Politique de confidentialité

Datenschutzerklärung · Informativa sulla Privacy · Politique de Confidentialité

Last updated: June 2026

The protection of your personal data is important to us. This Privacy Policy explains what data we collect when you visit this website or place an order in our online shop, how we use it, who we share it with, and what rights you have, in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

Controller

Data We Collect

Depending on how you use this website, we process the following categories of personal data:

• — Server log files — automatically recorded when you visit: IP address, browser type and version, operating system, referrer URL, date and time of access, and pages visited.
• — Contact form — if you contact us via our form, we collect your name, e-mail address, and the content of your message.
• — Order & checkout data — when you place an order: first and last name, billing and shipping address, e-mail address, telephone number, the products ordered, and order/transaction details.
• — Payment data — payments are processed by our payment provider (PayPal). Card and payment-account details are entered directly with the provider; we do not store full card numbers on our servers.
• — Customer account — if you create an account, we store your login details, contact and address data, and order history.
• — Usage & analytics data — if you consent, statistical data about how you use the site (see «Cookies & Analytics» below).

Purpose & Legal Basis

Cookies & Analytics

This website uses cookies and similar technologies. Cookies that are strictly necessary for the website to function — for example to maintain your shopping cart and session (WooCommerce / WordPress) and to remember your cookie choices — are set automatically. They store no advertising or tracking data and do not require your consent pursuant to §165(3) of the Austrian Telecommunications Act (TKG 2021), the processing being based on our legitimate interest under Art. 6(1)(f) GDPR.

In addition, this website uses Google Analytics 4, a web-analytics service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to understand how visitors use the site so that we can improve it. The analytics cookies it sets (_ga, _ga_<id>, _gid) are placed only after you give your explicit consent through the cookie banner shown on your first visit. The legal basis is your consent under Art. 6(1)(a) GDPR and §165(3) TKG 2021, and you may grant, refuse or withdraw it at any time, with effect for the future, via the cookie settings. Google Analytics 4 does not store IP addresses; in the course of the analysis data may be transferred to Google LLC in the United States, safeguarded by the EU Standard Contractual Clauses and Google’s certification under the EU–US Data Privacy Framework. Further information is available in Google’s Privacy Policy.

Payments — PayPal

When you choose to pay via PayPal, the data required for the payment is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, which acts as an independent controller for the payment process. The legal basis is Art. 6(1)(b) GDPR (performance of the contract). Details are set out in PayPal’s Privacy Statement.

Recipients & Processors

We only share your personal data where necessary to operate the website and fulfil your orders. Recipients acting as processors do so under a Data Processing Agreement (Art. 28 GDPR):

• — Hosting: InMotion Hosting, Inc. — our servers are located in the Netherlands (EU/EEA).
• — Analytics: Google Ireland Limited (only with your consent).
• — Payments: PayPal (Europe) S.à r.l. et Cie, S.C.A.
• — Shipping: the delivery carrier engaged to ship your order, where applicable.

We do not sell or rent your personal data. We may disclose data where legally required.

Hosting & Infrastructure

This website is hosted by InMotion Hosting, Inc. The servers used for this website are located in the Netherlands, within the EU/EEA. The host processes data as a processor on our behalf under a Data Processing Agreement (Art. 28 GDPR).

Data Retention

Server log files are stored only for as long as necessary for security and technical purposes and are then deleted. Order, invoice and accounting data are retained for the statutory period of 7 years in accordance with Austrian tax law (§132 BAO). Contact enquiries are kept for the duration necessary to process them and for up to 3 years thereafter. Analytics data is retained in accordance with Google’s retention settings. You may request earlier deletion where no statutory retention obligation applies.

Your Rights

Under the GDPR you have the following rights regarding your personal data. To exercise any of them, please contact us at the address above.

• — Right of access — a copy of the personal data we hold about you (Art. 15).
• — Right to rectification — correction of inaccurate or incomplete data (Art. 16).
• — Right to erasure — deletion where no overriding legal basis applies (Art. 17).
• — Right to restriction — temporary restriction of processing (Art. 18).
• — Right to data portability — your data in a structured, machine-readable format (Art. 20).
• — Right to object — to processing based on legitimate interests (Art. 21).
• — Right to withdraw consent — at any time, without affecting prior processing (Art. 7(3)).

Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in law or in our data-processing practices. The current version is always available on this page.