Statement on Information Obligation

Data Privacy Policy

 

The data processing controller is:

Ulf Seemann

Mistlberg 100

Tragwein

Austria

 

office@hiki.at

 

We are pleased that you are interested in our online shop. The protection of your private sphere is very important for us. In the following we would like to inform you in detail about how we handle your data.

 

  1. Access data and hosting

 

You can visit our websites without providing any personal details. Every time a website is visited, the webserver only saves a so-called server log file automatically, which contains e.g. the name of the requested file, your IP address, date and time of the visit, data volume transmitted, and the requesting provider (access data), and which documents the visit.

 

These access data are used solely for the purpose of ensuring error-free operation of the site and to improve our service. In accordance with Art. 6 Par. 1 lit. f GDPR, this is necessary to preserve our overriding legitimate interest in providing a correct presentation of our offering. All access data are erased no later than seven days after the end of your site visit.

 

Hosting services by a third party

Within the scope of processing carried out on our behalf, a third-party provider provides hosting services and services in connection with presentation of the website. All data that are collected within the scope of use of this website or in the forms provided in the online shop as described in the following are processed on this provider’s servers. Processing on other servers is only carried out to the extent described in this statement.

 

This service provider is domiciled in a member state of the European Union or the European Economic Area.

 

  1. Data collection and use for contract processing, making contact, and when a customer account is opened

 

We collect personal data when you provide the same to us voluntarily within the scope of your order or by making contact with us (e.g. using the contact form or by e-mail). Mandatory fields are marked as such; in these cases we absolutely need the data for contract processing or to process your contact with us, and you cannot send the order or contact form without providing these data. Which data are collected is evident from the respective input forms. We use the data provided by you for contract processing and processing of your requests as set out in Art. 6 Par. 1 lit. b GDPR.

Inasmuch as you have given your consent pursuant to Art. 6 Par. 1 lit. a GDPR by choosing to open a customer account, we use your data for the purpose of opening the customer account.

After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and erased after expiry of the fiscal and commercial retention periods, unless you have explicitly consented to the further use of your data or we reserve the right to such further use of your data as is permissible by law and which we inform you about in this statement. Deletion of your customer account is possible at any time, either by sending a message to the contact details provided below or via the function provided for this purpose in the customer account.

 

  1. Data disclosure

 

For the purpose of performance of the contract as set out in Art. 6 Par. 1 lit. b GDPR, we disclose your data to the shipping company contracted with delivery, if this is necessary for the delivery of ordered goods. Depending on the payment service provider you select in the order process, we disclose the payment data collected for the handling of payments to the bank tasked with handling of the payment, and possibly to payment service providers commissioned by us and to the selected payment service. The selected payment service providers partly collect these data directly, if you open an account with them. In this case you have to log in with your access details for the payment service provider during the order process. In this respect the data privacy policy of the respective payment service provider applies.

 

Data disclosure to shipping service providers

Provided you have given us your explicit consent pursuant to Art. 6 Par. 1 lit. a GDPR while or after placing your order, we will disclose your e-mail address provided with such consent to the selected shipping service provider so that he can get in touch with you before making the delivery in order to announce or arrange the delivery.

 

The consent may be withdrawn at any time by sending a message to the contact details provided below, or directly to the shipping service provider at the contact address set out below. After withdrawal of consent we will erase the data provided for this purpose, unless you have explicitly consented to further use of your data or we reserve the right to such further use of your data as is permissible by law and which we inform you about in this statement.

Österreichische Post Aktiengesellschaft

Rochusplatz 1

1030 Vienna

Austria

 

Data disclosure to collection agencies

For the purpose of performance of the contract as set out in Art. 6 Par. 1 lit. b GDPR, we disclose your data to a contracted collection agency, if our demand for payment has not been satisfied despite a reminder notice. In this case the amount receivable will be collected directly by the collection agency. Such disclosure furthermore serves to preserve our overriding legitimate interest in an effective assertion and enforcement of our demand for payment as set out in Art. 6 Par. 1 lit. f GDPR.

