USA
Asia Pacific
Asia Pacific
USA

PRIVACY POLICY

We protect your privacy and your private data. We collect, process and use your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR) and the applicable data protection regulations.
This privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
In the following, we inform you about the type, scope and purpose of data collection and its use in accordance with the provisions of the GDPR:

I. Person responsible

The controller responsible for data processing is
POP Fender GmbH
Mst. Ramis Demir MBA
Bützenweg 9a
6845 Hohenems
Austria
Tel.: +43 650 29 30 150
E-Mail: info@popfender.com
Website: https://www.popfender.com

II General information on data processing

1. scope of the processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. We therefore only process the personal data that you provide to us as a user of the website and/or as a customer, for example as part of an inquiry or registration or to conclude a contract.

The following types of personal data may be the subject of data processing by us or a service used by us:

  • Inventory data (e.g. names, addresses)
  • Content data (e.g. text entries, photographs, videos)
  • Contact details (e.g. e-mail, telephone numbers)
  • Meta/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Contract data (e.g. subject matter of the contract, term, customer category)
  • Payment data (e.g. bank details, invoices, payment history)

We also process the above-mentioned types of data of the following categories of data subjects:

  • Business and contractual partners
  • Interested parties
  • Communication partner
  • Customers
  • Suppliers
  • Users (e.g. website visitors, users of online services)
  • Employees (e.g. employees, applicants, interns, former employees)
  • Sweepstakes and competition participants

2. legal basis for data processing

The legal basis for data processing is

  • Your consent (pursuant to Art. 6(1)(a) GDPR). As a matter of principle, we only collect and use our users’ data with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
  • the fulfillment of the contract and answering pre-contractual inquiries (according to Art 6 para 1 lit b GDPR). We need your data in order to process your request to your complete satisfaction or to be able to contact you.
  • the fulfillment of a legal obligation of our company in accordance with (Art. 6 para. 1 lit c GDPR) by passing on user data to authorities such as the tax office, health insurance providers or other public bodies.
  • the protection of vital interests (pursuant to Art. 6 para. 1 lit. d GDPR).
  • the protection of public interests (pursuant to Art. 6 (1) (e) GDPR).
  • the protection of a legitimate interest of our company (pursuant to Art. 6 para. 1 lit. f GDPR). This includes marketing and advertising measures in general. As interested parties and customers of our range of services, we would like to provide you with up-to-date and targeted information about innovations and offers of our services or activities. We subject these activities to a balancing of interests and no impairment of the fundamental rights and freedoms of users is to be expected.

3. data deletion and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by EU regulations, laws or other provisions to which we as the controller are subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

III Disclosure of personal data

If you have provided us with your data as a user of our website and/or customer, we will only use it to answer your inquiries, to process contracts and for the technical administration of our online offer.

Your data will only be passed on or transmitted by us to third parties if this is necessary for the purpose of contract processing or for billing purposes, or if you as a user of the website and/or customer have given your prior consent in accordance with Art. 6 para. 1 lit. a GDPR or § 165 para. 3 TKG. Consent can be revoked at any time.

The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website (see Section IV.). In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

As a user of the website and/or customer, you have the right to withdraw your consent at any time with effect for the future.

Data transfer third country (USA):

Data transmission to service providers based in the USA is based on the standard contractual clauses of the EU Commission.

The standard contractual clauses of Wordfence can be found at the following URL (https://www.wordfence.com/standard-contractual-clauses/).

WordPress has two articles on its website regarding the European General Data Protection Regulation and WordPress’ commitment to GDPR compliance at the following URL: https://privacy.blog/2018/05/04/welcome-to-privacy-blog/ and https://wordpress.com/support/data-processing-agreements/ .

For more information about the processing of your data by WordPress, please refer to the following URL (https://wordpress.org/about/privacy/).

IV. Provision of the website, WEBHOSTING, creation of log files, plug-ins, e-mail

1. description and scope of data processing

In order to provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

Hosting:

We use the service of adino.at Internetservice GmbH, Achstraße 18, 6971 Hard, Austria (website: https://www.adino.at) to host our website. Adino.at Internetservice is a tool for creating and hosting websites. When you visit our website, your data is processed on the servers of adino.at Internetservice. Adino.at Internetservice also stores cookies that are required to display the page and to ensure security (necessary cookies).

Website:

For the operation of our website we use WordPress, Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA (https://wordpress.com/de/). WordPress is a software for the creation, provision and operation of websites, blogs and other online offers. When you visit our website, your data is processed on the WordPress servers. Personal data may also be transferred to the USA. WordPress also stores cookies that are required to display the page and to ensure security (necessary cookies).

Plug-ins:

As WordPress is a tool for creating your own website, there are many plug-ins that can be used. We use the following services, among others:

  • Akisment anti-spam checkAutomattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. This is a WordPress plug-in. With the help of Akismet, comments from real people are distinguished from spam comments. For this purpose, all comments are sent to a server in the USA, where they are analyzed and stored for four days for comparison purposes. If a comment has been classified as spam, the data is stored beyond this period. This information includes the name entered, the e-mail address, the IP address, the comment content, the referrer, details of the browser used and the computer system and the time of the entry. Users are welcome to use pseudonyms or refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system. You can find Akismet’s privacy policy at the following URL (https://automattic.com/privacy).
  • Website design: The website was created with the help of Divi Builder, Elegant Themes, Inc, 977 West Napa Street #1002, Sonoma, CA 95476, USA (https://www.elegantthemes.com/gallery/divi/). The privacy policy can be found below (https://www.elegantthemes.com/policy/privacy/).
  • Website speed: In order to provide a good and above all fast website, we use the service of WP Rocket, SAS WP MEDIA, 18/20 rue Tronchet, 69006 LYON, FRANCE (https://wp-rocket.me/). The terms of use can be found here (https://wp-rocket.me/de/terms/).
  • Back-Up UpdraftPlus, of Simba Hosting Ltd, 11, Barringer Way, St. Neots, Cambs, PE19 1LW, UK (https://updraftplus.com/). This is back-up software and back-up storage. Below you will find the privacy policy of UpdraftPlus (https://updraftplus.com/data-protection-and-privacy-centre/).
  • Firewall: In order to provide a suitable firewall and suitable security and error detection functions, we use Wordfence, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (https://www.wordfence.com/). You can find Wordfence’s privacy policy at the following URL (https://www.wordfence.com/privacy-policy/).
  • IT-Security: Limit Login Attempt, of Atlantic Silicon Inc, 3999 Commons Dr. W, Unit NDestin, FL 32541, USA (https://www.limitloginattempts.com/), helps us in the background with the security for the website. The privacy policy can be found at the following URL (https://www.limitloginattempts.com/privacy-policy/).
  • SEO: Our SEO tool is from Yoast, Yoast B.V., Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands (https://yoast.com/). You can find the privacy policy here (https://yoast.com/privacy-policy/).
  • Shipping service provider: We use Sendcloud, Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich, Germany (https://www.sendcloud.at/) to ship our products. This is an all-in-one shipping software that helps us with shipping. You can find Sendcloud’s privacy policy at the following URL (https://www.sendcloud.at/datenschutz/).
  • Payment service provider: Our payment tool is provided by Woocommerce, WooCommerce Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland (https://woocommerce.com/). Since this is another plug-in from WordPress, i.e. Automattic – Inc – the same privacy policy applies as for Automattic Inc. In addition, we use the service of Germanized, Vendidero GmbH, Schillerstraße 36a, 12207 Berlin, Germany (https://vendidero.de/woocommerce-germanized) for Woocommerce. The privacy policy can be found at the following URL (https://vendidero.de/datenschutzerklaerung).
    We also use Mollie, Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, the Netherlands (https://www.mollie.com/at) as an additional payment tool. You can find Mollie’s privacy policy at the following URL (https://www.mollie.com/at/privacy).
  • Image design: We use the Enable Media Replace service (https://de.wordpress.org/plugins/enable-media-replace/#description) in the background to enable us to effortlessly replace and renew our images and graphics on the website. As this is another WordPress plug-in, the same Automattic Inc. privacy policy applies.

Each time our website is accessed, adion.at Internetservice automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • the user’s operating system
  • the Internet service provider of the user
  • the IP address of the user
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website

Emails:

The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

2. legal basis for data processing

The use of adino.at Internetservice and WordPress is based on Art 6 para 1 lit f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 165 para. 3 TKG. Consent can be revoked at any time.

3. purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Your IP address is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. duration of storage / possibility of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after 30 days. Storage beyond this period is not possible. In this case, the IP addresses of the users are deleted.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

V. Use of cookies – CONSENT MANAGEMENT

1. description and scope of data processing

In order to offer you the best possible online experience, we use cookies on this website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The information stored may include, for example, the language settings on a website, the login status, a shopping cart or the location where a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

Cookie consent management

For cookie consent management, we use the service of Complianz, Complianz. B.V., Kalmarweg 14-5, 9723JG Groningen, Netherlands (https://complianz.io/). The cookies are hosted locally on our server and anonymized. No data is passed on to third parties. The individual user ID, language as well as the types of consent and the time of their submission are stored on our server and on the user’s device. Information about Complianz’ cookie policy can be found at the following URL (https://complianz.io/legal/cookie-policy/?cmplz_region_redirect =true&cmplz-region=eu), Complianz’ privacy policy can be found at this URL (https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true&cmplz -region=eu).

In cooperation with Complianz, we also use the Burst Statistics service (https://de.wordpress.org/plugins/burst-statistics/), which in turn is provided by WordPress. This is an open source software that works privacy-friendly. We use Burst Statistics to determine, for example, page views, sessions or the time spent on the site. It is hosted locally on our server and no data is passed on to third parties.

In the following URL we also refer you to the cookie guidelines of WordPress (https://wordpress.org/about/privacy/cookies/).

As our partner service WordPress is based in the USA, we would like to draw your attention to the legal situation in the USA. According to the case law of the European Court of Justice, there is currently no adequate level of data protection in the USA. There is therefore a risk that your data may be subject to access by US authorities for control and monitoring purposes and that you have no effective legal remedies against this. By clicking on “Accept all cookies”, you acknowledge that only functional cookies are used on our website by third-party providers (also in the USA).

A distinction is made between the following cookie types and functions:

  • Technical (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).
  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users that are used for reach measurement or marketing purposes can also be stored in such a cookie.

When accessing our website, the user is informed about the use of strictly necessary cookies. In this context, reference is also made to this privacy policy.

2. legal basis

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

3. purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

4. duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies.

Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection using your browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. You can also obtain further information on how to object in the context of the information on the service providers and cookies used.

If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI Presence in social networks

1. description and scope of data processing

We maintain online presences within social networks in order to communicate with our customers active there or to inform the same users about us and our offers. On our website you will find links to the social media platforms Instagram of Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; and Facebook of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA.

The following data published by users on the platforms can be viewed and processed by us:

  • Inventory data (e.g. names, addresses)
  • Contact details (e.g. e-mail, telephone numbers
  • Content data (e.g. text entries, photographs, videos)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users.

For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

2. legal basis

The legal basis for the processing of your personal data is our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR.

3. purpose of data processing

The data published by users is used by us to contact our customers and to communicate with them.

4. duration of storage / opt-out objection and removal option

For a detailed description of the respective forms of processing, the duration of storage and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

Facebook privacy policy: https://www.facebook.com/about/privacy;

Data protection information for Facebook pages:

https://www.facebook.com/legal/terms/information_about_page_insights_data;

Instagram privacy policy: http://instagram.com/about/legal/privacy;

Facebook (Opt-Out): The settings for advertisements can be accessed at the following link https://www.facebook.com/settings?tab=ads as well as additional information on data protection in relation to the agreement on the joint processing of personal data on Facebook pages at https://www.facebook.com/legal/terms/page_controller_addendum;

User data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the service providers. Only the providers have access to the user’s data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

META’s standard contractual clauses can be found at the following URL (https://www.facebook.com/legal/EU_data_transfer_addendum).

VII Rights of the user (data subject rights)

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:

1. right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

2. right of revocation for consents

You have the right to withdraw your consent at any time.

3. right to information

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.

4. right to rectification

In accordance with the legal requirements, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

5. right to erasure and restriction of processing

In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.

6. right to data portability

You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

7. complaint to the supervisory authority

Without prejudice to any other judicial remedy, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your data violates the GDPR. The supervisory authority within the meaning of the GDPR is the Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, Tel: +43/1-52 152-0, e-mail: dsb@dsb.gv.at.

The data protection authority will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy.

VIII. Changes and updates

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

 

 

 

Dornbirn, August 2022

Last updated on 30.08.2022