Privacy Policy

This privacy policy informs you about the type, scope, and purpose of processing personal data (hereinafter referred to as “data”) within our online offering and the related websites, features, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:
Name, Company: Markus Wakolbinger, WAKO GmbH
Address: Granitweg 1
Postal Code, City, Country: 4202, Kirchschlag b. Linz, Austria
Company Registration Number: : FN 486679f
Managing Director: Markus Wakolbinger
Phone Number: +43 7215 38053
Email Address:

Types of Data Processed:

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., email, phone numbers).
  • Usage data (e.g., visited websites, interest in content, access times).
  • Sensitive data (e.g., health data and information on body measurements).

Processing of Special Categories of Data (Article 9(1) GDPR):
The following special categories of data are processed: biometric data and health data.

Categories of Data Subjects:

  • Customers, prospects, visitors, and users of the online offering, business partners.
  • Visitors and users of the online offering.
    We collectively refer to the data subjects as „users“.

Purpose of Processing:

  • Provision of the online offering, its content, and shop features.
  • Fulfillment of contractual services, customer service, and support.
  • Responding to inquiries and communication with users.
  • Marketing, advertising, and market research.
  • Security measures.

Effective Date: March 2023

  1. Relevant Legal Bases

    In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not explicitly mentioned in this privacy policy, the following applies:

    • The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
    • The legal basis for processing to fulfill our services and perform contractual measures or respond to inquiries is Article 6(1)(b) GDPR.
    • The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR.
    • The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.
    • If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
  2. Changes and Updates to the Privacy Policy

    We request that you regularly review the content of our privacy policy. We will adapt the privacy policy as soon as changes to our data processing make this necessary. We will notify you if these changes require your participation (e.g., consent) or other individual notification.

  3. Security Measures

    • In accordance with Article 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include securing the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as its access, entry, transmission, and separation.
    • We also implement procedures to ensure the exercise of data subject rights, deletion of data, and response to data risks. Furthermore, we consider the protection of personal data during the design and selection of hardware, software, and procedures according to the principle of data protection by design and by default (Article 25 GDPR).
    • A key security measure is the encrypted transmission of data between your browser and our server.
  4. Cooperation with Processors and Third Parties

    • If we disclose, transfer, or otherwise grant access to data to other persons and companies (processors or third parties) in the course of our processing, this is done only on the basis of legal permission (e.g., if a transfer of data to third parties, such as payment service providers, is required under Article 6(1)(b) GDPR for the performance of a contract), your consent, a legal obligation, or our legitimate interests (e.g., when using agents, web hosts, etc.).
    • If we commission third parties to process data under a “processing agreement,” this is done on the basis of Article 28 GDPR.
  5. Data Transfers to Third Countries

    Data processing in third countries (i.e., outside the European Union (EU) or the European Economic Area (EEA)) will only take place if it is necessary to fulfill our (pre)contractual obligations, based on your consent, a legal obligation, or our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in third countries only if the special requirements of Articles 44 ff. GDPR are met, e.g., based on specific guarantees such as the officially recognized establishment of a level of data protection equivalent to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized contractual obligations (“standard contractual clauses”).

  6. Rights of Data Subjects

    You have the following rights:

    • To request confirmation of whether data concerning you is being processed and to obtain access to this data, along with further information and a copy of the data, under Article 15 GDPR.
    • To request the completion or correction of incorrect data concerning you, under Article 16 GDPR.
    • To request the immediate deletion of data concerning you, under Article 17 GDPR, or alternatively to request a restriction of processing under Article 18 GDPR.
    • To receive data concerning you that you have provided to us, under Article 20 GDPR, and to request its transmission to other controllers.
    • To lodge a complaint with the relevant supervisory authority, under Article 77 GDPR.

    For the full translation, feel free to let me know which additional sections you’d like translated. This summary covers the initial content and structure.

  7. Right to Withdraw Consent

    You have the right to withdraw any consent you have given under Article 7(3) GDPR, with effect for the future.

  8. Right to Object

    You can object at any time to the future processing of your personal data under Article 21 GDPR. This objection can specifically apply to data processing for direct marketing purposes.

  9. Cookies and Right to Object to Direct Marketing

    We use both temporary and permanent cookies, i.e., small files that are stored on users’ devices. Some cookies are necessary for the security or functionality of our online offering (e.g., for displaying the website or saving user decisions in the cookie banner). Additionally, we or our technology partners use cookies for reach measurement and marketing purposes, as explained in this privacy policy.