 

 

  1. E-mail newsletter and postal advertising

 

E-mail advertising with registration for the newsletter

If you register for our newsletter, we will use the data necessary for this or separately provided by you in order to send you our e-mail newsletter regularly based on your consent pursuant to Art. 6 Par. 1 lit. a GDPR.

 

You can unsubscribe the newsletter at any time, either by sending a message to the contact details provided below or via the link provided for this purpose in the newsletter. When you unsubscribe we will erase your e-mail address from the mailing list, unless you have explicitly consented to further use of your data or we reserve the right to such further use of your data as is permissible by law and which we inform you about in this statement.

 

The newsletter is sent within the scope of processing on our behalf by a service provider to whom we will disclose your e-mail address for this purpose. This service provider is domiciled in a member state of the European Union or the European Economic Area.

 

Postal advertising and your right to object

We further reserve the right to use your first and last name, as well as your postal address, for own advertising purposes, e.g. in order to send you interesting offers and information about our products by post. This serves to preserve our overriding legitimate interest in addressing advertising materials to our customers as set out in Art. 6 Par. 1 lit. f GDPR.

 

The postal advertising is sent within the scope of processing on our behalf by a service provider to whom we will disclose your data for this purpose.

You can object to your data being stored and used for these purposes at any time by sending a message to the contact details set out below.

 

  1. Use of data for payment processing

Where we deliver before payment is made (e.g. purchase on account) and you want to have our products delivered in Austria and/or live in Austria, your request data will be disclosed to the company CRIF GmbH, Rothschildplatz 3/Top 3.06.B, 1020 Vienna, for a check of your identity and credit-worthiness, and personal data will be collected from them. The legal basis for this disclosure is Article 6 Paragraph 1 lit. f GDPR. In the event of payment conduct in breach of contract, payment experience data about undisputed amounts receivable that have not been paid when due as well as address data will be disclosed to CRIF GmbH, Rothschildplatz 3/Top 3.06.B, 1020 Vienna for legitimate use within the scope of their trade licences pursuant to S. 152 of the Trade Code 1994 (Credit Agencies). More information can be found on www.crif.at/konsumenten/informationen-zur-dsgvo.

 

 

 

  1. Integration of the Trusted Shops trust badge

 

To display our Trusted Shops quality seal and any ratings collected, as well as to offer the Trusted Shops products for buyers after placing an order, the Trusted Shops trust badge is embedded on this website.

 

This serves to preserve our overriding legitimate interest in optimal marketing by making secure purchasing possible as set out in Art. 6 Par. 1 lit. f GDPR. The trust badge and services advertised by it are an offer by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The trust badge is made available within the scope of job processing by a CDN (Content-Delivery-Network) provider. Trusted Shops GmbH also uses service providers in the USA. A reasonable level of data protection is ensured. Further information about data protection by Trusted Shops GmbH can be found here.

 

Every time the trust badge is called up, the webserver saves a so-called server log file automatically, which also contains your IP address, date and time of the call, data volume transmitted, and the requesting provider (access data), and which documents the call. Individual access data are stored in a security database for the purpose of analysing security problems. The log files are deleted automatically not later than 90 days after their creation.

 

Further personal data will be transmitted to Trusted Shops GmbH if you decide to use Trusted Shops products after placing an order, or if you have already registered for use of such products. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data are automatically acquired from the order data. Whether you as a buyer are already registered for product use is checked automatically based on a neutral parameter of the e-mail address hashed by a cryptological one-way function. Prior to transmission the e-mail address is converted into a hash value that cannot be decrypted by Trusted Shops. After checking for a match the parameter is deleted automatically.

 

This is necessary in order to preserve our and Trusted Shops’ overriding legitimate interests in providing the buyer protection linked with the concrete order and the transactional rating services pursuant to Art. 6 Par. 1 lit. f GDPR. Further details, also on objection, can be found in the Trusted Shops data privacy policy linked above and in the trust badge.

