When you use our services, you entrust us with your data. We are aware that this is a big responsibility. Therefore, we do our best to protect your data and ensure that you remain in control of it. In order to fully inform you about the use of personal data, we ask you to take note of the following privacy notice.
We are available as a contact for all inquiries, explanations and queries regarding the use of data under the following contact:
Karl Kastner-Straße 1
Office address: Industriestraße 2, 3300 Amstetten
DATA COLLECTION, USE OF DATA, STORAGE PERIOD, CUSTOMER ACCOUNT
You can visit the website as well as the webshop without registration. For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
When you visit our website, we process:
- the date and time of the request,
- the amount of data transferred,
- the browser type and version,
- the operating system used by you,
- requested file (URL and name),
- whether the request was successful,
- your IP address,
- website from which the access was made (if this was done via a link)
This data is not assigned to any natural persons and is only used for statistical evaluations and for the operation and improvement of our website as well as for system security and optimization of our Internet offer. This data is only transmitted to our website hoster. A connection or consolidation of this data with other data sources does not take place. If there is any suspicion of illegal use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO in the technically error-free presentation and optimization of our website.
The server logs are stored for a maximum of 3 months and then deleted again, unless further storage is required for evidence purposes. Otherwise, the data is retained until final clarification of an incident.
The use of the myProduct Shop Network does not require registration of the User. If registration is carried out, this may only be done in the user's own name and only by natural persons and legal entities. This is free of charge and is done by filling out the online registration form. The data requested during registration must be provided completely and correctly. The user is responsible for the completeness and correctness of this information. myProduct collects the data that you provide during the registration process. This includes the following personal data: Name, address, contact details (e-mail, telephone number, date of birth). In order to improve customer service, customer data in the B2B area (name and e-mail address) is occasionally passed on to selected partners.
When using the User data, myProduct complies with the applicable provisions of data protection. In particular, myProduct collects, stores and processes personal data only if one of the following legal bases for this exists.
- Fulfillment of contractual or pre-contractual obligations (Art 6 para 1 lit b DSGVO): Your data will be processed for the initiation and execution of contracts with you and the processing of your orders.
- Fulfillment of a legal obligation (Art 6 para 1 lit c DSGVO): We are obliged to process certain data in particular for reasons of civil law, administrative law and tax law.
- Consent (Art 6 para 1 lit a DSGVO): If we have received your consent, we will use your data only to the extent of the consent given (e.g. for newsletter dispatch or transfer of data to third parties). You can revoke your consent at any time with effect for the future.
- Protection of legitimate interests (Art 6 para 1 lit f DSGVO): Legitimate interests of myProduct to process your data are in particular marketing measures for customer acquisition, the improvement of the service offer or the hedging of default risks.
The personal data that the User provides to myProduct when placing an order or contacting us by e-mail (e.g. name, address, e-mail address, telephone number) will only be processed for correspondence with the User and only for the purpose for which the User has provided us with the data. The processing of the payment takes place directly via the respective portals of the credit or banking institutions - myProduct does not store any account-related data (account data such as account number, bank code,...), but only receives a confirmation of the receipt of payment from the respective credit or banking institution. myProduct assures that the personal data will not be disclosed to third parties. Unless myProduct is legally obligated to do so or the User has given his prior consent.
Personal data that have been communicated to myProduct via their store network will only be stored until the purpose for which they were entrusted to myProduct has been fulfilled. Insofar as retention periods under commercial and tax law are to be observed, the storage period for certain data may be up to 7 years.
You can sign up for our newsletter on the website. For the registration you need a valid e-mail address. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in procedure). Upon consent, we store the e-mail address and the date of consent. Without the disclosure of this data, the transmission of our newsletter is not possible. We have commissioned the company Campaign Monitor, 404/3-5 Stapleton Ave, Sutherland NSW 2232, Sydney, Australia, to send our newsletter and the associated measurement of success (in particular opening rates, reading behavior).
