Privacy Policy
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data in this context means all data with which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Wolfgang Höchstätter, Wolfgang Höchstätter, Bahnstraße 29, Staircase 1, Door 1, 2801 Katzelsdorf, Austria, Tel.: +43 2622 44115, E-mail: wolfgang@htf-wassertransferdruck.at.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.
2) Data Collection When Visiting Our Website
When using our website purely for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:
- The website visited
- Date and time of access
- Amount of data sent in bytes
- Referrer source (website from which you arrived)
- Browser used
- Operating system used
- IP address used (where applicable: in anonymized form)
Processing takes place in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to subsequently check the server log files if there are specific indications of unlawful use.
3) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow us to save site settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the cookie settings of your web browser.
If personal data are also processed by individual cookies we use, such processing is carried out either in accordance with Art. 6(1)(b) GDPR for the performance of a contract, in accordance with Art. 6(1)(a) GDPR in the event that consent has been given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, to exclude the acceptance of cookies in certain cases, or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
4) Contacting Us
When contacting us (e.g. via contact form or e-mail), personal data will be processed exclusively for the purpose of handling and responding to your inquiry, and only to the extent necessary. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no statutory retention obligations apply.
5) Data Processing When Opening a Customer Account
In accordance with Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide such data to us when opening a customer account. The specific data required for opening an account can be found in the input mask of the relevant form on our website.
You may delete your customer account at any time by sending a message to the controller mentioned above. After deletion of your customer account, your data will be deleted provided that all contracts concluded through the account have been fully executed, no statutory retention obligations prevent this, and there is no legitimate interest on our part in continuing to store the data.
6) Use of Customer Data for Direct Advertising
Product availability notification by e-mail
For items that are temporarily unavailable, you can register to receive e-mail notifications about product availability. In this case, we will send you a one-time e-mail informing you of the availability of the item you selected. The only mandatory information required to send this notification is your e-mail address. Providing any additional data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending e-mails, which ensures that you will only receive a notification after you have expressly confirmed your consent by activating a verification link sent to the e-mail address provided.
By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In this context, we store the IP address entered by your Internet service provider (ISP) as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later time. The data we collect during registration for our e-mail notification service for product availability are used strictly for this purpose. You may unsubscribe from the availability notifications at any time by sending a corresponding message to the controller named at the beginning. After successful unsubscription, your e-mail address will be promptly deleted from our distribution list set up for this purpose, unless you have expressly consented to further use of your data or we reserve a further data use that is permitted by law and about which we inform you in this policy.
7) Data Processing for Order Handling
7.1 – Transmission of image files for order processing via upload function
On our website, we offer customers the opportunity to commission the personalization of products by transmitting image files via an upload function. The submitted image motif is used as a template for the personalization of the selected product.
Through the upload form on the website, the customer can transmit one or more image files directly from the storage of the device used via automated, encrypted data transfer to us. We collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to specific service providers for the purpose of fulfilling and processing the order, you will be explicitly informed in the following paragraphs. No further transfer will take place.
If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all of the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6(1)(b) GDPR. After the final completion of the order, the transmitted image files will be automatically and fully deleted.
– Transmission of image files for order processing via e-mail
On our website, we also offer customers the opportunity to commission the personalization of products by transmitting image files via e-mail. The submitted image motif is used as a template for the personalization of the selected product.
Using the e-mail address provided on the website, the customer can transmit one or more image files from the storage of the device used to us. We collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to specific service providers for the purpose of fulfilling and processing the order, you will be explicitly informed in the following paragraphs. No further transfer will take place.
If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all of the processing operations just mentioned are carried out exclusively for the purpose of processing your online order in accordance with Art. 6(1)(b) GDPR. After the final completion of the order, the transmitted image files will be automatically and fully deleted.
7.2 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
For the processing of your order, we also work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
7.3 Use of Special Service Providers for Order Processing and Handling
– SendCloud
Shipping is carried out via the shipping portal “SendCloud” (SendCloud GmbH, Kanalstr. 10, 80538 Munich, Germany). In accordance with Art. 6(1)(b) GDPR, we pass on your data to SendCloud exclusively for the purpose of processing your online order. Data will only be disclosed to the extent actually necessary for processing. Details on data protection at SendCloud can be viewed on the SendCloud website at: www.sendcloud.de/datenschutz/ einsehbar.
7.4 Use of Payment Service Providers (Payment Services)
– Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we forward your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of payment processing. The transfer is made pursuant to Art. 6(1)(b) GDPR and only to the extent necessary for payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – “purchase on account” or “installment payment” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6(1)(f) GDPR based on PayPal’s legitimate interest in determining your ability to pay. The result of the credit check regarding the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. Among other factors, address data is included in the calculation of the score values.
Further information on data protection, including information on the credit agencies used, can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You may object to this processing of your data at any time by notifying PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.
– Stripe
If you choose a payment method offered by the payment service provider Stripe, payment processing is carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6(1)(b) GDPR.