 

  1. Cookies and web analysis

 

We use so-called cookies on various sites in order to make your visit to our website attractive and allow certain functions to be used, to display suitable products, or for market research purposes, if you have given your consent to this as set out in Art. 6 Par. 1 lit. a GDPR.

 

Cookies are small text files that are automatically saved to your terminal. Some of the cookies used by us are deleted again at the end of the browser session, i.e. when you close your browser (so-called session cookies). Other cookies remain on your terminal and allow us to recognise your browser again the next time you visit our website (persistent cookies). You can see how long they will be saved in the cookie settings of your web browser. You can set your browser to inform you whenever cookies are created, so that you can decide on a case-by-case basis whether to accept them or to rule out the acceptance of cookies in certain cases or quite generally. If cookies are not accepted, the functionality of our website may be restricted. Every browser is different in the way it administers the cookie settings. This is described in the Help menu of every browser, which explains how you can change your cookie settings. These can be found under the following links for the various browsers:

 

Microsoft Edge™  / Safari™ / Chrome™ / Firefox™ / Opera™

 

In addition, you can withdraw your consent at any time by sending a message to the contact details listed in the data privacy statement.

 

Double-click cookie

In as much as you have given your consent pursuant to Art. 6 Par. 1 lit. a GDPR, this website also uses the so-called double-click cookie, which allows recognition of your browser when you visit other websites, within the scope of the application of Google Analytics (see below) for advertising purposes. The information automatically created by the cookie about your visit to this website is generally transmitted to a server of Google in the USA and stored there. Thereby the IP address is shortened by means of activation of IP anonymisation on this website before it is transmitted to other member states of the European Union or other member states of the European Economic Area Treaty. The full IP address is only transmitted to a Google server in the USA and then shortened there in exceptional cases. The anonymised IP address that is transmitted from your browser within the scope of Google Analytics is not linked with other data by Google. Google uses this information to prepare reports on the website activities and provide other services associated with the website use. If applicable, Google also transmits this information to third parties, insofar as this is stipulated by law or insofar as this data is processed on behalf of Google by third parties. On lapse of purpose and at the end of the use of Google DoubleClick by us, the data collected in this connection are erased.

 

Google DoubleClick is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Where information is transmitted to Google servers in the USA and stored there, the American company Google LLC is certified in accordance with the EU-US Privacy Shield. A valid certificate can be viewed here. Based on this treaty between the USA and the European Commission, the latter has determined that companies certified in accordance with the Privacy Shield offer an adequate level of data protection.

 

You can withdraw your consent with effect for the future at any time by deactivating the double-click cookie via this link. In addition, you can get information about the placement of cookies and change the settings under Digital Advertising Alliance. Last but not least, you can set your browser to inform you whenever cookies are created, so that you can decide on a case-by-case basis whether to accept them or to rule out the acceptance of cookies in certain cases or quite generally. If cookies are not accepted, the functionality of our website may be restricted.

 

Use of Google (Universal) Analytics for web analysis

Inasmuch as you have given your consent pursuant to Art. 6 Par. 1 lit. a GDPR, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analysis service is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Google (Universal) Analytics uses methods that allow your use of the website to be analysed, for instance with cookies. The information automatically collected about your use of this website is generally transmitted to a server of Google in the USA and stored there. By means of activation of IP anonymisation on this website, the IP address is shortened before it is transmitted to other member states of the European Union or other member states of the European Economic Area Treaty. The full IP address is only transmitted to a Google server in the USA and then shortened there in exceptional cases. The anonymised IP address that is transmitted from your browser within the scope of Google Analytics is essentially not linked with other data by Google. On lapse of purpose and at the end of the use of Google Analytics by us, the data collected in this connection are erased.

 

Where information is transmitted to Google servers in the USA and stored there, the American company Google LLC is certified in accordance with the EU-US Privacy Shield. A valid certificate can be viewed here. Based on this treaty between the USA and the European Commission, the latter has determined that companies certified in accordance with the Privacy Shield offer an adequate level of data protection.