When you register for our newsletter, the data (name, e-mail address) that you provide when registering for the newsletter is transferred to Campaign Monitor and stored there. The service provider Campaign Monitor is based in Australia, the data is processed on servers / data centers in the USA. The processing of the data is based on their consent according to Art. 6 para. 1 lit a DSGVO and according to Art. 49 para. 1 p. 1 lit a DSGVO and for data transfer to third countries according to Art. 49 para. 1 lit a DSGVO. For the risks associated with the transfer of data to third countries, please refer to point 14.
You can unsubscribe from the newsletter by confirming the unsubscribe link at the end of each newsletter. In case of unsubscription, we store the date of unsubscription with the email address. Campaign Monitor has made a commitment to us to comply with applicable data protection laws. For more information, please visit https://www.campaignmonitor.com/trust/gdpr-compliance.
myProduct may disclose your personal data to the following categories of recipients:
- Companies associated with myProduct within the KASTNER Group, external service providers who process data for us on our behalf or in any other way (e.g. IT service providers, parcel service providers, banks, payment service providers, tax consultants or legal advisors, etc.);
- competent authorities, public bodies, courts or other third parties if this is necessary due to legal provisions, to exercise, protect or defend our legal rights or to protect your important interests or the important interests of another person;
- any other natural or legal person, provided that you have consented to the disclosure.
RIGHTS OF THE USER
You have a right to free information about the data we have stored about you. Insofar as there is no legal obligation to retain data, you have the right to have this data deleted and to object to the processing. Furthermore, you have the right to correct the data, to restrict processing, to data portability and to lodge a complaint with a supervisory authority (in Austria: data protection authority).
In the context of purchase transactions in our store network, we offer efficient and secure payment options and use, in addition to banks and credit institutions, other service providers (hereinafter "payment service providers").
The data processed by the payment service providers includes inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); contact data (e.g. e-mail, telephone numbers).
The information is necessary to carry out the transactions. The processing of the data thus serves the fulfillment of the contract and pre-contractual inquiries according to Art. 6 para. 1 p. 1 lit. b) DSGVO.
However, the data entered is only processed by the payment service providers and stored with them. myProduct does not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
The services of the following payment service providers can be used by the user:
EMBEDDED CONTENT AND FUNCTIONS
Our website contains functional and content elements that are obtained from the servers of the following providers. These may be videos and plans in particular (hereinafter referred to as "content"). For the integration it is necessary that the respective provider processes the IP address of the user. Without the processing, the use and display of the content is not possible. The use of the following content is in the interest of an appealing presentation of our online offer and represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Within the scope of this service, data is transferred to the USA or such a transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US secret services). For more information on data transfer to third countries, please refer to item 14.
YOUTUBE (OPT IN)
GOOGLE MAPS (OPT IN)
This website uses the Google Maps service to display map information. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is an online map service that displays geographical information via the user's terminal device. In particular, this allows directions and map sections to be integrated into the website.
When using Google Maps, Google also collects, processes and uses data on the use of the Maps functions by users of the website. Within the scope of the use of this service, a data transfer to the USA takes place or such a transfer cannot be excluded.
We maintain online presences within social networks to provide further information about our company and to exchange information with users. In the course of visiting or interacting with the social media platform, user data may be processed.
The processing of user data may take place outside the European Union or EEA. This may result in risks for the users, for example, the enforcement of the rights of the users could be made more difficult.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly.
myProduct uses the following social media platforms for its online presence. We would like to point out that you use the respective social networks and their functions on your own responsibility. We have no influence on the data collection and further processing.
- Facebook: Service Provider: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
- Instagram: Service Provider: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
- LinkedIn: Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
- TikTok: Service Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland; DSGVO); Datenschutzerklärung: https://www.tiktok.com/de/privacy-policy.
Cookies, other tracking technologies and functions of the web analytics service Google Analytics (for more information, see the point below) may be used on our website in a variety of ways. This website uses so-called cookies, which are stored on your computer. Cookies" are small text files that can be stored locally by a website in the memory of your Internet browser on the computer you are using. In particular, cookies enable the recognition of the Internet browser. The cookies on our website do not collect any personal data about you or your usage.
WEB ANALYSIS WITH GOOGLE ANALYTICS
When visiting our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and with so-called analysis programs. This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
The use of Google Analytics is based on your consent pursuant to Art. 6 (1) lit. a DSGVO and for the transfer of data pursuant to Art. 49 (1) p. 1 lit. a DSGVO, which you may have given when selecting the cookies. You can also revoke your consent for the future at any time within the framework of the cookie banner. Within the scope of this service, a data transfer to the USA takes place or such a transfer cannot be excluded. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US secret services). You can find more information about data transfer to third countries under point 14.Furthermore, you can prevent the storage of cookies by selecting the appropriate settings on your browser software.
If you do not consent to the use of Google Analytics or revoke it, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
GOOGLE ANALYTICS REPORTS ON DEMOGRAPHICS AND INTERESTS
This website uses Google Analytics demographic reports, which use data from Google's interest-based advertising and third-party visitor data (e.g. interests, age, gender). This data is anonymous and cannot be traced back to any specific person and can be disabled in the ad settings.
Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on web pages without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. In any case, this represents a legitimate interest based on Art 6 (1) lit f DSGVO. The Tag Manager provides for the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with the Tag Manager.
Within the scope of this service, data is transferred to the USA or such a transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US secret services). For more information on data transfer to third countries, please refer to item 14.
When you start Google Tag Manager, your browser establishes a connection to Google's servers. These are mainly located in the USA. Through this, Google obtains knowledge that our website was called up via your IP address. Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
You can find more information about data protection on the following Google web pages:
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Ads Data Processing Terms including Standard Contractual Clauses for Third Country Transfers: https://business.safety.google/adsprocessorterms/
FACEBOOK-PIXEL, CUSTOM AUDIENCES AND FACEBOOK-CONVERSION
Within our online offer, "Facebook Pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook") is used.
With the help of Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, we can use Facebook Pixel to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of the data by Facebook takes place within the framework of Meta Data Usage Policy. Accordingly, general information about the display of Facebook ads can be found in the Meta data usage policy at: Meta-Datenschutzrichtlinie – So erfasst und verwendet Meta Nutzerdaten | Privacy Center | Verwalte deine Privatsphäre auf Facebook, auf Instagram und im Messenger | Facebook Privacy
The use of Facebook Pixel as well as the storage of "conversion cookies" is based on your consent according to Art. 6 para. 1 lit. a DSGVO and for the data transfer according to Art. 49 para. 1 p. 1 lit. a DSGVO, which you have given in the cookie banner. You can give your consent within the cookie banner and also revoke it at any time. Within the scope of this service, a data transfer to the USA takes place or such a transfer cannot be excluded. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US secret services). You can find more information on data transfer to third countries under point 14.
Furthermore, you can object to the collection by Facebook Pixel and use of your data for the display of Facebook Ads. In order to set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Microsoft Advertising is used for the purpose of optimizing the placement of advertisements. You can find more information about these processing activities, the technologies used, stored data and the storage period in the settings of our Consent Management Tool. The processing is only carried out with your consent in accordance with Art.6 para.1 lit.a DSGVO. You can revoke your consent via our Consent Management Tool.
In the case of Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". For more information on data protection at Microsoft, please refer to the Microsoft data protection information at https://privacy.microsoft.com/de-de/privacystatement.
AFFILIATE PROGRAM AND AFFILIATE-LINKS
We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third-party providers ("affiliate links") in our online offer. If users follow the Affiliate Links, or subsequently take advantage of the offers, we may receive a commission or other benefits from those third parties (collectively, "Commission").
In order to be able to track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary that the respective third-party providers learn that the users have followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business transactions or to other actions (e.g. purchases) serves the sole purpose of commission accounting and will be cancelled as soon as it is no longer necessary for the purpose.
For the purposes of the aforementioned assignment of the affiliate links, the affiliate links may be supplemented by certain values that are a component of the link or may be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent pursuant to Art. 6 (1) lit. a DSGVO. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services) pursuant to Art. 6 (1) lit. f DSGVO.
In this context, contractual data (e.g. subject matter of the contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses) are collected.
