Privacy Policy

1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when you use our website. Personal data is any information with which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Peter Kuden, Oberprenning 58A, 4742 Pram, Austria
Tel.: +43 681 10274008
Email: peter.kuden@gmail.com
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website
2.1 When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

  • The website you visited

  • Date and time of access

  • Amount of data sent in bytes

  • Source/reference from which you came to the page

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

Processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network
IONOS
We use a content delivery network provided by the following provider:
1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
This service allows us to deliver large media files, such as graphics, website content, or scripts, faster via a network of regionally distributed servers. Processing is carried out to safeguard our legitimate interests in improving the stability and functionality of our website according to Art. 6(1)(f) GDPR.
We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

4) Cookies
To make visiting our website attractive and to enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are deleted automatically after closing your browser (so-called “session cookies”), while others remain on your device and allow us to save your site settings (so-called “persistent cookies”). You can find the duration of storage in your browser’s cookie settings overview.
If personal data is also processed by individual cookies implemented by us, processing is carried out either pursuant to Art. 6(1)(b) GDPR for contract performance, pursuant to Art. 6(1)(a) GDPR if you have consented, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interest in the optimal functionality and user-friendly design of the website.
You can configure your browser to inform you about cookie settings and decide individually whether to accept them or exclude them for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contacting Us
When you contact us (e.g., via contact form or email), your personal data will be processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the relevant matter has been conclusively clarified, provided that no legal retention obligations exist.

6) Use of Customer Data for Direct Advertising

6.1 Subscription to our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for receiving the newsletter is your email address. Providing further data is voluntary and will be used to address you personally.
For sending the newsletter, we use the so-called double opt-in procedure to ensure that you only receive newsletters once you have expressly confirmed your consent by clicking a verification link sent to the specified email address.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store your IP address entered by your Internet Service Provider (ISP), as well as the date and time of registration, to trace any potential misuse of your email address at a later date. The data collected during newsletter registration is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by notifying the controller mentioned above. After unsubscribing, your email address will be immediately removed from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is permitted by law and about which we inform you in this declaration.

6.2 Klaviyo
Our email newsletters are sent via the following provider:
Klaviyo, 225 Franklin St, Boston, MA 02110, USA
Based on our legitimate interest in efficient and user-friendly newsletter marketing, we share the data you provided when registering for the newsletter with this provider in accordance with Art. 6(1)(f) GDPR so they can send newsletters on our behalf.
Subject to your express consent under Art. 6(1)(a) GDPR, the provider also conducts a statistical evaluation of newsletter campaigns using web beacons or tracking pixels included in the emails to measure opening rates and specific interactions with newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) may also be collected and evaluated but is not combined with other datasets.
You can withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with the European data protection level.

6.3 Shopify Email
Our email newsletters are sent via the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data is also transferred to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada;
Shopify Data Processing (USA) Inc.;
Shopify Payments (USA) Inc.;
Shopify (USA) Inc.
Based on our legitimate interest in efficient and user-friendly newsletter marketing, we share the data you provided when registering for the newsletter with this provider in accordance with Art. 6(1)(f) GDPR so they can send newsletters on our behalf.
Subject to your express consent under Art. 6(1)(a) GDPR, the provider also conducts a statistical evaluation of newsletter campaigns using web beacons or tracking pixels to measure opening rates and interactions with newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) may be collected and evaluated but not merged with other data.
You can withdraw your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider to protect site visitor data and prohibit disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses.

7) Data Processing for Order Fulfillment

7.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or digital products under the contract, we process the contact details you provided upon ordering (name, address, email address) to personally inform you by appropriate means (e.g., by post or email) about upcoming updates within the statutory period in accordance with our legal obligations under Art. 6(1)(c) GDPR. Your contact details will be used strictly for this purpose and processed only as necessary for the respective notification.
Furthermore, we work with the service providers listed below to fulfill your order, who support us wholly or partly in executing concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

7.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name and delivery address—and if necessary, your telephone number—exclusively for the purpose of delivery in accordance with Art. 6(1)(b) GDPR to a shipping partner selected by us.