 

You can withdraw your consent with effect for the future at any time by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de. This prevents the acquisition of data created by the cookie and concerning your use of the website (incl. your IP address) as well as processing of these data by Google.

 

Alternatively to the browser plugin, you can click <a href=""javascript:gaOptout()"">on this link</a> to prevent acquisition by Google Analytics on this website in the future. In this case an opt-out cookie is stored on your terminal. If you delete your cookies you will be asked to give your consent again.

 

  1. Online marketing

 

Google Ads Remarketing

We advertise this website in the Google search results and on third-party websites through Google Ads. Inasmuch as you have given your consent to this pursuant to Art. 6 Par. 1 lit. a GDPR, the so-called Google remarketing cookie is set when you visit our website, which automatically allows interest-based advertising by means of a pseudonym cookie ID and based on the sites visited by you. On lapse of purpose and at the end of the use of Google Ads Remarketing by us, the data collected in this connection are erased.

Any further data processing will only be carried out if you have given Google your consent to your web and app browser history being linked with your Google account by Google, and information from your Google account to be used to personalise the ads that you see on the web. In this case, if you are logged in to Google when you visit our website Google will use your data together with Google Analytics data to create and define target group lists for remarketing across multiple devices. For this purpose, Google temporarily links your personal data with Analytics data to create target groups.

Google Ads is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Where information is transmitted to Google servers in the USA and stored there, the American company Google LLC is certified in accordance with the EU-US Privacy Shield. A valid certificate can be viewed here. Based on this treaty between the USA and the European Commission, the latter has determined that companies certified in accordance with the Privacy Shield offer an adequate level of data protection.

You can withdraw your consent with effect for the future at any time by deactivating the remarketing cookie via this link. In addition, you can get information about the placement of cookies and change the settings under Digital Advertising Alliance.

 

Affilinet Partner Program

Our website is part of the Affilinet Partner Program. This is offered by AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “affilinet”), and is a so-called affiliate system in which persons registered with affilinet (also “publishers”) advertise the products or services of the so-called “advertisers” on their websites by means of advertising materials. This serves to preserve our overriding legitimate interest in optimisation and economic exploitation of our online offering as set out in Art. 6 Par. 1 lit. f GDPR. With cookies affilinet can track the progress of the individual order, and in particular it can track that you have clicked on the respective link and then ordered the product via the Affiliate Partner Program.

You can prevent cookies being set by our contract partners or our Internet site at any time by changing the setting of your Internet browser. In addition, cookies already stored can be deleted at any time via the Internet browser or other software programs.

Further information about data processing at affilinet can be found here.

 

Google Maps

This website uses Google Maps for visual presentation of geographical information. Google Maps is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to preserve our overriding legitimate interest in an optimised presentation of our offering and making our locations easy to reach as set out in Art. 6 Par. 1 lit. f GDPR.

When using Google Maps, Google transmits and processes data about use of the Maps functions by website visitors, whereby the data may include in particular the IP address and location data. We have no influence on such data processing. Where information is transmitted to Google servers in the USA and stored there, the American company Google LLC is certified in accordance with the EU-US Privacy Shield. A valid certificate can be viewed here. Based on this treaty between the USA and the European Commission, the latter has determined that companies certified in accordance with the Privacy Shield offer an adequate level of data protection.

To deactivate the Google Maps service and thus prevent data transmission to Google you must deactivate the Java Script function in your browser. In this case Google Maps cannot be used or only to a limited degree.

Further information about data processing by Google can be found in the Google data protection statements. The terms and conditions of use for Google Maps provide detailed information about the map service.

Data processing is carried out on the basis of an agreement between the joint controllers pursuant to Art. 26 GDPR, which you can view here.

 

Google reCAPTCHA

We use the Google reCAPTCHA service in some of the forms on this website in order to protect our web forms from misuse and to protect us from spam. Google reCAPTCHA is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). By checking a manual input, this service prevents automated software (so-called bots) from performing abusive activities on the website. In accordance with Art. 6 Par. 1 lit. f GDPR, this is necessary to preserve our overriding legitimate interest in protecting our website from abuse and in a fault-free presentation of our web presence.

