EDERA Protect GmbH Privacy Policy

1. General

The website www.alphamask.at including the online shop is operated by EDERA Protect GmbH, Telepark 1, 8572 Bärnbach, Austria (hereinafter also "operator” or "website operator”) as the Controller within the meaning of the General Data Protection Regulation (GDPR).

The protection and security of your personal data are important to us. The platform therefore stores and processes data exclusively in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). As a user, you hereby acknowledge the data processing provisions.

2. Website access data

As the website operator or website provider, we collect data about access to the website and save them in the form of "server log files”. The following data are logged in this manner:

• Website visited
• Time of access
• Volume of data sent in bytes
• Source/link from which you accessed the page
• Browser used
• Operating system used
• IP address used

The gathered data only serve the purpose of statistical evaluation and of improving the website. However, the website operator reserves the right to check the server log files retrospectively should there be specific indications of unlawful use. We do not otherwise pass on data to third parties.

3. Categories of processed data

We process your personal data that come under the following data categories:

• Surname, first name
• Company
• Date of birth
• Commercial register no.
• Contact person
• Customer's address, other addresses,
• Contact details (telephone number, fax number, email address etc.)
• Bank details
• Credit card details
• Order details
• UID number
• Customer service inquiries
• Goods purchased
• Date purchased

You have voluntarily provided us with your data, and we process these data on the basis of your consent for the following purposes:

• Customer care
• Running our website and online shop
• For our own advertising purposes, for example for sending offers, advertising brochures and newsletters (in paper and electronic form) as well as for the purpose of referring to the existing or former business relationship with the customer (reference notice).

This consent can be revoked by writing to EDERA Protect GmbH, Telepark 1, 8572 Bärnbach, Austria or datenschutz@alphamask.at

The data provided by you are also necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. We cannot conclude the contract with you without these data.

4. Consent to data processing and revocation

The following applies when a user enters data on the platform or subscribes to a newsletter: The user consents to their personal data being processed for the following purposes and stored by EDERA Protect GmbH:

Answering a query, sending out the EDERA Protect newsletter and sending out promotional material about EDERA Protect GmbH products and services. This consent can be revoked at any time by writing to EDERA Protect GmbH, Telepark 1, 8572 Bärnbach, Austria or datenschutz@alphamask.at 

In addition, the website operator is entitled to send a newsletter to existing customers within the framework of § 107 (3) Austrian Telecommunications Act. This can also be revoked at any time by writing to EDERA Protect GmbH, Telepark 1, 8572 Bärnbach, Austria or datenschutz@alphamask.at 

5. Handling of personal data

Personal data include all data used to identify your person and which can be traced back to you, for example your name, your email address and telephone number.

The website operator only collects, uses and passes on your personal data if this is permitted by law, or if you consent to the data being collected and passed on.

We process your data to fulfil contractual obligations (Art. 6 para. 1b GDPR), within the scope of your consent/registration (Art. 6 para. 1a GDPR) and, where necessary, to comply with legal obligations (Art. 6 para. 1c GDPR).

Furthermore, we have the right to process your data to safeguard legitimate interests (Art. 6 para. 1f GDPR) for the purposes of advertising or market and opinion research, provided you have not objected to their use in accordance with Art. 21 GDPR.

As we process data in accordance with our legitimate interests, in principle you have a right of objection if there are reasons due to your particular situation that go against this processing.

As we (also) process the data for direct advertising, you can object to this processing for the purposes of direct advertising at any time.

6. Duration of data storage

We process your personal data, where required, for the entire duration of the business relationship and beyond in accordance with the legal retention and documentation periods. These are based on the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO) and the General Civil Code (ABGB), amongst others.

Specifically, if a contract is concluded via the online shop, all data from the contractual relationship are stored until the expiry of the fiscal retention period (7 years). The data "name”, "address”, "goods purchased” and "date purchased” are also stored until the expiration of the product liability (10 years).

7. Data transfer and processors

Within EDERA Protect GmbH, those departments or employees receive your data who need them to fulfil contractual, consensual and legal obligations or legitimate interests. In addition, we pass on your data to order processors commissioned by us, if they need these data to fulfil the respective contractual services.

The data will not be passed on to third countries (with the exception of the services specified below, the use of which you hereby expressly consent to) or to international organisations. The data are also not used for automated decision-making.

8. Categories of order processors

Processors commissioned by us (e.g. IT, shipping or back-office service providers) receive your data if they need the data to perform their respective services. All order processors are contractually obligated to treat your data confidentially and only process them in the context of their service provision. Where a legal or regulatory obligation is in place, public bodies and institutions as well as our owners may be recipients of your personal data. The following categories of contract processors or service providers exist: providers, IT service providers, telecommunications companies, tax consultants, law firms, cooperation, shipping and sales partners.

9. Cookies and services

Cookies are small text files that the platform stores on your computer in order to recognise it. The information contained in the cookies is used to determine whether you are logged in or which data you have already entered, and information about the use of the website. Most web browsers automatically accept cookies. You can avoid this by changing the settings in your browser. You can remove cookies stored on your PC at any time by deleting the temporary internet files, or by selecting the appropriate settings when you visit our website for the first time.

Specifically, the following cookies are stored beyond the respective session:

This cookie is used to track whether a user has already participated in competitions or raffles and is stored for a period of 365 days.

This website uses Universal Analytics and Google Remarketing, a web analysis service(s) provided by Google Inc. ("Google”). Universal Analytics uses so-called "cookies”, which enable an analysis of the use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the USA.

Google Analytics, _utma: 
We set this cookie to count how many users visit our websites. It is usually set the first time you visit our website. If you delete it (e.g. by deleting all cookies via the browser settings), a new one will be placed on your next visit.

Google Analytics, _utmb: 
This cookie is used to count so-called user sessions, i.e. every visit to our website (but not every click on a new website or another area within the website). This cookie expires after 30 minutes of inactivity. If you access our website again after this period has expired, a new cookie will be stored.

Google Analytics, _utmc: 
This cookie is used to count and document the end of the user session, i.e. a visit to our website during which you can access several websites or areas of our website. This cookie expires after 30 minutes of inactivity.

If you access our website again after this period has expired, a new cookie will be stored.

Google Analytics, _utmv: 
This cookie is used to segment user groups on the website. For example, registered and unregistered users are distinguished, and their user behaviour is considered separately.

Google Analytics, _utmz: 
This cookie documents how visitors get to a page; via an advertisement or a specific search engine. We use this information to measure how effective our online advertising is and to study how we can improve the navigation within our website.

However, if IP anonymisation is activated, as is the case with this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. A clear assignment of the IP address is no longer possible. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser in the context of Universal Analytics is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. Since user data are not only collected by cookies, deleting them does not completely prevent data collection by the measurement protocol. You can also prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on the terms of use and on privacy at  https://www.google.com/analytics/terms/de.html

We use Facebook Pixel from Facebook, a social media network from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The code implemented on this page can evaluate the behaviour of visitors who came to this website from a Facebook advertisement. This can be used to improve Facebook advertisements and these data are recorded and stored by Facebook. We cannot inspect the collected data; they can only be used within the context of placing advertisements. The use of the Facebook Pixel code also sets cookies. The use of the Facebook Pixel means that visits to this website are shared with Facebook so that visitors receive advertisements suited to them on Facebook. If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account. You can find out here how the Facebook Pixel is used for advertising campaigns.

You can change your settings for advertisements in Facebook here, provided you are logged into Facebook. Here, you can manage your preferences for usage-based online advertising and deactivate or activate many providers at once or change settings for individual providers.

You can find more information on Facebook's privacy policy here.

Functions of the Instagram service are integrated into our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, 94025 CA, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or their use by Instagram. You can find more information on this in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

We have concluded a data processing contract and data protection clauses with Facebook and the other providers, and we implement the strict requirements of the data protection authorities when using the services of Google Analytics and other providers. The appropriate level of protection therefore results, among other things, from standard data protection clauses according to Art. 46 para. 2 lit c and d GDPR, or from an adequacy decision of the European Commission according to Art. 45 GDPR.

10. User account

Each customer must set up a password-protected customer account in order to be able to place orders via this offer in the online shop. This contains an overview of orders placed and active order processes. If you leave the online shop as a customer, you will be automatically logged out. The operator assumes no liability for password misuse, unless this was caused by the operator itself.

11. Ordering process

All data entered by customers in the course of order processing are saved. These include:

· Surname, first name
· Company
· Address
· Payment data
· Email address

Data that are absolutely necessary for delivery or order processing are passed on to third-party service providers. Your data will be deleted as soon as their storage is no longer necessary or required by law.

12. Different payment methods 

We use the functions of the service Stripe, 510 Townsend Street, San Francisco, CA 94103, USA to process payments. Further information can be found at https://stripe.com/at/privacy. By registering or purchasing, customers expressly consent to the payment being made via Stripe and to the data required for this being transmitted to Stripe.

The PayPal payment service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg, is also available as a payment option.

PayPal handles personal information in accordance with the applicable privacy regulations and in accordance with the information in PayPal's privacy regulations. Further information can be found at www.paypal.com/de/webapps/mpp/ua/privacy-full.

If you opt for the Klarna payment service, we will ask you to consent to us transmitting the data necessary for processing the payment as well as carrying out an identity and credit check to Klarna. The credit agencies specified in Klarna's privacy policy can be used for identity and credit checks. You can notify Klarna at any time of the revocation of your consent to this use of your personal data.

Further information on data protection can be found at https://www.klarna.com/at/datenschutz/

If you select the SEPA direct debit payment method, your data will be processed for the purpose of carrying out the SEPA direct debit procedure.

The legal basis is the consent you granted us in accordance with Art. 6 para. 1a GDPR. The respective data result from the online form.

Once you have issued the SEPA mandate online, the data you provided (surname, first name, address, name and registered office of your bank, IBAN, etc.) will be saved for the direct debit requests selected by you in the online form. The data will be transferred to the bank you specified using the direct debit procedure.

If you would like to choose Maestro card as the payment method, we need the data marked as required when ordering, in particular your name, address, email address, credit card number, name of the card holder and the period of validity of the Maestro card to process the payment. We check the entered data together with the order data to be able to identify improper use of the Maestro card or the payment option with the Maestro card at an early stage and, after successful verification, use the data to process the agreed payment by Maestro card.

We process these data for the purpose of fulfilling our contractual obligations towards you. The collected personal data are processed on the basis of our legitimate interest, namely to offer you effective and secure payment options and, in this context, to prevent misuse and cases of fraud.

The provider of the Apple Pay payment method is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA, represented in Europe by Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. If you choose to pay via Apple Pay, the payment details you have entered will be transmitted to Apple Pay. Your data are transmitted to Apple Pay on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfil a contract). You have the option of revoking your consent to the data processing at any time. Revocation does not affect the effectiveness of data processing operations in the past. Further information on data protection and details on paying with Apple Pay can be found at https://support.apple.com/de-de/HT203027

13. Credit checks

In order to guarantee your safety and that of the operator, the operator carries out a credit check before concluding a contract. In addition to checking past transactions with the operator and any changes to your personal data, the operator also uses third-party service providers.

Your personal data (name, address, date of birth) will be sent to KSV1870 GmbH, Wagenseilgasse 7, 1120 Vienna, Austria or to Creditreform Austria, Muthgasse 36-40, 1190 Vienna, Austria.

14. User rights

All users of our website have the right to refuse the storage of their personal data; in this case, the user and their data will be deleted, unless there is a legal obligation to store the data. In addition, every user has the right to information, correction, erasure, restriction, data portability, revocation and objection. Please contact us in this regard. If you believe that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you have the option of complaining to the supervisory authority. The relevant supervisory authority in Austria is the data protection authority; in Germany it is the state data protection officers and the supervisory authorities for the non-public sphere; in Switzerland, it is the Federal Data Protection and Information Commissioner or the data protection authority of the respective cantons.

15. Contact options

EDERA Protect GmbH, Telepark 1, 8572 Bärnbach, Austria datenschutz@alphamask.at

Data protection coordinator: META legal – Raffling Tenschert Lassl Griesbacher & Partner Rechtsanwälte GmbH, RA Dr. Rainer Lassl, Lendkai 43/EG, 8020 Graz, Austria, rainer.lassl@meta-legal.at

16. Objection to advertising mails

We hereby object to the use of the contact data published in the context of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

17. Adaptation of these conditions

If necessary, we may adapt these terms and conditions for data protection. The respectively binding and current information is available at www.alphamask.at/privacy