The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR).

In this privacy policy, we inform you about which personal data is collected when you visit our website, for what purposes it is processed, and what rights you are entitled to.

Personal data means any information that can be used to identify you personally.

You can generally use our website without providing personal data. However, if you transmit data to us via our website (e.g. when placing an order, using a contact form, or subscribing to a newsletter), this data will only be processed for the specified purpose and in accordance with legal requirements.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content.

You can recognize an encrypted connection by the change in your browser’s address bar from “http://” to “https://” and by the lock symbol in your browser.

Encryption ensures that data you transmit to us cannot be read by third parties.

Our website is operated using Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada.

Shopify provides the technical infrastructure for our online store and enables in particular:

- hosting of the website  
- presentation of content  
- order processing  
- payment processing  
- shipping and fulfillment  
- customer communication  
- analysis and technical optimization of the website  

When using our website, personal data may be processed, including:

- master data (e.g. name, address)  
- contact data (e.g. email address, phone number)  
- payment data  
- order and transaction data  
- usage data (e.g. IP address, device and browser information)  

This processing is necessary to operate our online store and to fulfill contracts with you.

Legal basis:

- Art. 6(1)(b) GDPR (performance of a contract)  
- Art. 6(1)(f) GDPR (legitimate interest in a secure and functional website)  

Shopify generally acts as a data processor. In certain cases (e.g. service improvement), Shopify may also act as an independent controller.

Personal data may also be processed outside the European Union, in particular in:

- Canada (adequacy decision by the European Commission)  
- United States (protected via standard contractual clauses)  

Further information can be found at:  
https://www.shopify.com/legal/privacy

Our website uses cookies and similar technologies to ensure technical functionality, analyze usage, and support marketing activities.

Cookies are small text files stored on your device that contain certain information.

Some cookies are technically necessary for the operation of the website. Other cookies (e.g. for analytics and marketing) are only used with your explicit consent.

We use the consent management tool TinyCookie (TinyCookie Ltd., United Kingdom) to manage your preferences.

When visiting our website, a cookie banner is displayed that allows you to:

- accept all cookies  
- select specific categories  
- or reject non-essential cookies  

Your selection is stored and applied on future visits.

The following data may be processed:

- consent status  
- selected cookie categories  
- timestamp of your decision  
- technical data (e.g. shortened IP address, browser information)  

Processing is based on:

- Art. 6(1)(c) GDPR (legal obligation)  
- Art. 6(1)(a) GDPR (consent)  

You can withdraw or change your consent at any time with future effect, for example via the cookie settings on our website.

Further information:  
https://tinycookie.com/privacy-policy/

We use the Meta Pixel provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

👉 The Meta Pixel is only activated after your explicit consent.

The Meta Pixel allows us to analyze user behavior on our website and measure and optimize the effectiveness of our advertising.

The following data may be processed:

- visited pages and page views (PageView)  
- interactions (e.g. clicks, product views, cart, purchases)  
- technical data (e.g. IP address, browser and device information)  
- referrer data (e.g. origin of users)  

The collected data is generally not directly identifiable to us but may be linked by Meta with other data.

Meta may use this data for its own purposes, including:

- creating user profiles  
- delivering personalized advertising  
- analyzing and optimizing ad campaigns  

Legal basis:

- Art. 6(1)(a) GDPR (consent)

Data may be transferred to the United States. Safeguards are ensured via standard contractual clauses.

You can withdraw your consent at any time via the cookie settings on our website.

Further information:  
https://www.facebook.com/privacy/policy/

We use the Pinterest Tag provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, on our website.

👉 The Pinterest Tag is only activated with your explicit consent.

The Pinterest Tag allows us to analyze user behavior on our website and measure and optimize the effectiveness of our Pinterest advertising campaigns.

The following data may be processed:

• visited pages and interactions (e.g. page views, clicks, purchases)

• technical information (e.g. IP address, browser and device information)

• referrer information (origin of users)

As a website operator, we generally cannot directly identify individuals from this data. However, Pinterest may link this data with additional information.

Pinterest may use this data for its own purposes, in particular for:

• creating user profiles

• delivering personalized advertising

• analyzing and optimizing advertising campaigns

The legal basis for processing is:

• Art. 6(1)(a) GDPR (consent)

A transfer of personal data to the USA cannot be excluded. Appropriate safeguards are implemented via standard contractual clauses of the European Commission.

You can withdraw your consent at any time with effect for the future, for example via the cookie settings on our website.

For more information, please visit:

https://policy.pinterest.com/en/privacy-policy

You have the option to subscribe to our newsletter via our website. For this purpose, we require your email address and your consent to receive the newsletter.

After registration, you will receive a confirmation email as part of the double opt-in process. Your subscription becomes effective only after confirmation.

The newsletter is sent via Shopify Email, a service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.