 

With a code embedded in the website, a so-called JavaScript, Google reCAPTCHA uses methods to perform the check that allow an analysis of your use of the website, such as cookies for instance. The information automatically collected about your use of this website, including your IP address, is generally transmitted to a server of Google in the USA and stored there. In addition, other cookies stored on your browser by Google services are analysed by Google reCAPTCHA.

Personal data are not read or stored from the input fields of the respective form.

 

Where information is transmitted to Google servers in the USA and stored there, the American company Google LLC is certified in accordance with the EU-US Privacy Shield. A valid certificate can be viewed here. Based on this treaty between the USA and the European Commission, the latter has determined that companies certified in accordance with the Privacy Shield offer an adequate level of data protection.

 

You can prevent the acquisition of the data created by the JavaScript or the cookie related to your use of the website (incl. your IP address) by Google and the processing of these data by Google by stopping the running of JavaScripts or storing of cookies in your browser settings. Please note that this may restrict the functionality of our web offering for your use.

 

Further information about the data privacy policy of Google can be found here.

 

  1. Social Media

 

Use of social plugins from Facebook, Twitter, Instagram, Pinterest

 

So-called social plugins (“plugins”) from social networks are used on our website.

 

When you access a page of our website that contains such a plugin, your browser will connect directly to the servers of the respective social network. The content of the plugin is sent directly to your browser and embedded in the page by the respective provider. By embedding the plugins, the providers get the information that your browser has accessed the relevant page of our website, even if you do not have a profile or are not logged in at the moment. This information (including your IP address) is sent by your browser directly to a server of the respective provider (possibly in the USA) and stored there. If you are logged in to one of the services, the providers can allocate your visit to our website directly to your profile in the respective social network. When you interact with the plugins, for instance click on the “Like” or “Share” button, the relevant information is also sent directly to a server of the providers and stored there. The information is also published in the social network and displayed to your contacts there. This serves to preserve our overriding legitimate interest in optimal marketing of our offering as set out in Art. 6 Par. 1 lit. f GDPR.

 

YouTube video plugins

Third-party contents are embedded on this website. These contents are provided by Google (“provider”). YouTube is a product of Google Ireland Limited, a company incorporated and operated in accordance with Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

 

The expanded data protection setting is activated for YouTube videos that are embedded on our website. This means that YouTube does not collect and store any data of website users unless they actually play the video. The embedding of videos serves to preserve our overriding legitimate interest in optimal marketing of our offering as set out in Art. 6 Par. 1 lit. f GDPR.

 

Please see the providers’ data privacy statements for purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as contact details and your rights in this respect, as well as setting options to protect your private sphere:

 

https://www.facebook.com/policy.php 

 

https://twitter.com/de/privacy 

 

https://help.instagram.com/155833707900388 

 

https://policy.pinterest.com/en/privacy-policy 

 

https://policies.google.com/privacy 

 

If you do not want the social networks to allocate the data collected via our website directly to your profile in the respective network, you must be logged out from the respective service before you visit our website. You can also prevent loading of the plugins completely with add-ons for your browser, e.g. with the script blocker “NoScript [https://noscript.net/]”.

 

Our online presence on Facebook, Youtube, Instagram, Pinterest

 

Our presence on social networks and platforms serves the purpose of better active communication with our customers and interested parties. We inform about our products and current special offers there.

When you visit us in the social media, your data may be collected and stored automatically for market research and advertising purposes. These data are processed, using pseudonyms, to create so-called usage profiles. These can be used, for instance, to place ads within and outside the platforms that presumably correspond with your interests. Cookies in which the user behaviour and the user’s interests are stored are usually used on your terminal for this purpose. In accordance with Art. 6 Par. 1 lit. f GDPR, this is necessary to preserve our overriding legitimate interest in an optimised presentation of our offering and more effective communication with our customers and interested parties. If you are asked for consent to data processing by the respective social media platform operators, e.g. with the help of a checkbox, the legal basis of such data processing is Art. 6 Par. 1 lit. a GDPR.

