The controller responsible for the data processing within the meaning of Article 13 (1) a) of the General Data Protection Regulation (GDPR) is:
ReciproqueIf you have any questions or concerns about our Privacy Policy, please contact us:
Article 4 (1) GDPR defines personal data as any information relating to an identified or identifiable natural person. Personal data includes, for example, name, address, telephone number, email address, bank account details, credit card number.
If you place an order, we shall need personal data for the purposes of processing the purchase, including shipping the goods that you have ordered, handling returns or dealing with complaints. Specifically, we shall need details relating to your name, postal address, email address and, if applicable, essential payment details. It is essential that you provide your email address so that we can send you confirmation of receipt of your order, notify you of the shipment of your goods and/or contact you. Therefore, this data processing will take place for the purpose of performing the contract.
Even before a contract is concluded, you may have already contacted us and, for example, sent us an email enquiry requesting our advice. In this case, the data received from you, such as your email address and possibly your name, will be processed by us for the purpose of carrying out precontractual measures.
Article 6 (1) b) GDPR is the legal basis for data processing for the purpose of performing a contract or for carrying out precontractual measures as a result of an enquiry from the data subject.
For handling your order, we will pass on personal data to service partners such as payment service providers (including, but not limited to, banks, Paypal, Amazon Pay, credit card companies) and shipping service providers (including, but not limited to, BPost, DHL, DPD), insofar as this is necessary for the performance of your contract. It is also possible that your personal data will be passed on to a supplier delivering the goods directly to you. The recipient must use the transferred data only for the performance of its task. Any use beyond this is not permitted.
Personal data processed for the performance of the contract will be stored by us for the statutory period of limitation.
The data necessary under commercial law or fiscal law will be stored by us for the retention periods prescribed by law, generally for a period of 10 years.
Personal data processed for carrying out precontractual measures will be erased within 12 months if no contract is concluded.
You have the possibility of creating a customer account. This password-protected, personal access offers you a series of useful features, including, but not limited to, viewing of the orders that you have placed in the preceding years, displaying and downloading of your invoices, management of personal customer data, addition and editing of different delivery addresses, saving of a standard payment method and creation of a personal reminder note and/or wish list.
Article 6 (1) a) GDPR is the legal basis for this data processing. The data processing will take place only according to express consent. The data submitted to the customer account will be stored as long as your consent exists. You may revoke this consent at any time with effect for the future. An informal notification using the contact details stated under Section 1 will suffice for this. If your consent is revoked, your customer account, including the data submitted to it, will be deleted.
"Cookies" are small text files that are stored on your data carrier and contain certain settings and data. We use cookies on our websites to provide you with an optimal user experience, to compile statistics on the use of our websites and to facilitate marketing activities.
When you visit the DemoWebShop for the first time or if you have deleted your browser data, we ask you with our cookie consent tool whether we may use cookies and.
We use only technically essential cookies and they are always enabled. These cookies cannot be deactivated.
| Cookie Name | Purpose or Function | Validity Period |
|---|---|---|
| acceptedCookies | Contains your personal cookie settings. | 1 day |
| hideWelcomeBanner | Stores the information that the user has already chosen to hide the welcome banner. This cookie prevents the user from being permanently disturbed by the banner. | 1 day |
| sb-zlhspqnbqhntcqdmmuym-auth-token | This cookie is set by Supabase authentication (supabase.com). The site uses Supabase as the backend for authentication, with sign in and sign up functionality, along with a private route that can only be accessed with valid credentials. Token-based authentication is a protocol which allows users to verify their identity, and in return receive a unique access token. During the life of the token, users then access the website or app that the token has been issued for, rather than having to re-enter credentials each time they go back to the same webpage, app, or any resource protected with that same token. | 7 days |
Article 6 (1) f) GDPR is the legal basis for the use of technically essential cookies. The essential justified interest lies in securing the functionality of the Demo Web Shop.
When you visit the Demo Web Shop website, your Internet browser will send usage data to our servers. Usage data is logged in so-called log files by our servers. In this respect, the following will be stored: the data and time, the type of request, the log type and access status, the size and name of the file, the IP address from which the request originated, the referrer URL (information on the website from which you have arrived at our website), information on the Internet browser used (e.g. which browser is used, the version number of this browser and the type of encryption).
We use log files to monitor the functionality and performance of the shop and to further develop and improve the site. As a result, any malfunctioning of the shop, for example, will be recorded and subsequently remedied by us. Furthermore, the storage of data in log files takes place for security reasons to ensure secure operation of our system.
Article 6 (1), f) GDPR is the legal basis for this data processing. The essential justified interest lies in securing the functionality of the shop and ensuring secure operation of our shop servers. The users' IP addresses will be deleted or anonymised after a maximum of 10 days.
Below, we would like to summarise for you your rights under the General Data Protection Regulation.
You have the right time to revoke your consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation. Before you give your consent, you will be informed hereof.
Under Article 15 GDPR, you have the right to demand from us confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and the following information:
You may demand that we rectify, without delay, inaccurate data concerning you. With due regard being given to the purposes of the processing, you will, additionally, have the right to demand that incomplete personal data be completed, also by means of a supplementary statement.
You have the right that we erase data without delay if one of the following grounds applies:
If we have made your data public and are obliged to erase it, we shall, with due regard being given to the available technology and the implementation costs, take appropriate measures to inform the controllers that you have requested the erasure of your data.
According to Article 18 GDPR, we must restrict the processing of your data in the following cases, namely if:
If processing is restricted, we shall merely be permitted to store this data. Any processing beyond this will then be permissible only with your consent or for the purpose of asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of an important public interest of the Union or a Member State.
You may at any time revoke your consent given in this connection.
You will be notified by us before the restriction is lifted.
All recipients to whom your data has been disclosed must be informed by us of any rectification or erasure of your data, or of any restriction of processing. This will be inapplicable only insofar as this proves to be impossible or is associated with disproportionate expense. We shall inform you of these recipients if you so request.
You have the right to receive in a structured, commonly used and machine-readable format the data concerning you that has been provided to us. Additionally, you have the right that we transfer this data to a third party insofar as
in this respect, you may demand that we transfer your data directly to such third party insofar as this is technically feasible. This right must not impair the rights and freedoms of other persons.
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or that impairs you in a similar manner. This will not apply if:
In the first two cases, we shall take appropriate measures to protect your rights and freedoms as well as your legitimate interests. This includes your right to state your own point of view, your right to challenge the automated decision and your right to intervention by one of our employees.
If we process your data on the basis of a legitimate interest (Article 6 (1) f GDPR), you will have the right to lodge an objection thereto if the grounds for this ensue from your particular situation. This also applies to any profiling based on these provisions. In this case, we shall no longer process your data, unless we can prove that the reasons for the processing are compelling and worthy of protection. This must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.
Insofar as we process your data in order to engage in direct marketing, you may lodge an objection to the processing of your data. This also applies to profiling insofar as profiling is related to such direct marketing.
Following your objection, your data will no longer be processed for these purposes.
To lodge an objection, merely send a corresponding informal notification using the contact details given in Section 1.
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged breach took place, if you are of the opinion that the processing of the data concerning you breaches the General Data Protection Regulation. Further legal remedies under administrative law, or judicial remedies, to which you may possibly be entitled will remain unaffected hereby.