We use the independent review portal eKomi, which is operated by eKomi Ltd, Markgrafenstr. 11, 10969 Berlin, Germany. We would like to constantly improve ourselves and our service and for this reason we have decided to use such a solution. Accordingly, it is also not possible for us to control or influence rating invitations individually. 10 days after your order has been shipped, you will receive a one-time rating link generated for your order. By clicking on it you will get to a rating page where you can rate our offer & service. The data given to eKomi for this purpose will be used by eKomi itself or passed on to third parties in order to fulfill the contract. The submission of a rating is up to you as a customer. By submitting the rating/giving feedback you agree to the current communication rules of eKomi.
DATA TRANSFER TO THIRD COUNTRIES
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities (e.g. intelligence services) in the respective third country may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.
REPORTS VIA THE WHISTLEBLOWER SYSTEM
The submission of notices concerning myProduct GmbH takes place via the "Microsoft Forms" system and the processing and documentation of the notice takes place via "SharePoint". Both systems are web applications from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. In addition to submitting reports using Microsoft Forms, documents relating to the report can also be sent by email to the internal reporting office at Hinweisgeberschutzsystem@myproduct.at.
The whistleblower system enables whistleblowers to contact the internal reporting office and report information on legal violations. As part of the investigation and processing of a suspected violation of the law, the whistleblower's personal data, in particular details of identity, first and last name, address, telephone number or email address, which are provided voluntarily when the report is made, are processed.
If the whistleblower has provided personal details, their identity will be preserved in any case. The person affected by the report will not receive any information about the whistleblower. Furthermore, a report is processed in such a way that anonymity is not jeopardized.
When a whistleblower submits a report, personal data and information of persons involved in the reported incident may become known in addition to the information provided by the whistleblower. This concerns in particular the name, address, contact details, function within or outside the company, which are mentioned in the report or disclosed in attached documents. Furthermore, other personal data of persons affected by follow-up measures may also be processed.
When processing the report, the confidentiality and secrecy of the information provided is of paramount importance to the internal reporting office.
The processing of personal data is based on the legitimate interest of myProduct GmbH (Art. 6 para. 1 lit. f GDPR).
The legitimate interest in the processing of personal data is based on the prevention and detection of misconduct and legal violations within the company in order to avoid possible financial and reputational damage. The processing of personal data is necessary so that information can be followed up and measures can be taken to rectify the grievances.
If sensitive data is disclosed, the internal reporting office processes it on the basis of the legitimate interest in the assertion and exercise or defense of legal claims (Art. 9 para. 2 lit. f GDPR).
Disclosure of personal data
Inspection of the personal data contained in the notice is only possible by specially authorized and trained persons of the internal reporting office. For companies of the KASTNER Group, the internal reporting office is located at KASTNER Service GesmbH, 3910 Zwettl, Karl Kastner-Straße 1. The investigation may also involve persons who work in the area affected by the report and from whom it can be assumed that their assistance is required to clarify the facts of the case. Persons in charge of the reporting office as well as those involved in the investigation are subject to a strict duty of confidentiality.
In order to fulfill the aforementioned purpose, it may also be necessary for personal data of the whistleblower or the data of the person affected by the report to be transmitted to external bodies such as law firms, criminal and administrative authorities.
If your personal data is passed on within the Group, the handling of the data is regulated by internal agreements.
Duration of storage
Personal data contained in a notice or the attached documents
are deleted no later than eight years after the investigation has been completed. Retention beyond this period is only permitted if and for as long as the report is relevant to the
is necessary for the conduct of legal or administrative proceedings or for disciplinary measures or if the personal data must be retained in accordance with other relevant provisions.
The rights of data subjects under data protection law apply:
- Right to information (§ 43 DSG, Art. 13 and 14 GDPR),
- Right to information (§ 1 para. 3 no. 1 and § 44 DSG, Art. 15 GDPR),
- Right to rectification (§ 1 para. 3 no. 2 and § 45 DSG, Art. 16 GDPR),
- Right to erasure (§ 1 para. 3 no. 2 and § 45 DSG, Art. 17 GDPR),
- Right to restriction of processing (§ 45 DSG, Art. 18 GDPR),
- Right to object (Art. 21 GDPR) and
Right to notification of a personal data breach (Section 56 DSG and Art. 34 GDPR).