Data protection

Data protection

We look forward to your visit and thank you for your interest in our website.
The protection of your personal data is important to us. That is why we would like to give you the best possible information below about the use of your personal data in the context of data processing on our website.
We process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003).
Responsible acc. Art. 4 para. 7 EU General Data Protection Regulation (GDPR) see imprint.
For security reasons and to protect the transmission of personal data, our website uses an SSL or. TLS encryption. This encryption can be recognized by the small lock symbol in the browser line and by the “https: //” character string
If you reach our website as a visitor without registering and without transmitting files, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we only collect the following data such as. Date, time, browser, operating system and IP address used. This information is technically necessary for us to display our website. Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

Hosting

Hosted by Shopify We use the Shopify shop system from the service provider Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of hosting and displaying our online Shops. All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data can also be processed in the context of further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc . or Shopify (USA) Inc. In the event that data is transmitted to Shopify Inc. in Canada, the European Commission's adequacy decision guarantees the appropriate level of data protection. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU guaranteed. Further information on data protection from Shopify can be found on the following website: https://www.shopify.de/legal/datenschutz Further processing on servers other than the aforementioned from Shopify only takes place within the framework set out below.

Newsletter

You can subscribe to our newsletter via our website or our Facebook fan page. To do this, we need your email address, your name (or a synonym you have chosen) and your confirmation that you consent to receiving our newsletter. This data is required to receive our newsletter, otherwise we will not be able to send it to you. In order to receive more targeted information, additional information on areas of interest, last name, place of residence, Instagram username, birthday or postcode can be provided voluntarily. We use a so-called double opt-in procedure: as soon as you have registered for the newsletter, we will therefore send you a confirmation e-mail with a link to verify the registration, with which you can confirm your consent to the newsletter again. The subscription to the newsletter can be canceled at any time. At the bottom of every newsletter there is a link (“unsubscribe” or “unsubscribe”) through which you can unsubscribe from the newsletter.
Your newsletter data is stored for us by an external service provider whose software enables us to keep an eye on all of our newsletter customers and to draft appealing emails for you. He is the recipient of your data and acts on our behalf. It is based in the USA and is therefore obliged to comply with the Privacy Shield Agreement.
Until you revoke your consent to the newsletter (unsubscribe from the newsletter), your data will be stored for the purpose of sending out newsletters (for direct marketing by email). After unsubscribing from the newsletter, your data will be completely deleted for this purpose within 2 weeks.
The legal basis for storing the data for our newsletter is your consent to this (Art 6 Paragraph 1 lit a (consent) of the GDPR). As an alternative to completely deleting your data via the newsletter, you can also send us a request to delete your data from our newsletter. This is by post to Driftwood Design GmbH, IZ, Lower Austria Süd, Strasse 3, Objekt 35, A-2351 Wr. Neudorf or by e-mail to office@epic-jewelry.com with the subject "data protection" is possible at any time. In this case, your data will be deleted by us immediately within 48 hours (working days Mon-Fri).

Contact

If you contact us using the form on the website, by e-mail or Facebook, you must provide a contact option so that we can answer your request. The data you provide will then be stored by us for 12 months in order to process the request and in the event of follow-up questions. The legal basis for this is our legitimate interest in being able to answer your inquiry and to answer any follow-up inquiries in a specific and customer-oriented manner, taking into account previous inquiries. Our emails are hosted by a third party provider that is located within the European Union and acts as the recipient of the data on our behalf. All emails are stored on its servers.
Another third-party provider stores the contact details for us via email, our contact form and Facebook. This enables us to keep an overview of all customer inquiries and to be able to answer your questions on all channels as quickly as possible. This third party provider is also the recipient of your data and acts on our behalf. It is based in the USA and is therefore obliged to comply with the Privacy Shield Agreement.