Further information on Stripe’s data protection can be found here:
https://stripe.com/de/privacy#translation.
Stripe reserves the right to carry out a credit check based on mathematical-statistical procedures in order to safeguard its legitimate interest in determining the user’s ability to pay. For this purpose, Stripe may transmit the personal data necessary for a credit check and obtained during payment processing to selected credit agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical method. Among other factors, address data is included in the calculation of the score values.
The result of the credit check regarding the statistical probability of default is used by Stripe for the purpose of deciding on the authorization to use the selected payment method.
You may object to this processing of your data at any time by notifying Stripe or the designated credit agencies. However, Stripe may still be entitled to process your personal data if necessary for contractual payment processing.
8) Web Analytics Services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses so-called “cookies,” which are text files stored on your device that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the truncated IP address) is generally transmitted to and stored on a Google server. In this context, data may also be transmitted to the servers of Google LLC in the USA.
This website uses Google (Universal) Analytics exclusively with the “_anonymizeIp()” extension, which ensures the anonymization of the IP address by truncation and excludes direct personal identification. With this extension, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide us with other services related to website use and internet usage. The IP address transmitted by your browser within the scope of Google (Universal) Analytics is not merged with other Google data.
Google Analytics also enables the creation of statistics via a special feature known as “demographic characteristics,” which provides insights into the age, gender, and interests of site visitors, based on an evaluation of interest-based advertising and third-party data. This allows user groups of the website to be defined and differentiated for the purpose of optimizing marketing measures tailored to the target audience. However, data sets collected via the “demographic characteristics” feature cannot be assigned to a specific individual.
Details regarding the processing triggered by Google Analytics and Google’s handling of data from websites can be found here:
https://policies.google.com/technologies/partner-sites
All the processing described above, in particular the setting of Google Analytics cookies to read information from the device used, will only be carried out if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without such consent, the use of Google Analytics will not take place during your site visit.
You may revoke your consent at any time with future effect. To exercise your revocation, please disable this service in the “cookie consent tool” provided on the website.
We have entered into a data processing agreement with Google for the use of Google Analytics, under which Google is obliged to protect the data of our site visitors and not to disclose it to third parties.
For data transfers from the EU to the USA, Google relies on so-called Standard Contractual Clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google (Universal) Analytics can be found here:
https://policies.google.com/privacy?hl=de&gl=de
9) Site Functionalities
9.1 Use of YouTube Videos
This website uses the YouTube embedding function to display and play videos from the provider “YouTube,” which is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information once video playback is started. When playback of embedded YouTube videos is initiated, the provider “YouTube” uses cookies to collect information about user behavior. According to YouTube, these are used, among other things, to compile video statistics, improve user-friendliness, and prevent abusive behavior.
If you are logged into Google, your data will be directly associated with your account when you click on a video. If you do not wish for such association with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, and you must exercise this right directly with YouTube.
As part of the use of YouTube, personal data may also be transmitted to the servers of Google LLC in the USA.
Regardless of whether embedded videos are played, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations beyond our control.
All processing described above, particularly the reading of information from the device used via the tracking pixel, will only take place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without such consent, the use of YouTube videos will not occur during your site visit.
You may revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “cookie consent tool” provided on the website or use other options communicated on the website.
Further information on data protection at “YouTube” can be found in the YouTube Terms of Use at:
https://www.youtube.com/static?template=terms
and in Google’s Privacy Policy at:
https://www.google.de/intl/de/policies/privacy
9.2 Google reCAPTCHA
On this website, we also use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to determine whether an input is made by a natural person or is being misused by automated or machine-based processing. The service involves the transmission of the IP address and, where applicable, other data required by Google for the reCAPTCHA service to Google. Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in verifying individual responsibility on the internet and preventing misuse and spam. In the context of using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC in the USA.
Further information on Google reCAPTCHA and Google’s Privacy Policy can be found at:
https://www.google.com/intl/de/policies/privacy/
Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect. To exercise your withdrawal, please follow the procedure for lodging an objection described above.
10) Rights of the Data Subject
10.1 Under applicable data protection law, you are entitled to the following rights vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention). The legal basis for the respective requirements is indicated:
- Right of access pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to notification pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
10.2 Right to Object
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
11) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and—if applicable—additionally by the statutory retention period (e.g., commercial and tax law retention periods).
Where personal data is processed on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, such data will be stored until the data subject withdraws their consent.
If statutory retention periods exist for data that is processed within the scope of contractual or quasi-contractual obligations pursuant to Art. 6(1)(b) GDPR, such data will be routinely deleted after the expiry of the retention periods, provided it is no longer required for the fulfillment of the contract or the initiation of a contract, and/or there is no legitimate interest on our part in continuing to store it.
Where personal data is processed on the basis of Art. 6(1)(f) GDPR, such data will be stored until the data subject exercises their right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
Where personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, such data will be stored until the data subject exercises their right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information contained in this policy regarding specific processing situations, stored personal data will otherwise be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.