Data protection

Keoma Kindl | Version from January 21, 2024

Introduction

The protection of your personal data is particularly important to me. I therefore process your data exclusively on the basis of the applicable legal provisions (EU General Data Protection Regulation GDPR, TKG 2003). In this data protection information I will inform you about the most important aspects of data processing in the context of my activities.

It is generally possible to use my website without providing any personal data. If you enter personal data, for example for the purpose of contacting us or subscribing to a newsletter, I will pass on the necessary information you provided to companies that process data on my behalf (e.g. sending the newsletter). I only commission companies that work in accordance with the provisions of the General Data Protection Regulation.

Encrypted Transmission

For security and data protection reasons, my website uses SSL encryption, which prevents third parties from intercepting and reading the data you enter during transmission. You can recognize active encryption by the padlock or similar symbols in the address bar of your browser.

Newsletter

You have the option of subscribing to my newsletter via my website. For this I need your email address and your declaration that you agree to receive the newsletter.

Once you have registered for the newsletter, I will send you a confirmation email with a link to confirm your registration. The data processing is therefore carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) of the GDPR.

You can of course cancel the newsletter at any time. Please send your cancellation to the following email address: hallo@keomakindl.at or use the corresponding link at the end of the newsletter. I will then immediately delete your data in connection with sending the newsletter.

Our email newsletters are sent via Shopify Email, a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), to which we send your pass on the data provided when registering for the newsletter. This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. The data you enter to receive the newsletter (e.g. email address) is generally stored on Shopify's servers in the EU.

As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA). Inc. or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.

Shopify uses this information to send and statistically evaluate the newsletters on our behalf. For evaluation purposes, the emails sent may contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message was opened and which links, if any, were clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients. If you would like to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Furthermore, Shopify itself can use this data in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, Shopify does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties. We have concluded an order processing agreement with Shopify, with which we oblige Shopify to protect our customers' data and not to pass it on to third parties. You can view Shopify's privacy policy here: https://www.shopify.de/legal/datenschutz

Server Protocols

The server from which this website is provided stores information that is automatically transmitted to us by your browser in so-called log files. These are:

  • Browser type and browser version
  • Operating system used
  • The page (URL) from which you came to us
  • The IP address of the accessing computer
  • Time of request

This data is used exclusively for technical monitoring of the web server (utilization, optimization, error detection, security) and is absolutely necessary for this purpose. They are not connected to other data sources so that they cannot be assigned to individual people. They will be deleted after three months.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the proper and secure functioning of the website.

Operation of the Website by Shopify

To operate my website, I use the shop system of the service provider Shopify. The service provider for Europe is Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Your personal information, such as your name, billing address, shipping address, email address, phone number and payment information, as well as information about how you access my website, is processed by Shopify International Ltd. (“Shopify EU”) processes. As part of providing my services, this personal information may also be transferred to other regions, including Canada and the United States. If your personal information is transferred to Canada, it will be protected under Canadian law. The European Commission has classified Canada as a safe third country through an adequacy decision, which ensures adequate protection of your data. If your personal data is transferred to a country outside Canada (for example to sub-processors), such data will be protected by contractual obligations comparable to the European Commission's Standard Contractual Clauses and will therefore be carried out in accordance with relevant data protection laws. You can view the European Commission's standard contractual clauses at the following link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Data processing is carried out on the basis of Art 6 Paragraph 1 lit b (fulfillment of a contract) and Art 6 Para 1 lit f (legitimate interests) of the GDPR. The fulfillment of a contract within the meaning of the GDPR is the processing of personal data provided by you, such as your name, your billing address, your delivery address, your email address, your telephone number and payment information for the purpose of sales, payment and shipping make possible. The legitimate interest within the meaning of the GDPR is the attractive and technically flawless presentation of a website for marketing purposes.

Shopify has integrated a Data Processing Addendum into its terms and conditions. This serves as a data processor agreement in which Shopify commits to complying with the standard contractual clauses defined by the EU Commission. You can view Shopify's Data Processing Addendum here: https://www.shopify.com/legal/dpa

For more information, please see Shopify's privacy policy at
https://www.shopify.com/de/legal/datenschutz

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.

We use cookies to make our offering user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit.

Some of these cookies are necessary for the operation of the website and store your consent to non-essential cookies, the language you have chosen and are used for registration. Add additional essential cookies here. If you do not want the necessary cookies to be stored, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

The legal basis for the use of necessary cookies is Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. Legitimate interests within the meaning of the GDPR are the proper and secure functioning of the website and the optimization of our offering.

In addition, other cookies that are not absolutely necessary for the operation of the website may be stored and only with your consent. Details about this in the following sections.

Pinterest Tag

There is a pixel on our website that belongs to Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), integrated. This Pinterest tag enables the pseudonymized collection, storage and evaluation of information about the surfing behavior of website visitors. The assignment to a specific person is done using additional information that Pinterest has stored, for example based on a user account on “Pinterest”.

The use of the Pinterest tag for needs-based placement, optimization and measurement of the conversion of our Pinterest campaigns is carried out in accordance with Art. 6 Paragraph 1 Letter f GDPR . This ensures that our Pinterest ads are only shown to users who are interested in what we offer. The Pinterest Tag also enables the tracking of Pinterest users' actions after viewing or clicking on one of our Pinterest ads. This is used for statistical and market research-related measurement of campaign conversion. During this processing, device information, the operating system used, the IP address of the device, the time the offer was accessed, the type and content of the campaign and the reaction to the campaign (e.g. click on a button) are processed.