The following data may be processed:

• email address

• time of registration and confirmation

• technical information (e.g. IP address, device data)

In addition, statistical analysis (e.g. open rates and click behavior) may be carried out to optimize the newsletter.

Processing is based on:

• Art. 6(1)(a) GDPR (consent)

You can withdraw your consent at any time by using the unsubscribe link in any newsletter email or by contacting us directly.

For more information, please visit:

https://www.shopify.com/legal/privacy

We use external payment service providers to process payments in our online shop.

Depending on the selected payment method, personal data may be transmitted to the respective provider. This may include in particular:

• name

• billing and shipping address

• email address

• payment information

• order and transaction data

Processing is carried out for the purpose of handling payments and thus fulfilling the contract.

Legal basis:

• Art. 6(1)(b) GDPR (performance of a contract)

We use the following payment providers in particular:

Shopify Payments

Shopify International Limited

Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland

https://www.shopify.com/legal/privacy

PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A.

22–24 Boulevard Royal, 2449 Luxembourg, Luxembourg

https://www.paypal.com/privacy

Depending on the provider, data may be transferred to third countries (e.g. the USA). In such cases, appropriate safeguards such as standard contractual clauses are used.

For more information, please refer to the privacy policies of the respective providers.

The hosting provider of our website automatically collects and stores information in so-called server log files, which your browser transmits to us automatically.

This includes in particular:

• IP address

• date and time of the request

• accessed page (URL)

• referrer URL (previously visited page)

• browser type and version

• operating system used

This data is not assigned to specific individuals and is not combined with other data sources.

Processing is carried out solely to ensure the secure and stable operation of the website and for error analysis.

Legal basis:

• Art. 6(1)(f) GDPR (legitimate interest)

Our legitimate interest lies in the technical stability, security, and optimization of our online services.

The log files are stored for a limited period and then automatically deleted.

As part of using our website, personal data may be transferred to recipients outside the European Union (EU) or the European Economic Area (EEA), in particular to:

• United States

• Canada

• United Kingdom (UK)

Not all of these countries provide a level of data protection equivalent to that of the EU.

Where data is transferred to third countries without an adequacy decision (e.g. the United States), we ensure that appropriate safeguards are in place in accordance with Art. 44 et seq. GDPR. This is primarily done through the use of standard contractual clauses approved by the European Commission.

For certain countries, an adequacy decision by the European Commission exists, confirming an adequate level of data protection (e.g. Canada, United Kingdom).

Further information on the safeguards used can be obtained upon request.

The processing of your personal data is based on the following legal grounds under the General Data Protection Regulation (GDPR):

- Art. 6(1)(a) GDPR (consent): 
  If you have given your consent to the processing of your data (e.g. for marketing or analytics cookies).

- Art. 6(1)(b) GDPR (performance of a contract): 
  For processing orders and carrying out pre-contractual measures.

- Art. 6(1)(c) GDPR (legal obligation): 
  To comply with legal obligations, in particular under tax and commercial law.

- Art. 6(1)(f) GDPR (legitimate interests): 
  To ensure a secure and functional operation of the website and to improve our services, provided that your interests or fundamental rights do not override.

If you leave a comment on our website, the data you provide (in particular your name, email address, comment content, and your IP address) will be stored.

Your comment will be reviewed before publication and will then be publicly visible on our website.

The storage of this data is necessary to provide the comment function and to prevent misuse and spam.

Legal basis:

• Art. 6(1)(f) GDPR (legitimate interest)

Our legitimate interest lies in operating a functional comment system and ensuring the security of our website.

The data will be stored as long as the commented content remains available or as long as necessary to fulfill legal obligations.

You have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15 GDPR)

  You have the right to obtain information about whether and which personal data we process about you.

• Right to rectification (Art. 16 GDPR)

  You can request the correction of inaccurate or incomplete data.

• Right to erasure (Art. 17 GDPR)

  You have the right to request the deletion of your personal data, unless legal retention obligations apply.

• Right to restriction of processing (Art. 18 GDPR)

  You may request the restriction of the processing of your data under certain conditions.

• Right to data portability (Art. 20 GDPR)

  You have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.

• Right to object (Art. 21 GDPR)

  You may object at any time to the processing of your data if it is based on legitimate interests.

• Right to withdraw consent (Art. 7(3) GDPR)

  You may withdraw your consent at any time with effect for the future.

If you believe that the processing of your data violates data protection law, you also have the right to lodge a complaint with a supervisory authority.

In Austria, this is in particular:

Austrian Data Protection Authority

https://www.dsb.gv.at

If you contact us via a form on our website, by email, or by other means, the data you provide (in particular your name, email address, and any additional information) will be processed for the purpose of handling your request and any follow-up questions.

Processing is based on:

• Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures)

• Art. 6(1)(a) GDPR (consent)

Your data will only be stored for as long as necessary to process your request or as required by legal retention obligations.

Your data will not be shared without your consent.

You can contact us at:

• Contact form 
• Email: hallo@keomakindl.at