Privacy Policy

Last updated: July 11, 2023

Table of Contents

Controller
Overview of Processing Activities
Legal Bases
Data Transfers
International Data Transfers
Data Deletion
Rights of Data Subjects
Use of Cookies
Business Services
Provision of Online Services and Web Hosting
Contact and Inquiry Management
Communication via Messenger
Newsletters and Electronic Notifications
Marketing Communication via Email, Mail, Fax, or Phone
Web Analytics, Monitoring, and Optimization
Online Marketing
Social Media Presence
Plugins and Embedded Content
Changes and Updates to the Privacy Policy

Controller Falei Dziyana / Brandiana
Klarenbrunnstraße 85,
6700, Bludenz, Austria

Legal Bases Relevant legal bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence. Should specific legal bases be relevant in individual cases, we will inform you in this privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Austria: In addition to the GDPR, national regulations on data protection apply in Austria, including the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific provisions, particularly regarding the right to information, correction or deletion, the processing of special categories of personal data, processing for other purposes, and transfers and automated individual decision-making.

Note on the Applicability of GDPR and Swiss Data Protection Act: These data protection notices serve both to provide information under the Swiss Federal Data Protection Act (Swiss FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that due to broader spatial application and comprehensibility, the terms of the GDPR have been replaced by Swiss terms. The legal meaning of the terms will, however, continue to be determined by the Swiss FADP under its applicability.

Overview of Processing Activities The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected persons.

Types of Processed Data

Inventory data.
Payment data.
Location data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication, and procedural data.

Categories of Affected Persons

Customers.
Prospective customers.
Communication partners.
Users.
Business and contractual partners.

Purposes of Processing

Provision of contractual services and customer support.
Contact requests and communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Office and organizational procedures.
Conversion measurement.
Management and response to inquiries.
Server monitoring and error detection.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online services and user-friendliness.
Information technology infrastructure.

Data Transfers As part of our processing of personal data, data may be transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include IT service providers or service and content providers integrated into a website. In such cases, we comply with the legal requirements and conclude appropriate contracts or agreements with the recipients of your data, which serve to protect your data.

Data Transfers within the Organization: We may transfer personal data to other entities within our organization or grant them access to this data. Where this transfer occurs for administrative purposes, it is based on our legitimate business and operational interests or is necessary for the fulfillment of our contractual obligations, or where consent from the data subjects or legal permission is present.

International Data Transfers Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if the processing takes place as part of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with the legal requirements.

Subject to explicit consent or legally or contractually required transfer (see Art. 49 GDPR), we process or allow the data to be processed only in third countries with a recognized data protection level (Art. 45 GDPR), under contractual obligations through so-called standard protection clauses of the EU Commission (Art. 46 GDPR), or in the case of certifications or binding internal data protection regulations (see Art. 44 to 49 GDPR, EU Commission's information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Trans-Atlantic Data Privacy Framework (TADPF): The EU Commission has also recognized the level of data protection for certain companies in the USA (under the so-called "Trans-Atlantic Data Privacy Framework," abbreviated "TADPF"). The list of certified companies as well as further information about the TADPF can be found on the US Department of Commerce's website at https://www.dataprivacyframework.gov/ (in English). Information in German and other languages can be found on the EU Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_de. We will inform you further about the companies we use that are certified under the Trans-Atlantic Data Privacy Framework.

Data Deletion The data processed by us will be deleted in accordance with the legal requirements, as soon as their allowed consent for processing is revoked or other permissions no longer apply (e.g., if the purpose of processing these data no longer applies or they are not necessary for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That means the data will be locked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also include further details on the retention and deletion of data that are primarily relevant for the respective processing activities.

Rights of Data Subjects Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, in particular from Art. 15 to 21 GDPR:

Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling, to the extent that it is related to such direct marketing.
Right to Withdraw Consent: You have the right to withdraw consent at any time.
Right to Information: You have the right to request confirmation as to whether data concerning you are being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to Rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the correction of incorrect data concerning you.
Right to Erasure and Restriction of Processing: In accordance with the legal requirements, you have the right to request that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to request a restriction of the processing of the data.
Right to Data Portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with the legal requirements, or to request their transfer to another controller.
Right to Complain to a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data relating to you infringes the GDPR.

Use of Cookies Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, e.g., for the functionality, security, and comfort of online offers, as well as for creating visitor flowDue to the detailed and extensive nature of the privacy policy, it’s best to provide a concise translation of key sections or focus areas. For instance: