§1 Information on the collection of personal data
- Below we inform you about how we collect personal data from individuals using our website. All data that is relatable to you, e.g. name, address, e-mail addresses or individual user behavior, is deemed personal data.
- HASSIA shoes GmbH, Joseph-Lorenz-Straße 2, A-4775 Taufkirchen/Pram, Austria is the controller as defined by Article 4 Paragraph 7 EU General Data Protection Regulation (GDPR). You can contact our Data Protection Manager by e-mail: email@example.com or using our postal address adding „Data Protection Manager”.
- When you contact us by e-mail or by using a contact form, we store the data you give us (e.g. your e-mail address, your name and your telephone number) to be able to respond to your requests.
- If we engage, for individual functions, service providers or if we wish to use your data for advertising purposes, we shall inform you as detailed below.
§2 Your rights
- You have the following rights regarding personal data concerning you:
- Right to information and access
- Right to rectification and erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability, unless it would require disproportionate effort
Moreover, you have the right to make a complaint with a supervisory authority regarding the processing of your personal data by us.
We protect your personal data by implementing appropriate technical and organizational measures. Those measures focus on protecting your data from unauthorized, unlawful or accidental access, processing, loss, use and manipulation. In spite of our efforts to maintain adequate due diligence at all times we cannot assure you that information you give us will never be read and used. Please note that we accept no liability whatsoever for disclosure of information resulting from errors in data communication for which we are not responsible and/or unauthorized third party access (e.g. e-mail hacking).
We make every effort to ensure that data incidents are identified early and reported to the competent supervisory authority within the statutory period, including the affected data categories.
§3 Collection of personal data when you visit our website
- When you visit our website for purely informational purposes, i.e. if you do not register or otherwise give us information, we only collect the personal data that your browser transmits to our server. If you wish to dive into our website, we collect the following data, which are required for technical reasons to enable us to show you our website and ensure its stability and security (the legal basis is Art. 6 para 1 p. 1 subpara f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/http status code
- Volume of data transferred every time
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
- When you use our website the aforementioned data are stored by us; additionally, cookies are placed on your computer. Cookies are small text files that are stored on your hard drive and assigned to your browser; they provide certain information to the party that places the cookie (in this case: us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to increase the user-friendliness and effectiveness of the website as a whole.
- Our website uses the following types of cookies; below we explain their scope and how they work
Transient cookies, see subpara b)
Persistent cookies, see subpara c)
- Transient cookies are automatically erased when you close the browser. This includes, in particular, the session cookies, which store a so-called session ID with which different requests from your browser can be assigned to the shared session. When you revisit our website, your computer is recognized. The session cookies are erased when you log out from the website or close the browser.
- Persistent cookies are automatically erased after a specified period of time; the period of time may vary depending on the cookie. You can erase the cookies at any time in the security settings of your browser.
- You can configure your browser settings according to your preferences e.g. to reject third party cookies or all cookies. Please note that in that case you may not be able to use all functions of this website.
- Our website uses the following types of cookies; below we explain their scope and how they work
§4 Additional features and offerings of our website
- In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For that purpose you are required to give us additional personal data which we use to provide the respective service and to which the aforementioned principles of data processing apply.
- We also use external service providers for processing some of your data. They were carefully selected and commissioned by us and are obligated to follow our instructions.
- We may also share your personal data with third parties when sales campaigns, sweepstakes, the conclusion of contracts or similar services are offered by us jointly with our partners. You will get more information when you provide your personal data or find it in the description of the offering. In the case of sweepstakes we use your data in particular for prize notification and advertisement purposes.
- Where our service providers or partners have their registered address in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offering.
§5 Objecting or withdrawing consent to the processing of your data
- If you have given your consent to the processing of your personal data, you can revoke it at any time. Your revocation affects the admissibility of the processing of your personal data after you have expressed it vis-à-vis us.
- As far as the processing of your personal data is based on the weighing of interests by us, you can object to the processing. This is the case in particular if the processing is not necessary to fulfill a contract with you. If you make such an objection, please state the reasons why we should no longer process your personal data as we did before. In the case of a substantiated objection we will look into the situation and either discontinue and/or adjust the data processing or give you our compelling, legitimate reasons why we will continue the processing.
- Of course you may at any time object to the processing of your personal data for the purposes of advertising and data analysis. Please inform us about your objection using the following contact data: HASSIA shoes GmbH, Data Protection Manager, Joseph-Lorenz-Straße 2, A-4775 Taufkirchen/Pram, Austria, e-mail: firstname.lastname@example.org.
§6 Use of our webshop
- To make an online order in our Webshop you are required to give us, for purposes of conclusion of contract, the personal data we need for processing your order. The mandatory information required for processing the contract is marked; other details are voluntary. We process the data provided by you to process your order. During this process we may transmit your payment data to payment service providers. The legal basis for that is Art. 6 para 1 p. 1 subpara b GDPR.
- We transmit your e-mail address to our parcel service provider GLS for processing your order and/or providing you with the shipment status and/or parcel notifications by e-mail. To ensure compliance with the data privacy requirements in connection with the disclosure of your e-mail address, we will inform you adequately about it during the ordering process. Also note § 1 paragraph 2 in conjunction with § 9 GTC HASSIA Onlineshop. With the shipment notifications we can offer you an additional service and at the same time reduce the risk of parcels being returned to us as undeliverable. The delivery is facilitated for the shipping providers because you are able to make relevant arrangements for the designated delivery date or choose alternatives. Thus the shipping provider’s e-mail communication to the recipient supports successful parcel delivery and performance of our purchase agreement. Usually there is no reason to believe that any legitimate interest of the recipient of the parcel to exclude e-mail address disclosure overrides the interests of the retailer and the shipping provider. On the contrary, the customers of online shops wish to get more precise details regarding the delivery of their parcels and/or any alternative delivery options. Moreover, the shipping providers are bound to special data protection obligations to safeguard postal privacy. You may lodge a written revocation of/objection to the processing of your personal data for parcel notification purposes. Send your written statement by e-mail to: email@example.com or firstname.lastname@example.org. The legal basis is: Art. 6 paragraph 1 subparas a, b, f GDPR.
- You may voluntarily set up a customer account to allow us to save your data for future purchases. When you set up an account, the data you enter are stored subject to revocation of consent. All other data, including your user account, can be deleted by you in the customer area at any time.
- To comply with requirements of commercial and taxation law we must store your address, payment and order details until the statutory obligation to preserve records expires.
- To prevent unauthorized third-party access to personal data concerning you, including, but not limited to, financial data, the ordering process takes place over a connection with TLS encryption.
- If you give consent, you can subscribe to our Newsletter, by which we inform you about our current interesting offerings.
- In the subscription to our Newsletter we use the so-called double opt-in process: when you have signed in, we will send you an e-mail to the e-mail address you entered, requesting you to confirm that you wish to receive the Newsletter. Additionally, we will store the IP addresses you used and the times when you signed in and sent your confirmation. The purpose of this process is to keep proof of your subscription and potentially reveal a misuse of your personal data.
- Mandatory data for receiving the Newsletter are marked. After receipt of your confirmation we store your e-mail address for delivery of the Newsletter. The legal basis is Art. 6 paragraph 1 p. 1 subpara a GDPR.
- You may withdraw your consent to receiving the Newsletter at any time and unsubscribe the Newsletter. You can withdraw your consent by clicking the relevant link in the Newsletter e-mail or by sending an e-mail to: email@example.com or sending a message to the contact address provided in the Site Notice adding “Data Protection Manager”.
- Please note that we analyze your user behavior when we send you the Newsletter. The e-mails we send you contain so-called Web beacons and/or tracking pixels, i.e. 1 pixel x 1 pixel image files that are placed on our website. To analyze the traffic data we connect the data listed in § 3 and the Web beacons with your e-mail address and an individual ID. Also links received in the Newsletter contain this ID. The data are collected only after pseudonymization; the IDs are not linked to your other personal data, thus direct personal identifiability is excluded.
You may disagree to this tracking at any time informing us by e-mail: firstname.lastname@example.org. The information is stored as long as you remain subscribed to the Newsletter. After unsubscribing, the - anonymous - data will be stored by us purely for statistical purposes. Tracking is also impossible if you disabled the display of images in your e-mail program by default. In this case, the Newsletter will not be fully displayed and you may not be able to use all functions. When you choose manually to display images, the tracking described above will take place.
- Implied consent to receiving electronic messages, whether or not they are of an explicitly promotional nature, can usually be assumed if the recipient or a third party for whom he/she is responsible – likewise in the case of absence of disclosure authorization due to objective apparent legality which gave rise to an expectation of existence – has made his/her contact information publicly accessible. The functioning of the business operations and an interest in a proportionate way of establishing business contacts constitute legitimate interests for which higher-than-average standards must be applied for special groups of persons (e.g. media representatives).
§8 Online application systems
In the course of the application process we collect and process personal data.
With your application you assure us that the information provided by you is true. Please note that a false statement or intentional omission can constitute grounds for refusing to hire you or, later, to dismiss you.
Personal data are only collected, stored, processed and used for purposes relating to your interest in being employed now or perhaps in the future and to the processing of your application.
As a matter of principle only staff who is aware of data protection and security matters and bound by a contractual confidentiality obligation will have access to your data. Your data will be read by HR professionals and forwarded for staff recruiting purposes to the manager of the relevant department.
Your personal data will of course not be disclosed to third parties outside the company unless it is allowed by law (legal basis: Art. 6 para 1 p. 1 subpara a GDPR, Art. 6 para 1 p. 1 subpara f GDPR – e.g. within the group).
The input page and the backend are HTTPS encrypted.
By sending your online application you agree, in principle, with these terms.
§9 We use Google Analytics
- This website uses Google Analytics, a web analytics service provided by Google Inc. („Google“). Google Analytics uses „cookies“, i.e. text files that are stored on your computer and allow the analysis of your use of the website. The information generated by the cookie about your site usage is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, your IP address is first trimmed by Google inside Member States of the European Union or in other Contracting Parties to the European Economic Area Agreement. Only in exceptional cases is the full IP address transferred to a Google server in the USA and trimmed there. IP anonymization is active on this website. Google will use this information on behalf of the operator of this website to evaluate, for the website operator, your use of the website, compile reports on the website activities and provide further services related to the use of the website and the Internet.
- The IP address transferred from your browser for Google Analytics purposes will not be merged with other Google data.
- You can prevent the cookies from being stored by adjusting the settings of your browser software; please note that in that case you may not be able to use all functions of this website. You can also prevent the transfer of the data generated by the cookie and relating to your website usage (including your IP address) to Google and the processing of that data by Google by downloading and installing a browser plugin using the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
- This website uses Google Analytics with the „_anonymizeIp()“. function. This means that IP addresses are truncated before the processing to exclude that they are relatable to a person. Where collected data concerning you is relatable, it is immediately excluded, and the personal data is thus promptly deleted.
- We use Google Analytics to be able to analyze and constantly improve the use of our website. On the basis of the generated statistics we can improve our website, products and services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has committed to applying the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para 1 p. 1 subpara a GDPR.
- Third-party supplier information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Site Policy: http://www.google.com/analytics/terms/us.html
§10 Incorporation of YouTube videos
- We have included YouTube videos in our online presence; they are stored on http://www.youtube.com and can be played directly from our website. All of them are included in the „enhanced data protection mode“ so no data about you as a user is transmitted to YouTube if you do not play the videos. The data referred to in para. 2 will only be transmitted if you play the videos. This data transfer is beyond our control.
§11 Integration of Google Maps
- On this website we use Google Maps. This enables us to show you interactive maps directly on the website and allows you the convenient use of the maps function.
§12 We use Google AdWords Conversion
- We use the online advertising service Google AdWords to draw attention to our attractive offerings through the placement of Google AdWords on external websites. We can determine the success of the individual advertising measures in relation to the data of the advertising campaigns. Our interest here is to show you advertising that is of interest to you, make our website more interesting for you, and to achieve a fair calculation of advertising costs.
- These advertising media are provided by Google via „Ad Sense“. To do this, we use Ad Server cookies, through which certain parameters for quantifying success can be measured, such as the display of ads or number of clicks by users. If you access our website through a Google ad, Google AdWords stores a cookie on your PC. Usually those cookies expire after 30 days and should not be used to identify you personally. For analysis purposes, usually the unique cookie ID, the number of Ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (checking that the user no longer wishes to be addressed) are stored on that cookie.
- These cookies allow Google to recognize your Internet browser. If you visit specific pages of the website of an AdWords customer and the cookie stored on your computer has not yet expired, Google and the customer can identify that you have clicked on the ad and were forwarded to this page. To every AdWords customer a different cookie is allocated. Thus, there is no option that cookies can be tracked via the websites of AdWords customers. We do not collect and process personal data within the framework of the aforementioned advertising measures. We receive only statistical analyses from Google. On the basis of these analyses we can identify the effectiveness of the individual advertising measures. We receive no further data from the use of the advertising media; in particular, we cannot identify users personally on the basis of that information.
- Due to the marketing tool used your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool; and therefore we provide the following information according to our present knowledge: Through incorporating AdWords Conversion Google receives the information that you visited the relevant part of our website or clicked on one of our ads. If you have registered for a Google service, Google can identify that the visit was coming from your account. Even if you have not registered for a Google service and/or are not logged in, Google may identify and store your IP address.
- If you do not wish to take part in this tracking, you can prevent it in several ways:
- By setting your browser software accordingly; in particular disabling third-party cookies prevents you from receiving third-party ads
- By disabling cookies for conversion tracking: adjust your browser settings to block cookies from the domain „www.googleadservices.com“, https://www.google.de/settings/ads, these settings are deleted when you delete your cookies.
- By disabling the interest-based ads of the providers that are part of the advertising self regulation campaign “About Ads” via the link „About Ads“ sind, über den Link http://www.aboutads.info/choices, these settings are deleted when you delete your cookies
- By permanently disabling them in your browsers Firefox, Internet Explorer or Google Chrome using the link http://www.google.com/settings/ads/plugin.
Please note that in that case you may not be able to make full use of all functions of this website.
- The legal basis for the processing of your data is Art. 6 para 1 p. 1 subpara a GDPR. You can find more information about Google’s data privacy at http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has committed to applying the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 14 Facebook Pixel/Facebook Custom Audience (Remarketing)
The so-called „Facebook pixel“ enables us to group the visitors to our websites into specific target groups in order to have relevant ads displayed to you on Facebook. We use Facebook pixels to analyze general use of our website and the efficacy of Facebook ads. Furthermore, we use Facebook pixels to present you with customized ads based on your interest for our products. Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dubin 2, Ireland) processes data collected through cookies and similar technologies. Facebook may send respective data for analysis to a server located in the U.S.
If you have registered with Facebook and have set the Facebook account privacy settings accordingly, Facebook may link the data collected about your visit on our website to your Facebook account and use it for setting up target-oriented Facebook ads. You can view and change the privacy settings of your Facebook profile. Even if you do not have a Facebook account or are not logged in, there is a possibility that the provider ascertains your IP address and other identifiers and stores them.
We process your data because we have obtained your consent and because we have a legitimate interest in processing your data pursuant to Art. 6 (1) lit. a) and f) GDPR. We use the features to provide you with advertising offers that are relevant to your interests.