Privacy policy
Information obligations under the General Data Protection Regulation (GDPR)
Preamble
The protection of your privacy and your data is very important to us and is always taken into account in all business transactions.
In principle, you can use our website without providing any personal data.
However, other regulations may apply to individual services, which we will inform you about separately below.
General information
The purpose of processing your personal data (hereinafter referred to as “data”) is to provide you with information on shoe fashion and to present and offer products and services on this topic.
In this privacy policy we inform you, among other things, about
- the name and contact details of the controller
- all purposes for which your data is processed
- the legal bases on which the processing activities are based, including
possibly our legitimate interest - all recipients of your data
- a possible transfer of your data to a third country and the presentation of the legal basis for this
- the storage duration of your data or the criteria for determining the duration
- the categories of your data that are processed
- the origin of your data
- the rights of those affected
Responsible for data protection is
HARTJES Gesellschaft m.b.H., A-4925 Pramet 67, Tel: 0043-7754-8181, Email: office@hartjes.at.
No data protection officer has been appointed, as this is not required by law.
Your rights
You have the following rights vis-à-vis us with regard to your personal data:
- Right to information
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
- Right to withdraw your consent
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
You can contact us at any time if you have further questions on the subject of personal data.
Right to information
You have the right to receive free information from us at any time about the personal data stored about you and a copy of this information, including information about
- the purposes of processing
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, you have a right to information as to whether personal data has been transferred to a third country or to an international organization.
If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transfer.
Right to rectification
You have the right to demand the immediate correction of incorrect personal data concerning you.
Furthermore, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.
Right to erasure
You have the right to obtain from us the erasure of your personal data without undue delay where one of the following grounds applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
Right to be forgotten
If we have made the personal data public and our company is obliged to erase the personal data as the controller pursuant to Article 17(1) GDPR, we shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, you oppose the erasure of the personal data and request the restriction of the use of the personal data instead.
- We no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims.
- You have objected to the processing acc.
Art. 21 para. 1 GDPR and it is not yet clear whether our legitimate reasons outweigh yours.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.
This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.
This also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the decision (1) is not necessary for entering into, or performance of, a contract between you and us, or (2) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is based on your explicit consent.
Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
However, your revocation does not affect the legality of the data processing carried out until the revocation.
Minors
Our Website and Services are not intended for use by minors, and we do not wish to collect information from minors.
If a parent or guardian of a minor believes that their child may have provided us with personal information, please write to us at the contact details below and we will delete that personal information, subject to applicable law and this Policy.
Data security
We use appropriate technical and organizational measures and security precautions (TOMs) to prevent unauthorized access, unlawful processing and unauthorized or accidental loss of your data.
This includes, for example, the encryption of your communication with us via this website based on the Secure Socket Layer (SSL) encryption protocol.
You can check the quality of our encryption here: https://www.ssllabs.com/ssltest
It is important for us to point out that data transmission on the Internet can have security gaps, as complete protection against access by unauthorized third parties is not possible.
Web host
The server on which this website is hosted is located in Germany and is operated by Mittwald CM Service GmbH & Co KG, with which a (sub)processing agreement has been concluded.
For more details, please visit https://www.mittwald.de/datenschutz.
Server log files
Our website collects a range of general data and information each time you access it via an automated system.
This general data and information is stored in the log files of our server by Mittwald CM Service GmbH & Co KG in Germany.
The following can be recorded
- the browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrer)
- the sub-websites that are accessed via an accessing system on our website
- the date and time of access to the website
- an Internet Protocol address (IP address)
- the Internet service provider of the accessing system
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about you.
This information is required in order to
- deliver the content of our website correctly
- to optimize the content of our website and the advertising for it
- to ensure the long-term functionality of our information technology systems and the technology of our website
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
We evaluate this anonymously collected data and information both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for you.
In any case, we may process this data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
The logs are stored separately from all personal data provided by you and are also deleted after a maximum of 90 days.
Cookies
You can find information on the use of cookies and information on your corresponding options and rights in our cookie banner.
How do we collect your data?
You can currently send us an email, use the contact form, contact us by telephone, fax, post or in person.
Please note that unencrypted emails sent via the Internet are not adequately protected against unauthorized access by third parties.
