Data policy

Data protection declaration

Controller responsible for data processing:
Alexander Andreadis
Wienerstraße 206
8051 Graz, Austria
+43.664.1690000
alexander@andreadis.wine

Thank you for your interest in our online shop. We believe that protecting your privacy is important. Below we inform you about how we handle your data.

  1. Access data and hosting

You can visit our website without providing any personal information. Each time you call up a web page, the web server only saves a server log file which contains, for example, the name of the requested file, your IP address, the date and time of access, the volume of data transferred and the requesting provider (access data) to record the access. This access data is processed only for the purpose of ensuring trouble-free operation of the site and improving our services. In accordance with point (f), Art. 6(1) GDPR, this serves to protect our legitimate interests in a correct presentation of our offer. All access data is deleted no more than seven days after the end of your visit to the site.

1.1 Hosting services provided by a third party provider

As part of processing on our behalf, a third party provider provides hosting and website display services on our behalf. This serves to protect our legitimate interests in a correct presentation of our offer. All data collected during the use of this website or in forms provided for this purpose in the online shop as described below are processed on its servers. Processing on other servers takes place only to the extent laid out here.

This service provider is located within a country of the European Union or the European Economic Area.

  1. Data collection and use for contracts processing 

We collect personal data when you voluntarily provide it to us in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, since we need this information to complete the contract or to deal with your enquiry and cannot dispatch your order and/or establish contact with you without this information. You can see the data that we collect from the respective input forms. We use the data provided by you in accordance with point (b), Art. 6(1) GDPR for contract processing and dealing with your enquiries. If you have given your consent in accordance with point (a), Art. 6(1) GDPR by deciding to create a customer account, we will use your data for the purpose of creating a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after the retention periods specified by tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data for other purposes to the extent permitted by law and about which we inform you in this declaration. You can delete your customer account at any time, either by writing a message to the contact option given below or via a function provided for this purpose in the customer account.

  1. Data transfer

To fulfil the contract in accordance with point (b), Art. 6(1) GDPR, we pass on your data to the shipping company instructed with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we transfer the payment data collected for this purpose to the credit institution instructed with the payment and, if applicable, to payment service providers instructed by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. In this case, the data protection declaration of the respective payment service provider shall apply. We use payment service providers that are based in a country outside the European Union. The transmission of personal data to this company takes place only to the extent necessary to fulfil the contract.

3.1 Data transfer to shipping providers

If you have given us your express consent with or subsequent to your order, we will pass on your e-mail address to the selected shipping provider on the basis of this consent in accordance with point (a), Art. 6(1) GDPR, so that the shipping provider can contact you before delivery to notify you of or coordinate the delivery with you.

You can revoke your consent at any time by sending a message to the contact option given below or directly to the shipping provider at the contact address given below. After your revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data for other purposes that are permitted by law and about which we inform you in this declaration.

Österreichische Post Aktiengesellschaft
Rochusplatz 1
1030 Vienna
Austria

  1. E-mail newsletter: E-mail advertising with newsletter subscription

If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis on the basis of your consent according to point (a), Art. 6(1) GDPR. You can unsubscribe from our newsletter at any time, either by writing a message to the contact option given below or via a links provided for this purpose in the newsletter. After your cancellation, we will delete your e-mail address provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to e-mail for other purposes that are permitted by law and about which we inform you in this declaration. The newsletter is sent by a service provider on our behalf, to whom we pass on your e-mail address for this purpose.

This service provider is located in the USA and is certified under the EU-U.S. Privacy Shield Framework. You can view a current certificate here. Based on this agreement between the United States and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

  1. Integration of the Trusted Shops Trustbadge

To display our Trusted Shops Trustbadge and the collected ratings as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge is integrated on this website. This serves to protect our legitimate interests in the marketing of our website according to point (f), Art. 6(1) GDPR. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
Each time you call up the Trustbadge, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of access, the volume of data transferred and the requesting provider (access data) to record the access. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.
Further personal data will only be transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order or have already registered to use Trusted Shops. In this case, the contractual agreement between you and Trusted Shops applies.

  1. Cookies and web analysis

To make the visit to our website more attractive and to enable the use of certain functions, to display suitable products or for market research, we use cookies on various pages. This serves to protect our legitimate interests in the representation of our offer according to point (f), Art. 6(1) GDPR. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser to notify you of set cookies and let you decide whether to allow or block each one in specific cases or in general. Each browser has its own way of managing cookie settings. To find out how to change cookie settings in your browser, see your browser’s help menu. You can find these under the following links:

Internet Explorer™: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Safari™: https://support.apple.com/kb/ph21411?locale=de_DE

Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Opera™ : https://help.opera.com/de/latest/web-preferences/#cookies

If cookies are deactivated, the functionality of our website may be limited.

6.1 What types of cookies do we use?

6.1.1 Required cookies

These cookies are necessary to enable the operation of our website. They include, for example, cookies that allow you to log into the customer area or to place something in your shopping cart.

6.1.2 Analysis / performance cookies

These cookies allow us to collect anonymised data about the usage behaviour of our visitors. We then analyse these, for example to improve the functionality of the website and to show you interesting offers.

6.1.3 Functional cookies

These cookies are used for certain functions of our website, e.g. to suggest a better navigation flow on our website or to show you personalised and relevant information (e.g. “interest-based advertisements”).

6.1.4 Targeting cookies

These cookies record your visit to our website, the pages you have visited and the links you have clicked on. We use this information to tailor our website and the advertising you see to your interests.

6.1.5 Third-party cookies

These cookies from some of our advertising partners help to make the internet offer and our website more interesting for you. For this purpose, cookies from partner companies are also saved to your hard drive when you visit our website. These are temporary cookies that automatically delete themselves after a specified time. Cookies from partner companies are usually deleted after a few days or up to 24 months, in individual cases also after several years. The cookies of our partner companies do not contain personal data. Data is only collected under a user ID pseudonym. This pseudonymous data is never merged with your personal data.

The table below lists the cookies we use:

 

Cookie Purpose Origin
_fbp Collects anonymised data about visitor behaviour. Facebook
tk_lr
tk_or
tk_ai
tk_r3d
tk_*
Collects information for our own first-party analytics tool about the use of our services. A collection of internal user activity metrics used to improve your user experience. Jetpack for WordPress
__zlcmid This live chat widget sets cookies to store the Zen Live Chat ID, which is used to identify a device during visits. ZenDesk
__stripe_mid
__stripe_sid
Provides a unique session ID for authentication. Stripe
woocommerce_cart_hash
woocommerce_items_in_cart
wp_woocommerce_session_*
Saves the contents of the products added to the shopping cart. WooCommerce
wordpress_test_cookie
wordpress_logged_in…
wp-settings-3
wp-settings-time-3
Used on websites created with WordPress. Checks whether your browser has cookies enabled. It is also used to check whether a user is logged in. WordPress
cookieconsent_status Saves the user’s choices in the cookie hint. Analytics Germanized Plugin
_icl_current_language Saves the current language selection. WPML Plugin
_ga
_gat
_gid
Analyses visitor behaviour on the site anonymously. Google Tag Manager
__zlcmid This live chat widget sets cookies to store the Zen Live Chat ID, which is used to identify a device during visits. ZenDesk

6.2 Use of Google (Universal) Analytics for web analysis

This website uses Google (Universal) Analytics, a web analysis service provided by Google LLC (www.google.com), for website analysis. This serves to protect our legitimate interests in the representation of our offer according to point (f), Art. 6(1) GDPR. Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated before transmission within member states of the European Union or in other countries party to the contract on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymized IP address transmitted by your browser in the context of Google Analytics is never merged with other Google data. After the end of the purpose and use of Google Analytics by us, the data collected in this context will be deleted.

Google LLC is located in the USA and is certified under the EU-U.S. Privacy Shield Framework. You can view a current certificate here. Based on this agreement between the United States and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

Alternatively to the browser plugin you can click this link to prevent Google Analytics from collecting data on this website in the future. This sets an opt-out cookie on your terminal device. If you delete your cookies, you must click the link again.

  1. Online marketing Google AdWords Remarketing

We use Google Ads to advertise this website in Google search results and on third-party websites. For this purpose, Google sets a remarketing cookie when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited. This serves to protect our legitimate interests in the marketing of our website according to point (f), Art. 6(1) GDPR. After the end of the purpose and use of Google Ads remarketing by us, the data collected in this context will be deleted. Additional data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize ads you see on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google will temporarily link your personal data with Google Analytics data to form target groups. Google Ads remarketing is an offer of Google LLC (www.google.com).
Google LLC is located in the USA and is certified under the EU-U.S. Privacy Shield Framework. You can view a current certificate here. Based on this agreement between the United States and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield. You can deactivate the remarketing cookie with this link. You can also find out more about cookies and how to manage your cookie setting from the Digital Advertising Alliance.

7.1 Zendesk live chat tool

If you use the live chat tool to contact us, the data you voluntarily enter there (name, e-mail address, message) will be processed by us in accordance with point (b), Art. 6(1) GDPR for the purpose of answering your enquiry as part of contract processing. In addition, the use of this tool serves to protect our legitimate interests in effective, improved communication with our customers according to point (f), Art. 6(1) GDPR. The data is then deleted.
As part of processing on our behalf, the third party provider Zendesk, Inc. provides us with the services required to provide the live chat tool. All data collected during the use of the chat tool is processed on its servers.
Zendesk, Inc. is located in the USA and is certified under the EU-U.S. Privacy Shield Framework. You can view a current certificate here. Based on this agreement between the United States and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

  1. Social media plugins – YouTube video plugins

Contents of third party providers are integrated on this website. This content is provided by Google LLC (“Provider”).
YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For videos from YouTube that are embedded on our website, the extended data protection setting is activated. This means that no information from website visitors is collected and stored by YouTube unless they play the video. The embedding of the video serves to protect our legitimate interests in the marketing of our offer according to point (f), Art. 6(1) GDPR.
The purpose and scope of data collection, further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in the Google privacy policy: https://policies.google.com/privacy.

8.1 Our online presence on Facebook

Our presence on social networks and platforms serves to improve active communication with our customers and prospects. We use them to provide information about our products and current special offers.
When visiting our social media content, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These may be used, for example, to serve ads that are presumed to match your interests both within and outside the platforms. Cookies are generally used on your terminal device for this purpose. These cookies store visitor behaviour and interests. In accordance with point (f), Art. 6(1) GDPR, this serves to protect our legitimate interests in an optimized presentation of our offer and effective communication with the customer and interested parties. The legal basis for any requests for consent (agreement) by the respective social media platform operators to processing your personal data is point (a), Article 6(1) GDPR.
Insofar as the aforementioned social media platforms have their headquarters in the USA, the following applies: For the USA, there is an adequacy decision of the European Commission. This is based on the EU-U.S. Privacy Shield. You can view a current certificate for the respective company here.
For detailed information on the processing and use of data by the providers on their sites as well as a contact and your rights and setting options to protect your privacy, in particular opt-outs, refer to the data protection notices of the providers, which we have linked below. If you still need help with this, please contact us.
Facebook: https://www.facebook.com/about/privacy/

The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here https://www.facebook.com/legal/terms/page_controller_addendum

Opt-outs: Facebook: https://www.facebook.com/settings?tab=ads

  1. Sending of rating reminders by e-mail Rating reminder by Trusted Shops

If you have given us your express consent to this during or after your order in accordance with point (a), Art. 6(1) GDPR, we will transmit your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (www.trustedshops.de) so that they can e-mail you a reminder to rate us. You can revoke your consent at any time by sending a message to the below contact address or directly with Trusted Shops.

  1. Contact options and your rights

As a data subject, you have the following rights:

  • according to Art. 15 GDRP the right to demand the personal data we have about you to the extent specified therein;
  • according to Art. 16 GDRP the right to the immediate correction of incorrect personal data or completion of the personal data we have about you;
  • according to Art. 17 GDRP the right to obtain the erasure of the personal data concerning you unless further processing of this data is necessary
    – for the assertion of the right to free speech and information,
    – for the fulfilment of a legal obligation,
    –  for public interests,
    – for asserting, exercising or defending legal claims;
  • according to Art. 18 GDRP the right to the restriction of processing of your personal data to the extent that
    – you contest the accuracy of the personal data,
    – its processing is unlawful but you oppose its deletion
    – we no longer require the data but you require it for the establishment, exercise or defence of legal claims,
    – you object to processing according to Art. 21 GDRP;
  • according to Art. 20 GDRP the right to receive the personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to have us transmit those data to another person;
  • according to Art. 77 GDRP the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your normal place of residence or place of work or of our head offices.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a certain use of data, please contact us directly using the contact details under “Legal information”.

********************************************************************

Right to object

Insofar as we process personal data as described above to protect our legitimate interests, you can object to this processing with effect for the future. If processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. Insofar as processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation. After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.

This does not apply if processing is carried out for direct marketing purposes. We will then no longer process your personal data for this purpose.

********************************************************************

 

x
0
    0