7.3 DSers
We use the following provider for order processing:
Bowers Enterprises, LLC, 109 Cloister Drive, Peachtree City, GA 30269, USA
Name, address, and any other personal data will be transferred to the provider in accordance with Art. 6(1)(b) GDPR for the purpose of fulfilling the online order. Data is only transferred if necessary for order processing. The provider also handles bookkeeping: incoming and outgoing invoices and, if applicable, bank transactions are processed to automatically record invoices, match them to transactions, and create financial accounting in a semi-automated process.
If personal data is processed, this is done in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in efficient organization and documentation of business transactions.
For data transfers to the USA, the provider relies on the European Commission’s standard contractual clauses.

7.4 Use of Payment Service Providers (Payment Services)

– PayPal
This website offers one or more online payment methods provided by:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you choose a payment method from this provider involving advance payment, your payment data provided during the order process (including name, address, bank and card details, currency, and transaction number) and information about your order content will be transferred to the provider in accordance with Art. 6(1)(b) GDPR exclusively for payment processing and only to the extent necessary.
If you choose a payment method involving us advancing funds, you will also be asked during checkout to provide specific personal information (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, alternative payment method details).
In such cases, to safeguard our legitimate interest in assessing your creditworthiness, we will forward this data to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. The provider will assess—based on your provided data and other data (e.g., shopping cart, invoice amount, order history, payment experiences)—whether the selected payment option can be approved in view of payment and/or default risks.
The credit report may include probability values (so-called score values). These scores are calculated based on a scientifically recognized mathematical-statistical procedure. Address data may also be incorporated into the calculation.
You can object to this processing of your data at any time by notifying us or the provider. However, the provider may still be entitled to process your personal data if necessary to process payments as contractually agreed.

– PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal that combines PayPal’s own payment methods with local third-party payment methods.
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if offered—“Pay Later” via PayPal, we transfer your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for payment processing according to Art. 6(1)(b) GDPR and only as necessary.
For credit card payments, direct debit payments, or—if offered—“Pay Later” via PayPal, PayPal reserves the right to perform a credit check. For this purpose, your payment data may be transferred by PayPal to credit agencies in accordance with Art. 6(1)(f) GDPR, based on PayPal’s legitimate interest in assessing your creditworthiness. The credit report may include probability values (“score values”), calculated using scientifically recognized mathematical-statistical methods. Address data may also be considered.
You can object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.
If you choose PayPal’s “Invoice Purchase” payment method, your payment data will first be sent to PayPal, which then forwards it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to process the payment. The legal basis is Art. 6(1)(b) GDPR. In this case, Ratepay performs an identity and credit check on its own behalf to assess creditworthiness and, based on its legitimate interest in this assessment, forwards your payment data to credit agencies in accordance with Art. 6(1)(f) GDPR.
A list of the credit agencies Ratepay may use is available here:
https://www.ratepay.com/legal-payment-creditagencies/
If you use a local third-party payment method, your payment data is first transferred to PayPal according to Art. 6(1)(b) GDPR. Depending on the payment method selected, PayPal then forwards your payment data to the relevant provider to process the payment:

  • Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

  • iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

  • giropay (Paydirekt GmbH, Stephanstr. 14–16, 60313 Frankfurt am Main, Germany)

  • Bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)

  • BLIK (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00–718 Warsaw, Poland)

  • eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)

  • MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

  • Przelewy24 (PayPro SA, Kanclerska 15A, 60–326 Poznań, Poland)

For further information, please see PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

– Shopify Payments
This website offers one or more online payment methods provided by:
Shopify International Limited, Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland
When you select a payment method involving advance payment (e.g., credit card), your payment data (including name, address, bank and card details, currency, and transaction number) and order information will be transferred to the provider for payment processing under Art. 6(1)(b) GDPR and only to the extent necessary.

