1. Name and address of the responsible party
The responsible party in the sense of the General Data Protection Regulation and other national data protection laws of member states, as well as other legal data protection regulations is:
PROnatur24 Handels e.U.
Telephone: +43 5574 24010
(also called responsible party from now on).
The responsible party operates the following website: https://pronatur24.shop.
Protecting your personal information is an important issue for us. Therefore, we would like to show you how your personal information used for this website and our services are handled below.
2. Data protection questions
Please address your data protection questions to firstname.lastname@example.org.
3. General information about data processing
By personal information, we mean all information that divulges your identity (ex: name, address, e-mail address, telephone number). By using our digital service, your personal information is only processed in accordance with legal regulations. This includes the DSGVO, the TKG 2003, or the national data protection law. Your personal information will only be collected according to the data avoidance and minimization policies if it necessary for your desired purpose or if you voluntarily make it available to us.
We would like to inform you that we are also responsible for your data if we use a third party (processor) to process a contract.
4. We carry out the following processes
In order to make the use of our website as user-friendly and secure as possible, and to make certain functions work, we use so-called cookies. These are small text files which are dropped into your browser. Most of the cookies that we use are so-called session cookies, these are automatically deleted by your device after leaving our website. Other cookies, called long-term cookies, remain saved on your device until you delete them. These cookies allow us to recognize your browser on your next visit. You can prevent cookies from being saved with the appropriate settings on your browser. However, we inform you that you will not be able to fully use all of the website’s functions.
Writing a comment on our website can be an approval for your name, e-mail address, and website to be saved in cookies. This is a comfort function so that you do not have to re-enter all of this information the next time that you write a comment. These cookies are saved for a year.
If you have an account and log in to this website, we will set a temporary cookie in order to determine whether or not your browser accepts cookies. This cookie does not contain any personal information and is deleted when you close your browser.
When you sign in, we will configure some cookies in order to save your sign up information and display options. Sign-in cookies expire after two years and cookies for your display options expire after a year. If you select “Stay logged in” when you log in, you will remain logged in for two weeks. By logging off of your account, the sign-in cookies are deleted.
4.2. Session cookies
In order to make browsing our website easier for you, we set a so-called session ID which is assigned to each visitor when they begin using our website. This session ID allows our server to recognize you or your computer/browser as the same visitor, despite potential IP address changes between visits. This session ID also enables the assignment of several related requests made by a user during a session. The used session ID cookie is saved until the end of a session. It is automatically deleted when you close your browser.
4.3. Long-term cookies
Our website also uses functions of the web analysis service, Google Analytics, a service by Google Inc. (“Google”) which has a privacy shield certificate.
4.4. Newsletter & push messages
We process your personal information so that we can send you newsletters and push message. This process is done legally with your consent. We give your personal information to a third party so that they can send the message for us. Your personal information is processed until you cancel the processing.
When visitors leave comments on the website, we collect the data that is displayed in the comment form, as well as the visitor’s IP address and the user agent string (to identify the browser) in order to support the recognition of spam.
If you are a registered user and load photos to this website, you should avoid uploading photos with a EXIF GPS location. Visitors of this website could download photos that are saved on this website and extract information about the location in which they were taken.
4.7. Embedded content from other websites
Contributions on this website can contain embedded content (ex: videos, images, articles). Embedded content from other websites acts exactly the same way as if the visitor had consulted the other websites.
4.8. Live Chat
4.9. Presentation of anonymized inquiries and purchases
We use a Cloud service for information and presentation of frequently requested and bought products and to demonstrate safe purchasing on our online shop. We transmit anonymized data to this third party to carry out optimal presentations for the web system.
4.10. Further analysis services
In addition to Google’s analysis service (Google Anlytics), we use further technical analysis processes as needed, mainly straight after the update of the homepage and web shop’s operating software. The aim is to quickly recognize technical misconduct which would compromise the user’s browsing experience and purchasing needs. Examples of this can be “Product cannot be added to cart”, “Payment not possible”, “Cannot register a customer account”, etc. Recorded personal information is saved anonymously and deleted after deactivating the examination.
4.11. Protection system against hacking, spam, malware, and phishing
In order to protect personal information and the whole system, we use several highly-developed protection system which we do not list for privacy and safety reasons. Comments left by visitors could be examined by an automated service for spam recognition. The whole homepage is encrypted with SSL in order to guarantee a secure browsing experience.
5. Saving and processing data on the web shop
5.1. During your visit on our web shop, we record:
- Products that you have viewed. We use this recording to show you products that you have already seen as a reminder.
- Location, IP address, and browser. We use the options in order to automatically show you the correct taxes and shipping costs, for example.
- Cookies and sessions to cache the content of your cart when surfing on the web shop.
When you buy products from us, we will request your personal information to be able to complete an order and be able to ship the products. This information is your name, billing address, shipping address, e-mail address, and telephone number. If you open a customer account and do not order as a guest, we will also ask for your desired username and password. Payment information entered on the shop is neither collected nor saved by us. Saving this financial information is up to the chosen payment service (PayPal, credit cards, immediate transfer, etc.).
Besides filling orders in, we use your personal information to:
- Send the order and customer account details via e-mail.
- Answer any questions in the order comments.
- Carry out your payment and ward frauds off.
- Create your customer account
- Fulfill our financial tasks, such as VAT calculation for the tax authorities, for example.
- Constantly optimize our shop for even easier purchasing.
- Send you information, such as our newsletter, if you agree to this use.
We process your personal information in order to be able to provide you with an online shop. This processing is done according to the legal basis of the agreement. We give your personal information to a computer center operator to carry out this processing for us. Furthermore, we give the personal information to a payment service provider, as well as a delivery service so that they can process your data for the purpose of processing the payment or the delivery. We process your personal information as long as it necessary because of fiscal retention periods and as long as we do not need your personal information for legal claims anymore.
We also save product reviews and make them public so other people who are interested in the products can access your experiences.
5.2. Access to personal information
Our customer service team has access to the information that you enter when you order. This includes:
- Information about the contents of the order, when it was ordered, and where it should be shipped to
- Personal information such as name, billing and shipping address, e-mail address, and telephone number.
This access is necessary to make the order ready to ship, answer your questions, and process returns.
5.3. Payment systems
You can find the links to the payment providers’ privacy policies below:
- PayPal (https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev)
- Stripe (https://stripe.com/gb/privacy)
- Klarna (https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_us/privacy)
- Amazon Pay (https://pay.amazon.com/us/help/201491260)
- CoinGate (https://coingate.com/privacy)
6. Rights of the person affected
As an affected person, you are entitled to the following rights against the responsible party:
6.1. Right to information
You can demand confirmation from the responsible party if they are processing personal information concerning you.
6.2. Right of correction
You have a right of correction or completion against the responsible party if the personal information that is being processed is incorrect or incomplete. The responsible party must make these corrections immediately.
6.3. Right to restrict processing
You can demand the restriction of the processing of your personal information under the following conditions:
(1) If you deny the accuracy of the personal information;
(2) if the processing is illegal;
(3) if the responsible party no longer needs the personal information for processing, but you need it to assert, exercise, or defend a legal claim, or
(4) if you have filed an objection against the processing and have not yet determined whether or not the responsible party’s reasons outweigh yours.
6.4. Right to erasure
You can demand the responsible party to immediately erase your personal information, and the responsible party is obliged to do so if one of the following reasons applies:
(1) Your personal information is no longer needed for the purposes for which it is collected or processed in a certain manner.
(2) You withdraw your consent for your personal information to be processed and there are no other legal bases for the processing of said information.
(3) You file an objection against the processing of your personal information and there are no overriding reasons for said processing.
(4) Your personal information was processed illegally.
6.5. Right to consultation
If you have enforced the right of correction, right to erasure, or right to restrict processing against the responsible party, they are obligated to inform all parties to which your personal information has been disclosed about this correction, erasure, or processing restriction, unless it proves to be impossible or requires excessive effort. You are entitled to be informed about these parties by the responsible party.
6.6. Right to data portability
You have the right to receive the personal information that you have made available to the responsible party in a structured, common, and machine-readable format. Furthermore, you have the right to transmit this information to another responsible party without interference from the responsible party to which you made your personal information available to if
(1) the processing is based on consent or a contract and
(2) the processing is done with the help of automated processes.
When exercising this right, you also obtain the right to have your personal information transmitted from one responsible party to another responsible party as long as it technically feasible. The freedom and rights of other people cannot be compromised through this.
6.7. Right to appeal
You have the right to file an objection at any time against the processing of your personal information that has been carried out because of a public interest or on the basis of a legitimate interest of the responsible party.
If your personal information is processed in order to operate direct advertising, you are entitled to file an objection at any time against the processing of your personal information for the purpose of that kind of advertising; this also applies to profiling, as long as it is connected to this type of direct advertisement.
If you object to the processing of your personal information for the purposes of direct advertisement, this information will no longer be processed for this purpose.
6.8. Right to revoke consent of data protection
You have the right to revoke your consent of data protection at any time.
6.9. Automated decisions in individual cases, including profiling
You have the right to not be subjected to a decision based solely on an automatic processing of your personal information – including profiling – which produces legal effects or severely compromises you in a similar manner.
6.10. Right to appeal in a regulatory body
You have the right to appeal in a regulatory body regardless of other administrative or legal remedies, especially in the member state of your residence, place of work, or place of the suspected infringement if the processing of your personal information breaches the DSGVO.
If you want to send an enquiry to us, please use the form here.
If you think that your rights as a person are being violated, you can contact the Austrian Data Protection Authority:
As of: 22.05.2018