Inasmuch as the aforementioned social media platforms have their headquarters in the USA, the following applies: There is an adequacy decision by the European Commission for the USA, which is based on the EU-US Privacy Shield. A valid certificate for the respective company can be viewed here [https://www.privacyshield.gov/list].

Please see the providers’ data privacy statements linked in below for detailed information on processing and use of the data by the providers on their sites, as well as contact details and your rights in this respect, as well as setting options to protect your private sphere, in particular the possibility to opt out: Should you require assistance in this respect you can contact us.

 

Facebook: https://www.facebook.com/about/privacy/ 

Data processing is carried out on the basis of an agreement between the joint controllers pursuant to Art. 26 GDPR, which you can view here.

Further information on data processing within the scope of a visit to a Facebook fan page (information on insight data) can be found here.

 

Google/ YouTube: https://policies.google.com/privacy?hl=de

 

Instagram: https://help.instagram.com/519522125107875

 

Pinterest: https://about.pinterest.com/de/privacy-policy

 

Objection (opt-out):

 

Facebook: https://www.facebook.com/settings?tab=ads

 

Google/ YouTube: https://adssettings.google.com/authenticated?hl=de

 

Instagram: https://help.instagram.com/519522125107875

 

Pinterest: https://www.pinterest.de/settings

 

  1. Sending of rating reminders by e-mail

 

 

 

Rating reminder by Trusted Shops

Inasmuch as you have given us your explicit consent to this whilst or after placing your order pursuant to Art. 6 Par. 1 lit. a GDPR, we will send your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) so that they can send you a rating reminder by e-mail.

 

This consent may be withdrawn at any time by sending a message to the contact details provided below, or directly to Trusted Shops.

 

  1. Contact possibilities and your rights

 

 

 

As a data subject you have the following rights:

 

 * pursuant to Art. 15 GDPR the right to obtain information to the extent set out in this Article about the personal data processed by us;

 * pursuant to Art. 16 GDPR the right to demand prompt rectification of inaccurate personal data stored by us, or to have incomplete personal data completed;

 * pursuant to Art. 17 GDPR the right to demand erasure of your personal data stored by us to the extent that further processing is not necessary

    * for exercising the right of freedom of expression and information;

    * for compliance with a legal obligation;

    * for reasons of public interest, or

    * for the establishment, exercise or defence of legal claims;

  

  

 * pursuant to Art. 18 GDPR the right to demand restriction of processing of your personal data, inasmuch as

    * the accuracy of the personal data is contested by you;

    * the processing is unlawful but you oppose the erasure of your personal data;

    * we no longer need the personal data, but they are required by you for the establishment, exercise or defence of legal claims, or

    * you have objected to processing pursuant to Art. 21 GDPR;

  

  

 * pursuant to Art. 20 GDPR the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to demand their transmission to another controller;

 * pursuant to Art. 77 GDPR the right to lodge a complaint with a supervisory authority. Generally you can contact the supervisory authority for your habitual residence or place of work, or for the registered office of our company.

 

If you have questions about the collection, processing or use of your personal data, for information, rectification, restriction or erasure of data, as well as withdrawal of granted consents or objection to a specific data use, please contact us directly at the contact details provided in our legal notice.

 

Right to object

Inasmuch as we process personal data to protect our overriding legitimate interests as detailed above, you may object to such processing with effect for the future. If data are processed for direct marketing purposes, you may exercise this right at any time as described above. If data are processed for other purposes, you only have a right to object for reasons arising from your specific situation.

 

When you exercise your right to object, we will no longer process your personal data for these purposes, unless we can prove that there are compelling reasons worthy of protection that override your interests, rights and freedoms, or if processing is required for the establishment, exercise or defence of legal rights.

 

This does not apply in the case of processing for direct marketing purposes. In this case we will no longer process your personal data for this purpose.

Revised: 05/2020