Data Protection Policy

Overview

Welcome to www.genuss-region-shop.com! Get an idea of how your personal data is processed when visiting our platform, utilising our online shop or conducting any other business with us. (Art 13, Art 14 GDPR; § 96 Paragraph 3 Austrian Telecommunications Act (TKG)).

Which Information is Processed When You Visit Our Platform?

The following data may be processed when you visit our platform:

  • Browser type
  • Operating system
  • Country
  • Date, time and duration of the visit when accessing the platform
  • Partially masked IP address and pages visited on our website including the entry and exit pages
  • Payment data entered for the purpose of using the online shop
  • Contact details entered for the purpose of using the online shop
  • Data that you enter via a contact form
  • Email address
  • Newsletter dispatch
  • Telephone number
  • Date of birth (for products containing alcohol)
  • Purchased products

Processing the previously mentioned data is justified by the interest of operating our platform (Art. 6 Paragraph 1 Point f GDPR)

We may be required to disclose your data to the following parties in order to operate our platform and online shops:

Recipient of the data Purpose of data processing Legal basis for data processing Registered office Basis for transmission to a third country User affected
Hetzner Online GmbH Website hosting Predominantly legitimate interests (Art. 6 Para 1 Point f GDPR) Germany Within the EEA Website User
AWS EMEA SARL Newsletter dispatch Consent according to Art. 6 Paragraph 1 Point a GDPR
Luxembourg
Within the EEA Customers
Adyen N.V. Processing of online transactions Predominantly legitimate interests (Art. 6 Para 1 Point f GDPR) Netherlands Within the EEA Customers
Klarna Bank AB (publ) Processing of online transactions Predominantly legitimate interests (Art. 6 Para 1 Point f GDPR)
Sweden
Within the EEA Customers
SIX Payment Services Ltd Processing of online transactions Predominantly legitimate interests (Art. 6 Para 1 Point f GDPR) Switzerland Outside the EEA (adequacy decision according to Art 45 GDPR) Customers from Switzerland (country of delivery)
Amazon Payments Europe s.c.a. Processing of online transactions Predominantly legitimate interests (Art. 6 Paragraph 1 Point f GDPR)
Contractual obligation (Art. 6 Para 1 Point b GDPR)

Luxembourg

Within the EEA
Customers
Freshworks Inc Processing of customer enquiries Processor (Art. 28 GDPR) USA Standard data protection clause according to Art 46 GDPR Website User & Customers
Bamboo HR LLC Compliant applicant management Processor (Art. 28 GDPR) USA Standard data protection clause according to Art 46 GDPR Applicants for Niceshops GmbH

Overview of the "Technical" Cookies We Use

The data mentioned above is stored using so-called "cookies". Cookies are text files stored on your computer that enable user behaviour analysis based on your visit to our website. Cookies are used to recognise and temporarily save data pertaining to the website user. We only use cookies to the extent necessary to communicate with you via the platform.

These technical cookies are activated as soon as you visit our platform.

The following cookies are used on our platform on the basis of our predominantly legitimate interest (Art. 6 Paragraph 1 Point f GDPR):

Name Purpose of processing Duration of storage Country of residence of the recipient
shopcart Stores the selected products on the website in order to shop at a later date. Session Austria
S A server classification is made to prepare the website. Session Austria
NICEID The user is anonymously identified on the server which helps with fraud detection, among other things.
Session
Austria
consent_cookie Stores all cookies and cookie opt-ins that have been accepted 10 years Austria

About Advertising Cookies

In addition to using "technical cookies" as described above, we also utilise so-called advertising cookies ("statistical cookies"). These advertising cookies make it possible to better understand and evaluate your interests. With the help of advertising cookies, we can combine your browsing behaviour beyond the boundaries of our website with data sourced from other websites. This allows us to better understand the user's interests and address them on a more personalised level.

We respect that not all the users browsing our website are in agreement with the use of cookies. Therefore, your data is only processed with respect to advertising cookies if you agree to it (Art. 6 Paragraph 1 Point a GDPR). Consent can be revoked at any time, whereby the data processing carried out up until the time of the revocation remains warranted.

These advertising cookies are only activated once consent has been given.

Name Purpose of processing Duration of storage Registered office Purpose of disclosure
uid Marketing purposes 1 year France The information collected is used to personalise advertising placements.
uid Marketing purposes 1 year The information collected is used to personalize advertising placements.
mdrds_vid Marketing purposes 1 year Germany The information collected is used to personalize advertising placements.
mdrds_nin_668 Marketing purposes Session Germany The information collected is used to personalize advertisements.
fr Marketing purposes 90 days USA The information collected is used to personalize advertisements.
fatm_vid Marketing purposes 1 year USA The information collected is used to personalize advertisements.
fatm_nin_660 Marketing purposes 1 day USA The information collected is used to personalize advertising placements.
cvt Marketing purposes 14 days Austria Use of remarketing campaigns
_uetvid Marketing purposes 16 days Austria Use of remarketing campaigns
_uetsid Marketing purposes 1 day Austria Use of remarketing campaigns
_hjid Experience improvements 1 year Malta Improvement of the user experience through more precise data on browsing behaviour
_hjTLDTest Experience improvements Session Malta Improvement of the user experience through more precise data on browsing behaviour
_hjAbsoluteSessionInProgress Experience improvements Session Malta Improvement of the user experience through more precise data on browsing behaviour
_gid Statistical purposes 1 day Austria Statistical traceability of browsing behaviour
_gcl_au Statistical purposes 90 days Austria Statistical traceability of browsing behaviour
_ga Statistical purposes 2 years Austria Statistical traceability of surfing behaviour
_fbp Marketing purposes 90 days Austria Use of remarketing campaigns
__Secure-3PSIDCC Detection of logged-in users 1 year USA Detection of logged-in Google accounts
__Secure-3PSID Detection of logged-in users 2 years Ireland Detection of logged-in Google accounts
__Secure-3PSID Detection of logged-in users 2 years USA Detection of logged-in Google accounts
__Secure-3PAPISID Detection of logged-in users 2 years USA Detection of logged-in Google accounts
__Secure-3PAPISID Detection of logged-in users 2 years Ireland Detection of logged-in Google accounts
SSID Marketing purposes 2 years USA Use of remarketing campaigns
SIDCC Marketing purposes 1 year USA Use of remarketing campaigns
SID Marketing purposes 2 years USA
SEARCH_SAMESITE Marketing purposes 6 months USA
SAPISID Marketing purposes 2 years USA Use of remarketing campaigns
NID Marketing purposes 1 year Ireland Use of remarketing campaigns
NID Marketing purposes 6 months USA Use of remarketing campaigns
MUID Marketing purposes 1 year USA Use of remarketing campaigns
HSID Marketing purposes 2 years USA Use of remarketing campaigns
DV Marketing purposes Session USA
APISID Marketing purposes 2 years USA
AID Marketing purposes 1.5 years USA
_fw_crm_v Contact option 1 year Ireland Onsite chat option

When Do We Process Your Data for Business Transactions?

While conducting business with you, we process contractual data (executing our contractual relationship with you, pre-contractual obligations, billing of services, dispatch of documents, communication for the execution of the contract) and legal obligations (legally required storage within the scope of Section 132 BAO, Federal Fiscal Code) (Art. 6 Paragraph 1 Point b and c GDPR), as well as data used for our legitimate interests or for the legitimate interests of third parties (Art. 6 Paragraph 1 Point f GDPR), such as:

  • Data used for the internal administration and management of your business transaction (e.g. processing your business transaction, forwarding your business transaction to various departments, filing, archiving purposes, correspondence)
  • Data used for the purpose of direct advertising (e.g. postage, emailing, customer satisfaction surveys, congratulatory letters, statistical evaluations); You can object to the processing of your data for direct marketing purposes.
  • Data used for law enforcement and in defence of legal claims

Your data is used only to the extent required. Processing your data serves to initiate, maintain and process your business transaction. If you do not provide us with the data we require, we will not be able to process your business transaction.

How Long Will Your Data Be Stored?

We will only store your data for as long as is necessary to fulfil the purposes for which we collected your data. Statutory retention requirements must be taken into account during this time period (for example, for tax purposes, contracts and other documents regarding our contractual relationship are generally kept for a period of seven years (Federal Fiscal Code, § 132 BAO)). In justified individual cases, for example, to assert and defend legal claims, we can store your data for up to 30 years after our business relationship has ended.

We store data from interested parties for up to three years from the time the interested party has last contacted us.

Who May Obtain Your Data?

Over the course of our business relationship, it may be necessary for us to transfer your data to the following recipients:

Recipient of the data Purpose of data processing Legal basis for data processing Registered office Basis for transmission to a third-party country
Logistics service provider Shipment of orders Legal obligation (Art. 6 Para 1 Point c GDPR) Generally EEA - but also third-party countries in exceptional cases If outside the EEA - Art. 49 Paragraph 1 Point b and e GDPR

Collection of Data From Other Sources (Art. 14 GDPR)

Over the course of a business relationship, it is necessary to make enquiries regarding the business partner. This is done only to the extent necessary. In this context, data can be accessed and processed from the following sources:

Source Publicly available? Data affected Purpose / Reason
Company website Yes Contact / structural data Contacting us for business purposes

Do We Use Automated Decision-Making or Profiling (Art. 13 (2) Point f GDPR)?

No automated decision-making takes place on our website. Over the ordering process, however, it is possible that the respective payment service provider uses profiling to detect fraud.

What rights do you have with regard to data processing?

Provided that the legal requirements are met, you have the right to:

  • request information about what type of data we process (see Art. 15 GDPR).
  • request amendments to or completion of incorrect or incomplete data (see Art. 16 GDPR).
  • have your data deleted (see Art. 17 GDPR).
  • object to the processing of your data that is necessary to safeguard your legitimate interests or that of a third party. This applies, in particular, to the processing of your data for advertising purposes.
  • receive a copy of the data you provided in a structured, prevalent and machine-readable format.

If we process your data on the basis of your consent, you have the right to revoke this consent at any time via email. This does not affect the legality of the data processing that has taken place up to this point in time (Art. 7 (3) GDPR).

What are Your Rights of Appeal?

If, contrary to expectations, your right to the lawful processing of your data is violated, please contact us via post or email. We will do our best to handle your request immediately. However, you also have the right to lodge a complaint with the supervisory authority responsible for data protection.

How Can You Contact Us?

If you have any further questions about how your data is processed, please feel free to contact our data protection coordinator using the contact details below.

Responsible Parties

The person responsible in respect to Art. 4 Z 7 GDPR is:

niceshops GmbH
Saaz 99
8341 Paldau
global@genuss-region-shop.at
(+43) 720 710740 9000

ATU63964918

FN302888z

Chief executive officers: Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler

Graz Regional Court for Civil Matters

District Commission Southeast Styria

Member of the trade division, the Styrian Chamber of Commerce.

Author: Attorney-at-law, Dr. Tobias Tretzmüller, LL.M (IT-LAW); https://www.digital-recht.at/

Copyright information: Use of this data protection declaration, or even parts thereof, without the consent of the author constitutes a copyright infringement.