This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, features and content associated with it, as well as external online presence, e.g. our social media profiles (collectively referred to as “online offer”). With regard to the terminology used, e.g. “Processing” or “Responsible” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible:
Gerald Zhang-Schmidt
Hauptstrasse 108
7111 Parndorf, Österreich
E-Mail: contact@chilicult.com
Imprint: https://www.chilicult.com/imprint
Types of processed data:
– Inventory data (eg, names, addresses)
– Contact data (eg, e-mail, telephone numbers)
– Content data (eg, text input, photographs, videos)
– Usage data (eg, websites visited, interest in content, access times)
– Meta / communication data (eg, device information, IP addresses).
Categories of affected persons:
Visitors and users of the online offer (hereinafter we refer to the affected persons as “users”).
Purpose of the processing:
– Providing the online offer, its functions and contents.
– Answering of contact requests and communication with users.
– Security measures.
– Reach measurement / marketing
Terms used:
“Personal information” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as identifiable, when he or she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated procedures or any such series of procedures relating to personal data. The term covers a wide range and covers virtually all dealings with data.
“Responsible person” means the natural or legal person, public authority, body or other body that alone or together with others decides on the purposes and means of processing personal data.
Relevant legal basis:
According to Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the answer to inquiries is Art. 6 paragraph 1 lit. b GDPR , the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR , and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
Cooperation with contract processors and third parties:
If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (eg if a transmission of the Data to third parties such as payment service providers is required to fulfill the contract, in accordance with Article 6 paragraph 1 lit b GDPR), if you have consented to a legal obligation, or based on our legitimate interests (eg in the use of agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “data processing contract”, this is done on the basis of Art. 28 GDPR.
Transfer to third countries:
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or if it is used in the context of third party services or disclosure or transmission of data to third parties, this is done only if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special requirements of Art. 44 et seq. GDPR, i.e. that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects:
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data, as well as for further information and a copy of the data according to Art. 15 GDPR.
Following Art. 16 GDPR, you have the right to demand the completion of the data concerning you or the correction of incorrect data concerning you. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately, or alternatively as stipulated you have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible. Art. 77 GDPR gives you the right to file a complaint with the responsible supervisory authority.
Right of withdrawal:
You have the right to withdraw consent previously granted in accordance with Art. 7 para. 3 GDPR effective for future dealings with the website.
Right to object:
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may, in particular, be made against processing for direct marketing purposes.
Cookies and right of objection to direct advertising:
“Cookies” are small files which are stored on computers of users. Different information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart in an online store or a login status are stored . “Persistent” refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users visit the site after several days. Likewise, the interests of the users can be stored in such a cookie, which are used for range measurement or marketing purposes. “Third-party cookies” are offered by providers other than the person responsible for providing the online offer (otherwise, if it is only their cookies, this is called “first-party cookies”) .
Temporary and permanent cookies may be used. If you do not want cookies to be stored on your computer, we ask you to disable the corresponding option in your browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of the cookies used for the purpose of online marketing can be done in a variety of services, especially in the case of tracking, on the US site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by switching them off in the settings of the browser. Please note that not all features of this online offer may then be usable.
Deletion of data:
The data processed by us are deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. That the data is blocked and not processed for other purposes. This applies, for example For data, which must be kept for commercial or tax law reasons. According to legal requirements in Germany the storage takes place in particular for 6 years according to § 257 exp. 1 HGB (trading books, inventories, opening balances, annual accounts, trade letters, accounting documents, etc.) as well for 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.) According to legal regulations in Austria the storage takes place especially for 7 years according to § 132 Abs. 1 BAO (accounting documents, receipts / invoices, accounts, supporting documents, business papers, statement of revenue and expenditure, etc.), for 22 years in connection with land and for 10 years in documents related to electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States for which Mini one stop shop (MOSS) is claimed.
Hosting:
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate this online service. Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer acc. Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of data processing agreement).
Collection of access data and log files:
We, or our hosting provider, on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR collect data for every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Logfile information is stored for security reasons (eg to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required as evidence are excluded from the erasure until the final clarification of the incident.
Provision of contractual services:
We process stock data (for example, names and addresses as well as contact details of users), contract data (for example, services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR.
We process usage data (e.g., the visited web pages of our online offering, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile e.g. to inform the user of products pursuant to his/her previous interests.
The data is deleted after the expiration of legal warranty and comparable obligations, the necessity of keeping the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiration. Information in the customer’s account remains until it is deleted.
Amazon Affiliate Program:
Based on our legitimate interests (ie, interest in the economic operation of our online offering within the meaning of Art. 6 para. 1 lit. GDPR) we are participants of the Affiliate Program of Amazon EU, which was designed to provide a medium for websites to earn advertising cost reimbursement by way of the placement of advertisements and links to Amazon (so-called affiliate system). Amazon uses cookies to track the origin of orders. For example, Amazon may recognize that you clicked the affiliate link on this site and subsequently purchased a product from Amazon. For more information about Amazon data usage and opt-out options, please read the company’s privacy policy:
http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.
Contacting us:
When contacting us (for example, by contact form, e-mail, telephone or via social media), the information provided by the user is used to process the contact request acc. Art. 6 para. 1 lit. b GDPR. The user information can be stored in a Customer Relationship Management System (“CRM System”) or comparable. We delete the requests if they are no longer required. We check the requirement every two years.
Comments and Contributions:
When users leave comments or other contributions, their IP addresses are
stored for 7 days based on our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR. This is for our own safety, if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be sued for the comment or contribution ourselves and are therefore interested in the identity of the author.
Comment Subscriptions:
A subscription to follow-up comments may be made by users, giving their consent in accordance with. Art. 6 para. 1 lit. GDPR. Users will receive a confirmation email to verify that they own the email address they entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain notes on the revocation options.
Akismet Anti-Spam Checking:
Our online offering uses the “Akismet” service offered by Automattic, Inc. 132 Hawthorne Street, San Francisco, CA 94107, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR.
With the help of this service, comments of real people are distinguished from spam comments. All comment information is sent to a server in the USA, where it is analyzed and stored for four days for comparison. If a comment has been classified as spam, the data will be stored beyond that time. This information includes the name entered, the email address, the IP address, the comment content, the referrer, details of the browser used and the computer system and the time of the entry.
Automattic is certified under the Privacy Shield Agreement and thus provides a guarantee To comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active). For more information about the collection and use of data by Akismet, see the Automattic Privacy Notice: https://automattic.com/privacy/.
Users are welcome to use pseudonyms, or refrain from entering the name or email address. You can completely prevent the transfer of data by not using our commenting system. That would be a shame, but unfortunately we see no other alternatives that work equally as effectively.
Jetpack (WordPress Stats):
On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. DSGVO) we use the plugin Jetpack (here the subfunction “WordPress Stats “), Which incorporates a statistical visitor traffic tool, and Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you.
Automattic is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active). The information generated by the cookie about your use of this online offer is stored on a server in the United States. Here, user profiles of the users can be created from the processed data, these being used only for analysis and not for advertising purposes. For more information, please refer to Automattic’s Privacy Policy: https://automattic.com/privacy/ and Jetpack Cookie notes: https://jetpack.com/support/cookies/.
Google Analytics:
We use Google Analytics, a web analytics service of Google LLC (“Google”), based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. f GDPR). Google uses cookies. The information generated by the cookie is about users’ use of the online offer and is usually transmitted to and stored by Google on servers in the United States.
Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate the use of our online offering by users to compile and report on the activities within this online offering other services related to the use of this online offer and internet usage, to us to provide. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States. The IP address provided by the user’s browser will not be merged with other Google data.
Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information on data usage by Google, setting and options to oppose the collection of personal information, please visit the websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Google Data Usage When You Use Our Partners Sites or Apps”), http://www.google.com/policies/technologies/ads (“Use Your Data for Information”), http://www.google.com/settings/ads (“Manage information Google uses to show you advertising”).
Online presence in social media:
We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators. Unless otherwise stated in our Privacy Policy, we process users’ data as long as they communicate with us within social networks and platforms, e.g. when you write posts on our online presence or send us messages.
Integration of Services and Third-Party Content:
Within our online offer, we make use of content or service offers from third-party providers, on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit.f GDPR), such as including videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address only for the delivery of the content.
Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other information about using our online offer.
Youtube:
We embed videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps:
We embed maps of the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.