    Users can generally object to the use of cookies for online marketing purposes, especially tracking, through the following services:

    Furthermore, users can disable cookies in their browser settings. Please note that disabling cookies may affect the functionality of this online offering.

  10. Data Deletion

    • The data we process will be deleted or restricted in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations apply. If data cannot be deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. For example, this applies to data that must be retained for commercial or tax reasons.
    • Statutory retention periods include: 7 years under § 132 (1) of the Austrian Federal Tax Code (e.g., accounting records, invoices, receipts, business documents). 22 years for data related to real estate. 10 years for records related to electronically provided services, telecommunications, broadcasting, and TV services delivered to non-business customers in EU member states using the Mini-One-Stop-Shop (MOSS).
  11. Provision of Contractual Services

    • We process inventory data (e.g., names and addresses), contact data, contract data (e.g., services used, contact person names, payment information) to fulfill our contractual obligations and provide services in accordance with Article 6(1)(b) GDPR. Required inputs in online forms are necessary for contract execution.
    • Users can optionally create a user account to view their orders. During registration, the necessary mandatory information will be communicated to users. User accounts are not public and cannot be indexed by search engines.
    • Upon account termination, user data will be deleted unless retention is required by commercial or tax law under Article 6(1)(c) GDPR. Users are responsible for securing their data before contract termination. We reserve the right to irreversibly delete all user data stored during the contract term..
    • During registration, re-login, and the use of online services, we store IP addresses and timestamps to protect users and prevent unauthorized use. This data is not shared with third parties unless necessary for legal purposes or our legitimate interests under Article 6(1)(f) GDPR.
    • We process usage data (e.g., visited pages, product interest) and content data (e.g., entries in contact forms or user profiles) for advertising purposes in user profiles to provide product recommendations based on prior services.
  12. Contact

    • When contacting us (e.g., via contact form or email), user information is processed to handle the inquiry in accordance with Article 6(1)(b) GDPR.
    • User information may be stored in our customer relationship management system or comparable request management systems.
    • We delete inquiries when no longer required. Necessity is reviewed every two years. Inquiries from customers with user accounts are stored permanently until account deletion.
  13. Access Data and Log Files

    • On the basis of our legitimate interests (Article 6(1)(f) GDPR), we collect data on each access to the server hosting our service (so-called server log files). Access data includes the name of the accessed web page, file, date, and time of access, transferred data volume, notification of successful access, browser type and version, user operating system, referrer URL (previous page visited), IP address, and requesting provider.
    • Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and deleted afterward. Data required for evidence is excluded from deletion until the respective incident is resolved.
  14. Online Presence on Social Media

    • We maintain an online presence on social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services. When accessing these networks and platforms, the terms of use and data processing policies of the respective operators apply.
    • Unless otherwise stated in this privacy policy, we process user data when they communicate with us within the social networks and platforms, e.g., by posting on our profiles or sending us messages.
  15. Cookies & Reichweitenmessung

    • Cookies are pieces of information transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can take the form of small files or other types of data storage.
    • We use “session cookies,” which are only stored for the duration of your current visit to our website (e.g., to save your login status or enable the shopping cart functionality, thus making the use of our online offering possible). A session cookie contains a randomly generated unique identification number, known as a session ID. Additionally, the cookie includes information about its origin and expiration period. These cookies cannot store any other data. Session cookies are deleted when you finish using our online offering, such as by logging out or closing the browser.
    • Users are informed about the use of cookies in the context of pseudonymous reach measurement as part of this privacy policy.
    • If users do not want cookies to be stored on their computer, they are requested to deactivate the corresponding option in their browser’s system settings. Stored cookies can also be deleted through the browser’s system settings. However, disabling cookies may limit the functionality of this online offering.
    • You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/), as well as through the U.S. site (http://www.aboutads.info/choices) or the European site (http://www.youronlinechoices.com/uk/your-ad-choices/).
  16. Reichweitenanalyse mit Matomo (ehemals PIWIK)

