data protection
Generally
As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on what legal basis we process your data.
The person responsible for data processing on this website and in our company is:
Ravilia
Nikischgasse 2
1140 Vienna
Austria
Phone: 06607884371
Email: mahi.mahi001@icloud.com
General information
SSL or TLS encryption
When you enter your data on websites, place online orders or send emails over the Internet, you must always expect that unauthorized third parties will access your data. There is no complete protection against such access. However, we do everything we can to protect your data as best as possible and to close security gaps as far as we can.
An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you send to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered Internet address in your Browser and that our Internet address begins with https:// and not http://.
Encrypted payment transactions
Payment data, such as account or credit card numbers, are particularly in need of protection. This is why we only process payments using common payment methods via an encrypted SSL or TLS connection.
How long do we store your data?
At some points in this privacy policy we inform you how long we or the companies that process your data on our behalf store your data. If such information is missing, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.
However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:
- We have compelling legitimate grounds for continuing the data processing which override your interests, rights and freedoms (only if you object to data processing; if the objection is directed against direct marketing, we cannot provide legitimate grounds).
- The data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct marketing).
- We are legally obliged to retain your data.
In this case, we will delete your data as soon as the requirement(s) no longer apply.
data transfer to the USA
We also use tools on our website from companies that transfer your data to the USA and store it there and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This determines that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new guarantees and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and guarantees regarding the access of the US intelligence services to the data. Binding guarantees have been introduced to limit the access of the US intelligence services to the necessary and proportionate extent to protect national security. In addition, increased supervision of the activities of the US intelligence services has been established to ensure that the restrictions on surveillance activities are adhered to. An independent redress mechanism has also been set up to process and resolve complaints from European citizens about access to their data. The EU-US data protection framework thus enables European companies to transfer data to certified US companies without having to introduce additional data protection guarantees. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search
A change in the European Commission’s decision cannot be ruled out.
your rights
objection to data processing
IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE BASE THIS ON ARTICLE 6, PARAGRAPH 1, SENTENCE 1, LIT. F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS ACTIVITY ACCORDING TO ARTICLE 21 OF THE GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE ABOVE-MENTIONED PROVISION. THE CONDITION IS THAT YOU GIVE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE NECESSARY IF THE OBJECTION IS DIRECTED TO THE USE OF YOUR DATA FOR DIRECT MARKETING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE ARE NO LONGER PERMITTED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:
- WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
- THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTLY TO DIRECT MARKETING OR TO PROFILING RELATED TO IT.
Further rights
Revocation of your consent to data processing
Many data processing operations are carried out on the basis of your consent. You give this, for example, by ticking the appropriate box on online forms before sending the form or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 Para. 3 GDPR). From the time of revocation, we are no longer permitted to process your data. The only exception: We are legally obliged to keep the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.
Right to complain to the competent supervisory authority
If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Art. 77 GDPR. You can contact a supervisory authority in the member state of your residence, your place of work or the place where the alleged violation occurred. The right to complain exists in addition to administrative or judicial remedies.
right to data portability
We must hand over data that we process automatically on the basis of your consent or in fulfillment of a contract to you or a third party in a common machine-readable format if you request this. We can only transfer the data to another responsible party if this is technically possible.
Right to data information, deletion and correction
According to Art. 15 GDPR, you have the right to receive information free of charge about which personal data we have stored about you, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you can request that we delete the data.
right to restriction of processing
In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then only be processed as follows - apart from storage:
- with your consent
- to assert, exercise or defend legal claims
- to protect the rights of another natural or legal person
- for reasons of important public interest of the European Union or of a Member State
The right to restriction of processing exists in the following situations:
- You have disputed the accuracy of your personal data stored by us and we need time to check this. In this case, you have the right to object for the duration of the check.
- Your personal data is being processed unlawfully or has been processed unlawfully in the past. In this case, you have the alternative right to have the data deleted.
- We no longer need your personal data, but you require it to exercise, defend or assert legal claims. In this case, you have the alternative right to have the data deleted.
- You have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR and now your interests and ours must be weighed against each other. This right exists as long as the result of the balancing has not yet been determined.
Hosting and Content Delivery Networks (CDN)
External hosting
Our website is located on a server of the following Internet service provider (hoster):
Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32, Ireland
Has a contract for order processing been concluded with the hoster or are standard contractual clauses (SCC) used?
Yes
How do we process your data?
The host stores all data from our website. This includes all personal data that is recorded automatically or through your input. This can include in particular: your IP address, pages accessed, names, contact details and queries as well as meta and communication data. When processing data, our host adheres to our instructions and only processes the data to the extent that this is necessary to fulfill the service obligation to us.
On what legal basis do we process your data?
Since we address potential customers and maintain contact with existing customers via our website, the data processing by our host serves to initiate and fulfill the contract and is therefore based on Art. 6 Para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 Para. 1 lit. f) GDPR.