Website contact form
If you would like to send us a message, it is necessary for you to provide the personal data listed below, which we require to process your request.
To prevent unauthorized access to your personal data by third parties, the order process is encrypted using SSL technology.
Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers.
This means that we will write to you directly by e-mail, direct mail or customized online advertising and inform you if we believe, based on the data you have provided, that information about our products, services and events and those of our partner companies is of particular relevance and interest to you.
You can only receive our company’s newsletter if (1) you have a valid e-mail address and (2) you have registered to receive the newsletter.
A confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter dispatch using the double opt-in procedure, in which we ask you to confirm that you wish to receive the newsletter.
This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter.
The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
Why do we process your data?
If you contact us, e.g. simply to obtain information from us, we will process your data for this purpose.
If you contact us to conclude a contract, for example, we process your data for this purpose.
To process your order, including customer service
If you provide your order data via e-mail, contact us by telephone, fax, post or in person, the data you provide, including your personal data, will be processed by us and the recipients named below for the purpose of (pre-)contract processing, to process and manage your order and to look after you as a customer within the scope of our business relationship with you.
Website contact form
We process the data you provide in order to be able to answer your request in the best possible and personalized way and to be able to determine from which country/location a request originates.
Newsletter
We inform our customers and business partners about company offers at regular intervals by means of a newsletter.
The data collected as part of your registration for the newsletter will be used exclusively for sending our newsletter.
Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances.
Marketing (general)
To initiate business and intensify the business relationship with existing and potential customers.
Why are we allowed to process your data?
If you contact us, e.g. simply to obtain information from us, we may process your data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. f GDPR.
If you contact us, e.g. to conclude a contract, we may process your data on the basis of Art. 6 para. 1 lit. b GDPR and, if necessary, store it on the basis of Art. 6 para. 1 lit. c GDPR.
order
The processing of your data, including the personal data provided by you, is carried out by us and the recipients listed below on the legal basis of Art. 6 para. 1 sentence 1 lit. b in order to be able to identify you as a customer, to be able to process the work or purchase contract in question appropriately, and for correspondence with you.
The data processing takes place at your request and is necessary for the purposes mentioned for the appropriate processing of your order.
Website contact form
If we receive a message from you, the legal basis is Art. 6 para. 1 lit. a, Art. 6 para. 1 lit. b or Art. 6 para. 1 lit. f GDPR, depending on the content of the message.
Newsletter
The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You have the right to withdraw your consent at any time.
See your rights above for more details.
Marketing (general)
The legal basis is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
The legitimate interest is our interest in initiating business and intensifying the business relationship with existing and potential customers.
What data do we process?
In general, we expressly request that you do not disclose any data to us that is likely to be of little or no relevance to the purpose for which you intend to use it; this applies in particular to special categories of personal (“sensitive”) data.
The provision of information by you is purely voluntary.
Information
If you contact us simply to obtain information from us, we will process the data you provide.
General orders
We process the necessary mandatory information for the processing of contracts; further information is voluntary.
Website contact form
When we receive a message from you, our web host logs and stores the date/time of registration and the IP address from which the registration was received.
This is only for evidence purposes in the event that an e-mail address is used by an unauthorized person.
The required mandatory information is marked separately.
The provision of further information is voluntary.
Newsletter
Which personal data is transmitted to us when you order the newsletter can be seen from the input mask used for this purpose.
The only mandatory information for sending the newsletter is your e-mail address.
The provision of any additional, separately marked data is voluntary and will be used to address you personally.
When you register for the newsletter, we also store the IP address assigned by your internet service provider (ISP), the computer system you are using at the time of registration and the date and time of registration.
The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves as legal protection for us.
Marketing (general)
Depending on what you have voluntarily provided to us, your data processed by us may include the following:
- Your contact details (name, address, telephone number, e-mail address, etc.)
- Contents of previous orders
Who will your data be passed on to?