    • Within the scope of Matomo, the following data is collected and stored: the browser type and version you are using, your operating system, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website, and any external links you click. The users’ IP addresses are anonymized before they are stored.
    • Matomo uses cookies that are stored on the users’ computers, enabling an analysis of how our online offering is used. The processed data may be used to create pseudonymous user profiles. The cookies are stored for a duration of one week. The information generated by the cookie about your use of this website is stored only on our server and is not shared with third parties.
    • Users can object to the anonymized data collection by the Matomo program at any time with future effect by clicking the link below. In this case, an opt-out cookie will be stored in your browser, preventing Matomo from collecting any session data. However, if users delete their cookies, this will also delete the opt-out cookie, requiring users to reactivate it.
    • You have the option to prevent actions taken here from being analyzed and linked. This will protect your privacy but will also prevent the owner from learning from your actions to improve usability for you and other users.
    • You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

  17. Newsletter

    • Purpose of this Information: The following notes inform you about the content of our newsletter, the subscription, sending, and statistical evaluation process, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and consent to the described procedures.
    • Newsletter Content: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter referred to as “newsletters”) only with the consent of the recipients or legal authorization. If specific content is described during the newsletter subscription process, it will be decisive for the user’s consent. Otherwise, our newsletters include information about our products, offers, promotions, and company updates.
    • Double-Opt-In and Logging: Subscribing to our newsletter involves a double-opt-in process. This means you will receive an email after signing up, asking you to confirm your subscription. This confirmation is necessary to ensure no one can sign up with someone else’s email address. The newsletter subscription process is logged to comply with legal requirements. This includes storing the registration and confirmation times and the IP address. Any changes to your data stored by the newsletter service provider are also logged.
    • Newsletter Service Provider’s Use of Data: The newsletter service provider may process this data in a pseudonymous form, i.e., without linking it to a specific user, to optimize or improve its services, such as for technical improvements to the newsletter’s delivery and presentation or statistical purposes (e.g., determining from which countries recipients come). However, the newsletter service provider does not use this data to contact recipients directly or share it with third parties.
    • Subscription Data: To subscribe to the newsletter, providing your email address is sufficient. Optionally, you may also provide your name so we can address you personally in the newsletter.
    • Performance Measurement: The newsletters contain a “web beacon,” i.e., a pixel-sized file that is retrieved from the newsletter service provider’s server when the newsletter is opened. This retrieval collects technical information, such as information about the browser and your system, your IP address, and the time of retrieval. This information is used for technical improvements to services based on technical data, target groups, and their reading habits, determined by retrieval locations (which can be identified using the IP address) or access times. Statistical evaluations also include determining whether the newsletters are opened, when they are opened, and which links are clicked. While this information can technically be associated with individual newsletter recipients, neither we nor the service provider aim to monitor individual users. These analyses serve to identify users’ reading habits and adjust our content to them or distribute different content based on users’ interests.
    • Legal Basis for Sending Newsletters and Performance Measurement: The newsletter is sent, and its performance measured, based on the recipient’s consent per Article 6(1)(a) and Article 7 GDPR in conjunction with § 107(2) TKG (Austrian Telecommunications Act) or based on the statutory permission under § 107(2) and (3) TKG.
    • Logging: The logging of the subscription process is based on our legitimate interests per Article 6(1)(f) GDPR and serves as proof of consent to receive the newsletter.
    • Cancellation/Revocation: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. A link to cancel the newsletter is included at the end of each newsletter. If users only subscribe to the newsletter and later cancel their subscription, their personal data will be deleted.
  18. Integration of Third-Party Services and Content

    • Within our online offering, we use content or service offerings from third parties (hereinafter collectively referred to as “content”) based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering under Article 6(1)(f) GDPR). This integration enables the inclusion of content and services such as videos or fonts. This always requires that the third-party providers of this content process the users’ IP addresses, as they cannot deliver the content to their browsers without it. The IP address is therefore necessary for the presentation of this content. We strive to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags enable the evaluation of visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offering. Such information may also be linked with information from other sources.
    • Below is an overview of third-party providers and their content, along with links to their privacy policies, which contain additional information on the processing of data and, where applicable, opt-out options:
      • If our customers use third-party payment services (e.g., PayPal or Sofortüberweisung), the terms and privacy notices of the respective third-party providers apply, which are accessible within their respective websites or transaction applications.
      • Videos from the “YouTube” platform, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
        Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
      • Our online offering includes features of the Instagram service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
        If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account.
        Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
        Privacy Policy: https://privacycenter.instagram.com/policy/.
      • External code from the JavaScript framework “jQuery,” provided by the third-party provider jQuery Foundation.
        Website: https://jquery.org.