of a visit to a Facebook fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here [http://www.facebook.com/legal/terms/information_about_page_insights_data].
Instagram is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook Ireland”) The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is typically transferred to and stored on a server at Facebook, Inc, 1601 Willow Road, Menlo Park, California 94025, USA. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing in the context of a visit to an Instagram fan page is based on an agreement between joint controllers in accordance with art. 26 DSGVO. Further information (information on Insights data) can be found here.
YouTube is provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter “Google”). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
Pinterest is provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereafter “Pinterest”). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to and stored on a server of Pinterest, Inc, 505 Brannan St, San Francisco, CA 94107, USA. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The information LinkedIn automatically collects about your use of our online presence on LinkedIn is generally sent to a server at LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.
10. CONTACT POSSIBILITIES AND YOUR RIGHTS
Being the data subject, you have the following rights according to:
- art. 15 GDPR, the right to obtain information about your personal data which we process, within the scope described therein;
- art. 16 GDPR, the right to immediately demand rectification of incorrect or completion of your personal data stored by us;
- art. 17 GDPR, the right to request erasure of your personal data stored with us, unless further processing is required
- to exercise the right of freedom of expression and information;
- for compliance with a legal obligation;
- for reasons of public interest or
- for establishing, exercising or defending legal claims;
- art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as
- the accuracy of the data is contested by you;
- the processing is unlawful, but you refuse their erasure;
- we no longer need the data, but you need it to establish, exercise or defend legal claims, or
- you have lodged an objection to the processing in accordance with art. 21 GDPR;
- art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
- art. 77 GDPR, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your habitual place of residence or workplace or at our company headquarters.
If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.