The data collected is processed anonymously and does not allow any conclusions to be drawn about the identity of the user. This data processing for advertising purposes is based on a legitimate interest in accordance with recital 47 of the GDPR. According to Article 6 (1) (f) of the GDPR, this processing is permitted because it is necessary to safeguard our legitimate interest in direct marketing, while at the same time taking due account of the interests, fundamental rights and freedoms of the data subjects. The data is stored in accordance with the statutory retention periods and then automatically deleted.

After visiting our website and logging into your Pinterest account, Pinterest may store and process the data for its own advertising purposes. You can object to this data processing at any time by deactivating the corresponding settings in your Pinterest account or activating the “Do Not Track” setting in your browser. For more information, please see Pinterest's privacy policy:
https://policy.pinterest.com/de/privacy-policy

Payment Service Provider

Keoma Kindl offers the payment service providers ShopifyPay and PayPal to process payments. Choosing a specific payment method may result in the transmission of payment data to the relevant payment service provider. If your data is processed outside the EU, the payment service provider is committed to complying with the EU standard contractual clauses. For more information on how payment service providers process personal data, please see their privacy policies. The legal basis for the use of ShopifyPay and PayPal is Article 6 Paragraph 1 Letter b GDPR (fulfillment of a contract).

Consent Management with Consentmo GDPR

To query and store your consent for cookies and other data processing that requires your consent, we use Consentmo GDPR Compliance App, a service provided by Consentmo Ltd., 4 Prof. Georgi Bradistilov, entr. A, 4th floor, Sofia, Bulgaria.

Consentmo does not collect any personal information, such as names, addresses, etc. All this information is stored in Shopify, Consentmo does not have access to it. What Consentmo collects is only the customer's email, and only if the customer makes a GDPR request, otherwise Consentmo doesn't have it. Consentmo requires the email when a GDPR request or other request is made, as this is the only way Consentmo can understand which request was made by that particular user. The IPs are masked from Shopify merchants and are only visible to the visitors themselves (if they make a GDPR request).

Depending on the type of request (acceptance of cookies, GDPR request, request for deletion, etc.), Consentmo collects the following data, among others:

  • Request Type - the type of request that was made
  • Customer ID (if registered)
  • Customer email (if registered)
  • Customer IP (masked for Shopify merchants)
  • Customer User Agent (masked to Shopify merchants)
  • ID of the accepted page
  • Date and time of request or consent

The data is processed exclusively in the EU (Amsterdam, Netherlands) and stored for 12 months to document your consent and then automatically deleted.

The use of Consentmo GDPR is based on Article 6 Paragraph 1 lit c (legal regulations) in order to obtain the legally required consent for the use of cookies.

Information about data processing by Consentmo can be found here: https://www.consentmo.com/privacy-policy-terms-of-service and https://www.consentmo.com/data-processing-addendum

Comments

If you comment on a post on this website, your comment, your name, your email address and your IP address will be saved.

Before your comment is published, we will check it for legal violations such as insults or racist or inciting statements. The stored data is necessary in order to be able to take action against such authors if necessary. The data will be deleted as soon as the associated post is removed from the website.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit a (consent) of the GDPR.

Data Storage

For accounting purposes, the following customer data is stored internally: name, address, telephone number, email address, VAT ID. If you have agreed to a direct debit mandate (SEPA direct debit mandate), also your bank details. This data will not be passed on, with the exception of transmission to the processing banking institutions/payment service providers for the purpose of debiting, as well as to my tax advisor for accounting purposes and to fulfill my tax obligations. The data is stored exclusively within the EU.

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you.

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired.

The above data is stored

  • On encrypted local computer systems or portable computers secured by passwords and physical access protection.
  • in zero knowledge cloud solutions from Filen (Filen Cloud Services UG (limited liability), Breite Straße 27, 45657 Recklinghausen, Germany), which are encrypted on the client side and secured by a password. The data is stored exclusively on servers in Germany. Filen's data protection regulations can be found here: https://filen.io/privacy

Data processing is carried out on the basis of Article 6 Paragraph 1 lit c (legal regulations) of the GDPR and Article 6 Paragraph 1 lit b (necessary for the fulfillment of the contract) of the GDPR.

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you. Data will only be transferred to third parties with your express permission

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired. Access data to systems used by the customer will be deleted immediately after the contract ends.

Data processing is carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) and/or lit b (necessary for contract fulfillment) of the GDPR.

Your Rights

In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection. Corresponding inquiries can be addressed to the email address hallo@keomakindl.at.

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria this is the data protection authority.

Contact Me

If you contact me using a form on the website, by email or by other means, the data you provide (name, email address and optionally telephone number) will be used to process the request and in the event of Follow-up questions are stored encrypted for one year. If the inquiry results in a contract, the statutory retention periods apply. We will not pass on this data without your consent. Data processing is carried out on the basis of Art 6 Paragraph 1 lit b (fulfillment of the contract) and Art 6 Para 1 lit a (consent) of the GDPR.

You can reach me using the following contact details :