Data processing for order processing

We would like to point out that for the purpose of simplifying the shopping process and later contract processing within the framework of cookies, the browser type, the location and time of the various page views, the website from which you visited us and the IP data of the subscriber are saved as well as name, address, e-mail address and, if necessary, the bank details (IBAN, BIC) of the buyer for the purpose of contract processing. This makes it easier to complete your order process, even if you interrupt your order in between and want to complete the order at a later point in time. The legal basis for data storage is therefore our legitimate interest in making the conclusion on our website as quick and easy as possible for our customers. Some cookies remain stored on the hard drive of your end device until you delete them. They enable us to recognize your browser the next time you visit. If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. However, when cookies are deactivated, the functionality of our website may be significantly limited and loading times may be longer.
In the case of a started but canceled shopping process, the data you enter including your selected goods will be stored by us for an additional 2 weeks. This serves the purpose of recalling your shopping cart as easily as possible and making it easier for you to purchase your selected goods. The legal basis for this storage is our legitimate interest in providing our customers with the simplest possible access to concluding the purchase (Art 6 Paragraph 1 lit f (legitimate interest) of the GDPR).
You can also save this information at any time by sending an informal letter to Driftwood Design GmbH / Datenschutz, IZ, NÖ Süd, Strasse 3, Objekt 35, A-2351 Wr. Neudorf or by e-mail to office@epic-jewelry.com. In this case your data will be deleted by us within 48 hours.
When placing an order, the data you provide are required to fulfil the contract or to carry out pre-contractual measures. Without this data, we cannot process orders via our online shop and we cannot conclude the contract with you.
Data from concluded contracts can also be used to send direct marketing. The legal basis for this is our legitimate interest in informing our customers about other similar products that may be of interest to the customer after completing an order.
Data is transferred to third parties to the processing bank / payment service provider for the purpose of transferring the purchase price, to the transport company / shipping company commissioned by us for shipping and delivery of the goods, and to our tax advisor to fulfil our tax obligations.
If a contract is concluded (an order), all data from the contractual relationship will be stored until the tax retention period (7 years) has expired. The data name, address, e-mail address, purchased goods and date of purchase are also stored until the product liability expires (10 years). The legal basis for data processing after an order is therefore the need to fulfil the contract (Art 6 Paragraph 1 lit b GDPR).
If you want to return your order, it is necessary to provide your order number and email address. This can be used to identify your order and create a label with your data.
In order to fulfil our contractual obligations towards our customers, we work together with external shipping partners. We give your name and your delivery address and, if necessary for the delivery, your telephone number, exclusively for the purpose of the delivery of goods, Art. 6 Para. 1 lit. b GDPR to a shipping partner selected by us
Transfer of personal data to shipping service providers
- DPD If the delivery of the goods is carried out by the transport service provider DPD Direct Parcel Distribution Austria GmbH (Arbeitergasse 46, A-2333 Leopoldsdorf), for the purpose of delivery in accordance with Art. 6 Paragraph 1 lit. b DSGVO only forwards the name of the recipient and the delivery address to DPD. It will only be passed on if this is necessary for the delivery of the goods. The consent can be revoked at any time with effect for the future vis-à-vis the person responsible or the transport service provider DPD.
- Austrian Post If the delivery of the goods is carried out by the transport service provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will provide for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR only forwards the name of the recipient and the delivery address to Austrian Post. It will only be passed on if this is necessary for the delivery of the goods. The consent can be revoked at any time with effect for the future vis-à-vis the person responsible or the transport service provider Austrian Post.
Use of payment service providers (payment services)
- Apple Pay If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS-operated device by debiting a payment card stored in "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to approve a payment, it is necessary to enter a code that you previously specified and to verify it using the "Face ID" or "Touch ID" function of your device. For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website from which the purchase was made can access the payment details. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the original website to confirm the payment has been successful. If personal data is processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR. Apple maintains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. The anonymization completely rules out any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services. When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac. Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027

- Klarna If you choose a Klarna payment service, the payment will be processed by Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). In order to enable the processing of the payment, your personal data (first and last name, street, house number, zip code, city, gender, email address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, type of delivery) passed on to Klarna for the purpose of the identity and credit check, provided that you hereby pursuant to Art. 6 Para. 1 lit. a DSGVO have expressly consented in the course of the ordering process. You can see which credit agencies your data can be forwarded to here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies The credit report can contain probability values ​​(so-called score Values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a balanced decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the person responsible for data processing or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing. Your personal details are processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or for Affected persons based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy treated. - Paypal When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we give your payment data to PayPal (Europe) S.a.r.l. as part of the payment process. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be processed in accordance with Art. 6 Para. 1 lit. f GDPR passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. For further data protection information, including the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full You can object to this processing of your data at any time by sending a message object to PayPal. However PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

- SOFORT If you select the "SOFORT" payment method, payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we will receive the information you provided during the ordering process along with information about your order Art. 6 para. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only insofar as it is necessary for this. You can find more information about SOFORT's data protection provisions at the following Internet address: https://www.klarna.com/sofort/datenschutz. - Stripe If you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide the information you provided during the ordering process the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. More information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation.

COOKIES

Our website uses so-called cookies. These are small text files that are stored on your device with the help of the browser. They do no harm. We use cookies to make our offer user-friendly. Some cookies remain stored on the hard drive of your end device until you delete them. They enable us to recognize your browser the next time you visit. If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. If cookies are deactivated, the functionality of our website can be significantly restricted and longer loading times can occur.

Web analysis - Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). It is used on the basis of Art. 6 Para. 1 S. 1 lit. f. GDPR. Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of the website, such as browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request, are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link Deactivate Google Analytics. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is saved on your device. If you delete the cookies in this browser, you will also have to set the opt-out cookie again. [Note Information on integrating the opt-out cookie can be found at: https://developers.google.com/analytics/devguides/ We continue to use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can do so via the ad preferences manager (http://www.google.com/settings/ads/onweb/?hl=de)deactivate. You can find further information on data protection in connection with Google Analytics in the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=de).
Google is based in the USA and is certified for the EU-US Privacy Shield data protection agreement. This means that Google is committed to complying with the GDPR applicable in the EU to protect personal data.

Referral advertising

Google Ads Remarketing Our website uses the functions of Google Ads Remarketing. We use this to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your terminal device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. The processing takes place on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f GDPR. Any further data processing will only take place if you have agreed with Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account will be used to personalize advertisements on the web consider. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. When using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come in the US. You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/ Alternatively, you can log in to Digital The Advertising Alliance will inform you about the setting of cookies at the Internet address www.aboutads.info and make settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and individually decide whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted. In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. Certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list Further information and the data protection provisions regarding advertising and Google can be viewed here: https://www.google.com/policies/technologies/ads/ So far Legally required, we have your consent to the processing of your data described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke the consent you have given at any time with future effect. In order to exercise your revocation, please follow the option described above to make an objection

Facebook pixel

We use the so-called Facebook pixel on our site. This is a service and product of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, hereinafter referred to as “Facebook”. This service is used to analyze, evaluate and track user behavior. In addition, the data and options available to us can be used to place targeted advertisements via the Facebook and Instagram channels. When you visit one of our websites on which the Facebook pixel is set, this information is transmitted to Facebook and, if you are logged into Facebook at the same time, it is assigned to your user. This information is not directly accessible to us and we cannot draw any conclusions about the respective users. However, Facebook is also obliged to act according to the standards and the applicable data protection regulations, since it is based in the USA and is obliged to the US-EU data protection agreement Privacy Shield (https://www.facebook.com/about/privacy). If you would like to prohibit the transmission and storage of data about yourself and your behavior on our website by Facebook, follow this link to adjust your settings: https://www.facebook.com/settings?tab=ads

Plugins

We use social plugins from Facebook, Twitter, Google+ and Pinterest on our website. Your browser can establish a direct connection with the servers of Facebook, Google, Pinterest or Twitter and transmit data about your user behavior there.

Facebook plugins

Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/ When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. You can find more information on this in the privacy policy of Facebook https://de-de.facebook.com/policy.php
If you do not want Facebook to be able to assign your visit to our website to your Facebook user account, please log out of your Facebook user account.
Facebook is based in the USA and is therefore obliged to comply with the EU-US Privacy Shield to ensure data protection in accordance with the GDPR.

Google plugins

The Google Plus button is used on our website. Google Plus is a product of Google Inc., 1600 Amphitheater Parkway, Mountain View, California, 94043 USA, (hereinafter referred to as “Google”). If you use the button on our website, a connection to the Google servers in the USA is established. Both your IP address and the information about which of our websites you have visited are passed on to the Google server. If you are also a member of Google Plus and are logged in to Google Plus while using the plug-in, the information collected about the website visit is linked to your Google Plus account. If you interact with other Google plugins, this information will also be transmitted to and stored by Google (https://developers.google.com/+/plugins). All information about your rights and how you can protect your privacy can be found here: www.google.com/intl/de/+/policy/+1button.html.
Google is based in the USA and is therefore committed to the EU-US Privacy Shield to ensure GDPR-compliant data protection.

Twitter plugins

Twitter plugins are used on our website. A product and service from Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. You can share the content of our website on Twitter. This information is then sent to Twitter and depending on the settings (http://twitter.com/account/settings) shared with your followers. For more information, click here: http://twitter.com/privacy
Twitter is based in the USA and is therefore committed to the EU-US Privacy Shield to ensure GDPR-compliant data protection.

Pinterest plugins

Plugins from Pinterest are used on our website. A product and service from Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (hereinafter referred to as "Pinterest"). If you use this plugin and want to share and / or save one of our contents on Pinterest, This information and which of our websites you have visited are transmitted to the Pinterest servers in the USA and, in the event that you are logged in and logged in to Pinterest, all information is linked to your Pinterest user. Further information can be found here: http://de.about.pinterest.com/privacy/ Pinterest is based in the USA and is therefore committed to the EU-US Privacy Shield to ensure GDPR-compliant data protection.

Hotjar

We use Hotjar from Limited (Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on this website to statistically evaluate visitor data. Hotjar is a service that analyzes the behavior and feedback of users on websites using a combination of analysis and feedback tools. Hotjar-based websites have a tracking code integrated on their websites. This tracking code contacts the Hotjar servers and sends a script to the computer or device that you use to access the Hotjar-based website. The script collects certain data relating to the user's interaction with the relevant website. This data is then sent to Hotjar's servers for processing.
You can find more details on the data protection guideline and which data is collected by Hotjar and how it is collected at https://www.hotjar.com/legal/policies/privacy. If you do not want Hotjar to collect your data, you can activate the Hotjar Opt Out (https://www.hotjar.com/legal/compliance/opt-out). There you have the option of deactivating or reactivating the collection of data by Hotjar by simply clicking on the red Deactivate Hotjar button. Warning: The deletion of cookies, the use of the incognito / private mode of your browser, or the use of another browser will result in data being collected again.

Your rights

In principle, you have the right to information about all data available to us about your person, correction of data, deletion, restriction, data portability and objection. If your data is based on legal consent, you have the right to revoke this consent at any time. This does not affect the legality of the processing carried out until the revocation. If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you are welcome to contact us or complain to the supervisory authority. In Austria this is the data protection authority (Austrian data protection authority, Wickenburggasse 8, A-1080 Vienna).
You can reach us at the im imprint specified data or with our contact form.
Updated on 07/10/2020.