Data collection on this website
server log files
Server log files record all requests and accesses to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.
How do we process your data?
Our provider stores the server log files in order to be able to track the activities on our website and to identify errors. The files contain the following data:
- browser type and version
- operating system used
- referrer URL
- hostname of the accessing computer
- time of the server request
- IP address (possibly anonymized)
We do not combine this data with other data, but use it solely for statistical evaluation and to improve our website.
On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymized overview of access to our website. The data processing is therefore lawful in accordance with Art. 6 Para. 1 lit. f) GDPR.
contact form
You can send us a message using the contact form on this website.
How do we process your data?
We save your message and the information from the form in order to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other people without your consent.
How long do we store your data?
We will delete your data as soon as one of the following occurs:
- Your request has been finally processed.
- You ask us to delete the data.
- You revoke your consent to storage.
This only does not apply if we are legally obliged to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to process requests addressed to us effectively. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
Inquiry by email, telephone or fax
You can send us a message by email or fax or call us.
How do we process your data?
We save your message as well as your self-provided contact details or the telephone number you provided in order to process your request, including follow-up questions. We will not pass the data on to other people without your consent.
How long do we store your data?
We will delete your data as soon as one of the following occurs:
- Your request has been finally processed.
- You ask us to delete the data.
- You revoke your consent to storage.
This only does not apply if we are legally obliged to retain the data.
On what legal basis do we process your data?
If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to process requests addressed to us effectively. The legal basis for data processing is therefore Art. 6 Para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 Para. 1 lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.
analysis tools and advertising
We use the following tools to analyze the behavior of our website visitors and show you advertising.
Facebook Pixel
What is Facebook Pixel?
Tool for analyzing user behavior that measures the effectiveness of advertising on Facebook
Who processes your data?
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Where can you find more information about data protection at Facebook Pixel?
https://de-de.facebook.com/about/privacy/
On what basis do we transfer your data to the USA?
Based on the adequacy decision of the European Commission and the corresponding certification of the company.
How can you prevent data processing?
If you have a Facebook account: Deactivate the “Custom Audiences” remarketing function in the Ad Settings area ( https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen ).
If you do not have a Facebook account: Disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/ .
How do we process your data?
We use the Facebook pixel on our website. The analysis tool helps us learn more about the behavior of visitors to our website after they have clicked on one of our advertisements on Facebook. This enables us to measure how effective our Facebook advertising is and to align future advertising measures with the information acquired. The data that Facebook collects via the pixel is anonymous to us as the operator of this website. This means that we cannot identify you as a visitor. However, the data is stored and processed by Facebook. Facebook uses the pixel to establish a connection to your Facebook account and also uses the data to place advertisements itself within and outside the network (see Facebook data usage policy). During storage and processing, Facebook also transmits the data to the USA and other third countries.
If you have a Facebook account, you can deactivate the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen .
If you do not have a Facebook account, you have the option of deactivating usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/ .
On what legal basis do we process your data?
As a website operator, we have a legitimate interest in effective advertising measures in social networks. The data processing is therefore lawful according to Art. 6 Para. 1 lit. f) GDPR. In the event that you have, for example, consented to the storage of cookies or otherwise consented to data processing by Facebook, Art. 6 Para. 1 lit. a) GDPR is the sole legal basis. You can revoke your consent at any time with effect for the future.
plugins and tools
hCaptcha
What is hCaptcha?
test tool for distinguishing between humans and computers
Who processes your data?
ntuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA
Where can you find more information about data protection at hCaptcha?
https://www.hcaptcha.com/privacy
On what basis do we transfer your data to the USA?
hCaptcha adheres to the standard contractual clauses of the European Commission ( https://www.hcaptcha.com/privacy )
How do we process your data?
We use hCaptcha to check whether data entered into forms on our website comes from a human or a computer. For you, this means that the test tool analyses your behaviour as a visitor to our website based on various characteristics. The analysis does not begin when you use the test tool, but rather when you visit our website. Various data is recorded, e.g. the IP address, the length of time spent on our website and mouse movements made. The data is forwarded to the USA.
On what legal basis do we process your data?
As a company, we have a legitimate interest in protecting our web offerings from spam and abusive spying. Data processing is therefore lawful according to Art. 6 (1) (f) GDPR.
If you have consented to data processing, we will process your data exclusively on the basis of Art. 6 Paragraph 1 Letter a) of GDPR. You can revoke your consent at any time. From the time of revocation, we are no longer permitted to process your data.
eCommerce and payment providers
customer and contract data
How do we process your data?
If we enter into a contract with you, we require certain personal data from you. We only collect, process and use this data to the extent that it is necessary to establish our legal relationship, to define its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data if this is necessary to enable you to use our services or to bill you for the service used.
How long do we store your data?
We will store your data until our legal relationship ends, unless we are legally obliged to keep the data for a longer period.
On what legal basis do we process your data?
We store your data in order to fulfil the contract with you or to carry out pre-contractual measures. The basis for data processing is Art. 6 (1) (b) GDPR.
Data transfer in dropshipping
Dropshipping means that ordered goods are delivered to you directly from the manufacturer or wholesaler. In our case, this is:
Ravilia
Nikischgasse 2
1140 Vienna
We have concluded a contract for order processing with Ravilia.
How do we process your data?
In order for Ravilia to be able to deliver, we will pass on your name, delivery address and – if necessary – your telephone number to them.
On what legal basis do we process your data?
We pass on your data in order to fulfil the contract we have concluded with you. The basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly and effectively as possible. The legal basis is therefore also Art. 6 Para. 1 lit. f) GDPR.
payment services
So that you can conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process payments for us. You can find out which ones these are in the list at the end of this section.
How do we process your data?
For the payment process, you must provide certain personal data, such as your name, bank account details or credit card number. We pass this data on to the respective payment service. The respective contract and data protection provisions of the respective services apply to the transaction itself.
On what legal basis do we process your data?
We pass on your data in order to fulfil the contract that we have concluded with you. The basis for data processing is therefore Art. 6 Para. 1 lit. b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. The legal basis is therefore also Art. 6 Para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 Para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Which payment services do we use?
PayPal
What is PayPal?
online payment service
Who processes your data?
PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg
Where can you find more information about PayPal's privacy policy?
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
On what basis do we transfer your data to the USA?
PayPal adheres to the standard contractual clauses of the European Commission (see https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full )
Apple Pay
What is Apple Pay?
Mobile payment service from Apple Inc.
Who processes your data?
Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
Where can you find more information about Apple Pay privacy?
https://www.apple.com/legal/privacy/de-ww/
On what basis do we transfer your data to the USA?
Apple Pay adheres to the standard contractual clauses of the European Commission (see https://www.apple.com/legal/privacy/de-ww/ )
Klarna
What is Klarna?
payment service
Who processes your data?
Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden
Where can you find more information about data protection at Klarna?
recruitee
What is Recruitee?
applicant management tool
Who processes your data?
Keizersgracht 313, 1016 EE Amsterdam, Netherlands
Where can you find more information about data protection at Recruitee?
https://recruitee.com/de/security-privacy
How do we process your data?
We use Recruitee’s services to process applications.
data processing on social media
What is social media?
By social media we mean the social networks on which we have created publicly accessible profiles. You can read about which social networks these are below.
Who processes your data?
The respective operating companies of the social networks. You can find the individual operators below in the respective networks.
How is your data processed?
The operators of social networks are generally able to collect and evaluate comprehensive data on the behavior of visitors and users of the network. It is not possible for us to track all processing operations in the social networks we use, which is why additional processing operations that are not listed here may be carried out by the operators of the social networks. You can find further information on this in the terms of use and data protection declarations of the respective social networks.
The processing of your data can be triggered by you visiting the website of the social network or our profile page there. Even if you visit a website that uses certain content from the network, e.g. like or share buttons, data can already be transferred to the operators of the social network. If you are a user of the social network yourself and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the operator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the operators can create user profiles tailored to your behavior and interests and show you interest-based advertising both inside and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.
On what legal basis are your data processed?
Our profiles on social networks are intended to ensure that our company has the most comprehensive presence possible on the Internet. As a company, we have a legitimate interest in this. The data processing is therefore lawful according to Art. 6 (1) (f) GDPR.
The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal bases. These must be specified by the operators of the social networks.
Who is responsible for processing your data and how can you assert your rights?
If you visit one of our profiles on social networks, we and the operator of the respective network are jointly responsible for the data processing operations triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.
Despite the joint responsibility with the operators of the social networks, our influence on the data processing procedures of the respective operator is limited and is primarily based on the operator's specifications.
How long will your data be stored?
If we collect data via our profiles on social networks, this data will be deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it, or you revoke your consent to storage. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, e.g. in the respective data protection declaration.
Which social media do we use?
What is Facebook?
A social network
Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Will your data be transferred to third countries?
Yes, to the USA and also to other third countries
Where can you find more information about data protection at Facebook?
https://www.facebook.com/about/privacy/
Where can you as a Facebook user adjust your advertising settings?
As a registered Facebook user, you can adjust your advertising settings in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads.
What is Instagram?
A social network specializing in photos and videos
Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Will your data be transferred to third countries?
Yes
Where can you find more information about privacy on Instagram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram Help Area&bc[1]=Guidelines%20and%20Notifications
Where can you as a user adjust your privacy settings?
As a registered Instagram user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/
TikTok
What is TikTok?
A social network specializing in photos and videos
Who processes your data?
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Will your data be transferred to third countries?
Yes
Where can you find more information about privacy at TikTok?
https://www.tiktok.com/legal/privacy-policy-eea?lang=de
Where can you as a user adjust your data protection settings?
https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de