8) Retargeting/Remarketing and Conversion Tracking

Facebook Pixel for Creating Custom Audiences
Within our online offering, we use the “Facebook Pixel” service provided by:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”)
If a user clicks on one of our Facebook ads, a URL parameter is added to the link to our page via the Facebook Pixel. This URL parameter is then entered into the user’s browser via a cookie set by our linked page.
This enables Facebook to determine visitors to our website as a target group for displaying ads (so-called “Facebook Ads”). Accordingly, we use the service to show Facebook Ads only to Facebook users who have shown an interest in our website or who have certain characteristics (e.g., interests in specific topics or products) that we transmit to Facebook (“Custom Audiences”).
Additionally, Facebook Pixel helps us track whether users are redirected to our website after clicking a Facebook ad and which actions they take there (“Conversion Tracking”).
The collected data is anonymous to us and does not allow us to identify users. However, Facebook stores and processes the data, enabling a link to the respective user profile, and Facebook may use the data for its own advertising purposes.
All described processing, particularly the placement of cookies for reading information from users’ devices, occurs only with your express consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time for the future by disabling the service in the “Cookie Consent Tool” provided on our website.
We have concluded a data processing agreement with Facebook, ensuring the protection of visitors’ data and prohibiting unauthorized disclosure to third parties.
Information generated by Facebook is generally transferred to a Facebook server and stored there. In this context, data may also be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, Facebook relies on the European Commission’s standard contractual clauses to ensure compliance with the European data protection level.

9) Website Functionalities

ShopSync for Shopify
This website uses the Shopify app “ShopSync” by:
ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA
With ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account so that, on the one hand, updates to Mailchimp email lists (such as an unsubscribe request) are automatically stored in Shopify, and on the other hand, new contacts generated via transactions in Shopify are automatically transferred to Mailchimp email lists.
In the first case, data processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in effective and cross-system maintenance of advertising recipient records and legally compliant documentation of status changes.
In the second case, following a contract conclusion in Shopify, the transfer of data (first and last name, address, email address, transaction information such as purchase amount, time, and date) to Mailchimp is based exclusively on the user’s express consent under Art. 6(1)(a) GDPR.
The data transferred in this way is not stored or retained by ShopSync after synchronization. All information exchanged between Shopify and Mailchimp is transferred via SSL (Secure Socket Layer) technology and remains encrypted throughout the synchronization process.
Synchronization requires transferring information over a secure connection to servers hosted by Amazon Web Services in the USA.
Further privacy information on ShopSync can be found here:
https://shopsync.io/privacy-policy

10) Tools and Miscellaneous

Cookie Consent Tool
This website uses a so-called “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users as an interactive interface when they access the site, allowing them to grant consent by checking boxes for specific cookies and/or applications.
All cookies/services requiring consent are only loaded if the user has granted the corresponding consent by checking the box. This ensures that such cookies are only set if consent is given.
The tool itself uses technically necessary cookies to store your cookie preferences. As a rule, no personal user data is processed.
If, in individual cases, personal data (such as the IP address) is processed to store, assign, or log cookie settings, this is done in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and, thus, in the legally compliant design of our website.
Another legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the user’s consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.
Further information about the operator and the tool’s settings can be found directly in the user interface on our website.

11) Data Subject Rights

11.1 The applicable data protection law grants you the following rights with respect to the controller regarding the processing of your personal data (rights of access and intervention). The relevant legal basis is indicated for each right:

  • Right of access pursuant to Art. 15 GDPR

  • Right to rectification pursuant to Art. 16 GDPR

  • Right to erasure pursuant to Art. 17 GDPR

  • Right to restriction of processing pursuant to Art. 18 GDPR

  • Right to notification pursuant to Art. 19 GDPR

  • Right to data portability pursuant to Art. 20 GDPR

  • Right to withdraw consent pursuant to Art. 7(3) GDPR

  • Right to lodge a complaint pursuant to Art. 77 GDPR

11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA AFFECTED.
HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the processing purpose, and—if applicable—by statutory retention periods (e.g., commercial and tax retention periods).
If processing is based on your express consent under Art. 6(1)(a) GDPR, the data concerned is stored until you withdraw your consent.
If there are statutory retention periods for data processed under Art. 6(1)(b) GDPR for contractual or similar obligations, this data will be routinely deleted after the retention periods expire, provided it is no longer required for contract performance or initiation, and/or we no longer have a legitimate interest in continued storage.
If data is processed on the basis of Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves to establish, exercise, or defend legal claims.
If personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, it will be stored until you exercise your right to object in accordance with Art. 21(2) GDPR.
Unless otherwise indicated in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or processed.