We, ÖWI Handels-GmbH, Josef-Hafner-Straße 4, 2100 Korneuburg, Austria, tel.: +43 2262 625 46, fax: +43 2262 625 46 9, email: email@example.com, (“ÖWI”, “we”, “us”), take the protection of your personal data very seriously. We therefore process the personal data you provide when using our website https://shop.oesterreichwein.at/ (the “website”) on the basis of the principles of data protection law, in particular the EU General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act, (“DSG”) and the Austrian Telecommunications Act (“TKG”).
1. What is personal data?
Personal data is information about data subjects that allows them to be identified or identifiable. This includes your name, email and IP address.
2. What personal data do we collect and why?
- Contacting us: If you contact us by email, telephone, fax or post, the personal data you provide (email, name, title, company name, telephone number, order number, etc.) and the content of your enquiry is stored by us for the purpose of processing your enquiry and in the event of any follow-up questions (pre-contractual measures and/or legitimate interest or on the basis of your consent). We never transfer your enquiry to third parties without your consent.
- Registration: If you create an account on this website, we collect, store and process your customer group (e.g. winemaker, distributor, restaurateur, end customer), title, name, email address, company name, VAT no., address, telephone number, mobile phone number, fax number, trade license number [SB1] and password. Your personal data is processed for the purpose of administering your online account.
- Orders placed via the online shop (by consumers, as registered users or as guests): We process the following data in order to perform the contract:
- for an order placed by a registered user: shipping and payment methods chosen, your bank and credit card details and the goods selected, in addition to registration data;
- for an order placed by a guest: contact and shipping information (email address, name, address, telephone number) shipping and payment methods chosen, bank and credit card details and the goods selected.
The information you provide is required to perform the contract or to carry out pre-contractual measures. We are unable to conclude a contract with you without this data. We do not transfer your data to third parties, with the exception of transmitting your address to shipping companies we have commissioned to deliver the goods and to our tax consultants to fulfil our fiscal obligations.
- Newsletter: On the basis of your consent, we process your name, email address and status (consumer or company) for the purpose of sending our regular newsletter with current offers and discounts for the range of goods available in our online shop. We transfer your data to Österreich Wein Marketing GmbH[SA2] who send the newsletter on our behalf. You may withdraw your consent with future effect at any time, without charge and without having to give reasons (for example, by using the unsubscribe link at the bottom of the email).
3. Transfer to third parties
We transfer your personal data to external vicarious agents or service providers only to the extent required:
- IT service providers and/or providers of data hosting or data processing solutions or similar services;
- third parties we cooperate with to fulfil our obligations (such as parcel delivery service providers to deliver your orders placed on the online shop, payment service providers for processing payments on the online shop and banks for processing payments);
- other external third parties to the extent required[SA3] (such as accountants, insurers in the event of a claim, legal representatives (if required) and credit protection associations for credit checks, etc.);
- authorities and other public bodies as required by law (e.g. financial authorities).
There are cookies that require your consent before they can be used on your end device and cookies that can be used without your consent as these are strictly necessary for us to provide our services. In the latter case, data is required to be processed for the purpose of data security, to prevent misuse and to optimise the website and is therefore based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR. All other cookies require your prior consent, which we obtain via the cookie banner in accordance with Art. 6 (1) (a) GDPR.
If you have granted your consent, this also covers transmission, as listed below, to recipients in third countries without an adequate level of data protection, in particular the USA, in accordance with Art. 49 (1) (a) GDPR. There is a risk, however, that the personal data relating to you transferred in this way may be subject to access by the authorities in these third countries for inspection and monitoring purposes and that no effective judicial remedies are available to prevent this.
Google Analytics gathers the following information: IP address in an anonymised format, browser, device type, device model, country, service provider, screen resolution (on mobile devices), time spent on the website, language, operating system and pages visited on the website. Google uses this information to, in particular, evaluate the user’s usage of the website and to compile reports about activities that have taken place on the website. Google may also pass this information on to third parties if required by law, or if third parties process the data on Google’s behalf. IP addresses are anonymised as the privacy of our users is important to us.
If you do not wish that Google Analytics logs your activities on our website, you can download a browser plug-in at http://tools.google.com/dlpage/gaoptout and install this to opt out.
Sharing via Facebook, Instagram and WhatsApp (social media plug-ins)
You can share your purchases or information from the online shop on Facebook, Instagram and WhatsApp using the Share button. We use the two-click method for data protection reasons. This means that when you click on a corresponding icon, the social media plug-ins are loaded from third party servers and data such as your IP address or browser configuration is transferred and/or cookies from third parties are stored on your computer or smartphone. To our knowledge, in this event, the social networks receive information about which of our web pages you previously accessed and are currently accessing. The plug-ins generate a cookie with a unique identifier each time the corresponding website is accessed. This allows the social network to create a profile relating to your user behaviour. It cannot be ruled out that such a profile may also be assigned to you if you later register with the social network for the first time. Data will therefore not be transferred to the social media operator without your prior consent. We store the data for a period of 6 months.
- Facebook: https://www.facebook.com/about/privacy
- Instagram: https://help.instagram.com/519522125107875/?maybe_redirect_pol=0
- WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea
5. Storage period
In principle, we only store your personal data for as long as necessary to fulfil our obligations towards you. However, the personal data you provide us with in conjunction with placing an order is generally stored for 7 years after the contract has been concluded due to our fiscal and company law retention obligations. Personal data transmitted when you submit an enquiry is stored, in principle, for six months after the enquiry has been answered in order to be able to respond to any follow-up questions. If you have provided us with your consent to store the data for a longer period of time, we store your enquiry data for the duration of the consent given by you. Your personal data that we process to send our newsletter is stored until you withdraw your consent. However, this is stored for a maximum of three years from the last time you contacted us.
6. Data security
We use adequate technical and organisational security measures to protect your personal data from unintended or unauthorised erasure, alteration, loss, theft, digital access, transmission, reproduction, use, alteration or authorisation access. When transferring and storing personal data, we use state-of-the-art encryption technology and authorisation access controls to best protect your data from unauthorised access.
Protecting your payment information, such as credit card data is of the highest priority for us. The entire payment process is therefore carried out by a certified payment service provider, QENTA Payment CEE GmbH, who has first-rate security systems and only forwards us the result of the transaction.
The personal data transmitted by them is treated confidentially. We and our employees are obligated to maintain data confidentiality. Likewise, our vicarious agents and commissioned partners who require access to your personal data to perform their professional duties are granted access and are subject to the same obligations to maintain data confidentiality.
7. Your rights as a data subject
You have the right to access, correct and erase your stored personal data at any time without charge. You also have the right to restrict the extent to which your data is processed and the right to receive the data you have provided us with in a structured, commonly used, and machine-readable format (data portability).
You also have the right to object to processing if your data is being used for the purposes of direct marketing. If we process your data for legitimate reasons, you also have the right to object, at any time, on grounds relating to your particular situation.
You have the possibility to file a complaint with a data protection authority. The competent data protection authority is: Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria.
Before filing a complaint with the Data Protection Authority, or in the event of any other questions, please contact us using the contact details stated above, preferably by email at firstname.lastname@example.org.