Your data may be passed on in whole or in part, but only to the extent and to the extent necessary, to the following controllers:
- Banks (Payment transactions – Austria)
- Tax consultant (Accounting – Austria)
- Debt collection agencies (debt collection – Austria)
- Legal representative (law enforcement – Austria)
- Courts (law enforcement – Austria)
- Administrative authorities (Austria)
In addition, your data may be passed on to the following recipients as (sub)processors; a (sub)processing agreement has been concluded with all of them and the appropriate technical and organizational measures (TOMs) have been verified:
- Innpuls Werbeagentur GmbH (Marketing agency, Austria)
- Mittwald CM Service GmbH & Co KG, (Webhosting, Webmail, Germany)
- eworx Network und Internet GmbH (Newsletter – Austria)
How long do we process your data?
Your data will be stored in a form that allows you to be identified only for as long as is necessary for the purpose for which it is processed.
Information
By providing us with your data via the contact form or email, contacting us by telephone or in person, you expressly consent to your data, including the personal data provided by you and any unsolicited and voluntarily provided special categories of personal data, being processed by us and the above-mentioned recipients for the duration of the processing of the information in question.
If you contact us merely to obtain information from us, your data will therefore either be deleted immediately or deleted after a reasonable period of time corresponding to the content of the communication, depending on the content of the communication.
If you withdraw your declaration of consent, we will delete (or have deleted) all your data – including cumulative data – from all databases.
order
Due to company and tax law requirements, we are obliged to store your address, payment and order data for a period of 7 years.
If you contact us to conclude a contract, the data will be deleted at the end of the 7th year after the last receipt has been posted (§ 132 BAO).
If a contract is concluded, all data from the contractual relationship will therefore be stored until the end of this period.
However, we will restrict processing after 2 years, i.e. your data will only be used to comply with legal obligations.
Statutory/legal retention obligations or contractual obligations, e.g. towards customers from warranty or compensation or towards contractual partners, are a further basis for continuing to store your data.
(Art 6 para 1 lit c GDPR; Art 17 para 3 lit e GDPR).
The data categories name, address, purchased goods and date of purchase are also stored until the expiry of product liability (10 years).
Newsletter
The data you provide for the newsletter will only be stored by us for as long as you wish to receive the newsletter and beyond that only as long as we need data to enforce or defend against legal claims.
You can revoke your consent to the newsletter at any time with effect for the future by clicking on the link provided in every newsletter e-mail, in writing by e-mail or letter to our contact address.
The withdrawal of consent does not affect the lawfulness of the processing of your data based on your consent before its withdrawal.
Once consent has been withdrawn, the personal data of the subscriber that has been collected and stored will be deleted immediately.
Marketing (general)
Marketing data is stored for 3 years after the last contact.
Blog functions
You can read the articles in the blog, where we publish various articles on the subject of (shoe) fashion and lifestyle to complement our range.
Google reCAPTCHA
On this website we use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing.
The legal basis for the use of Google reCAPTCHA is our legitimate interest pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR in protecting our online presence from abusive machine or automated processing.
Google LLC also processes your personal data in the USA and has submitted to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google.
Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.
Google Fonts are automatically loaded for reCaptcha; this cannot be prevented and their use is covered by the legitimate interest in the use of reCaptcha and its purpose.
In the interest of data minimization, no Google Fonts are used on this website except for reCaptcha.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq.
Social media plugins
We only link to Facebook, Instagram and YouTube and do not use any plugins or cookies in compliance with the GDPR.
Address of the respective page including URL to its data protection information:
Meta Inc., 1601 Willow Road, 94024 Menlo Park, USA, https://www.facebook.com/policy.php,https://www.facebook.com/policies/cookies https://www.facebook.com/legal/terms/page_controller_addendum#.
Facebook page
We use a Facebook page at
https://www.facebook.com/HARTJES.Schuhe
The corresponding provisions supplementing this privacy policy can be found here:
https://www.facebook.com/policy.php
https://www.facebook.com/policies/cookies
https://www.facebook.com/business/news/updates-for-page-admins-in-the-eu-and-the-eea
https://www.facebook.com/legal/terms/page_controller_addendum#
Instagram profile
We use an Instagram profile at
https://www.instagram.com/hartjes_official/?igsh=eWl6MjByYWp1eDI5
The corresponding provisions supplementing this privacy policy can be found here:
https://help.instagram.com/519522125107875
https://help.instagram.com/1896641480634370
YouTube channel
We operate a YouTube channel at
https://www.youtube.com/@hartjes.schuhe768
The corresponding provisions supplementing this privacy policy can be found here: