PRIVACY POLICY

1) Introduction and Contact Details of the Controller

We are pleased that you visit our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Gloromontis e.U. Owner: Viktor Goldenberg, BSc (WU), Petrusgasse 4/13, 1030 Vienna, Austria, Tel.: +43 664 4256968, E-mail: support@prestellum.com. The controller responsible for the processing of personal data is the natural or legal person who, alone or together with others, decides on the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

When using our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect those data that your browser transmits to the server of the page (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. There is no disclosure or other use of the data. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 CloudFront

This website uses the content delivery network (CDN) Amazon CloudFront, provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg ("AWS").

This service allows us to deliver large media files, such as images, website content and scripts, more quickly and reliably through a network of regionally distributed servers.

The processing is carried out on the basis of our legitimate interest in improving the stability, security and performance of our website in accordance with Article 6(1)(f) GDPR.

We have concluded a data processing agreement (DPA) with the provider that ensures the protection of our website visitors' data and prohibits any unauthorized disclosure to third parties.

For data transfers to the United States, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

3.3 Shopify CDN

This website uses the Shopify content delivery network (CDN) provided by Fastly Inc., 475 Brannan Street, Suite 300, San Francisco, CA 94107, USA, which is used by Shopify to deliver certain website content.

The Shopify CDN helps to deliver product images, scripts, style sheets and other website assets more efficiently and securely, improving the loading speed and stability of our online shop.

In the course of providing this service, Fastly may process (personal) data such as your IP address, contact information, name entered, website visited, communication data, master and contractual data and meta data.

Since the Shopify CDN is not strictly necessary for the basic operation of our website, it is activated only after you give your consent via our cookie banner. The legal basis for this processing is your consent pursuant to Article 6(1)(a) GDPR, in conjunction with the applicable ePrivacy rules.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), some remain longer on your device and enable the saving of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out either pursuant to Article 6(1)(b) GDPR for the performance of a contract, pursuant to Article 6(1)(a) GDPR in the case of consent given, or pursuant to Article 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and decide individually about their acceptance, or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contact

When contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and responding to your inquiry and only to the extent necessary.

The legal basis for the processing of this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted once it is evident from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

Pursuant to Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide this data to us when opening a customer account. Which data is required for opening the account can be seen from the input form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods to the contrary, and we have no legitimate interest in continuing to store the data.

7) Use of Customer Data for Direct Advertising

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive a newsletter once you have expressly confirmed your consent to receiving it by activating a verification link sent to the specified e-mail address.

By activating the confirmation link, you give us your consent to the use of your personal data pursuant to Article 6(1)(a) GDPR. In doing so, we store the IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration, in order to trace possible misuse of your e-mail address at a later time. The data collected by us during registration for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named above. After successful unsubscription, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.

8) Data Processing for Order Handling

8.1 General

To process your order, we share the necessary personal data with the shipping company we use for delivery and with the payment service provider or the bank that processes your payment. The legal basis for this processing is Article 6(1)(b) GDPR.

For the processing of your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Use of Payment Service Providers (Payment Services)

We offer several online payment options on this website through Shopify Payments, a service provided by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Through Shopify Payments, we can accept various payment methods, including major credit and debit cards as well as Apple Pay. The payment details you provide during the order process - including your name, billing address, bank or card details, currency, transaction number and information about the contents of your oder - are transmitted to the provider in accordance with Article 6(1)(b) GDPR. Your data is transferred solely for the purpose of processing the payment with the provider and only to the extent necessary for that purpose.

8.3 Shipping Service Provider

We use the following transport service provider to deliver the goods you have ordered: Österreichische Post AG, Rochusplatz 1, 1030 Vienna, Austria.

For the purpose of delivering your orders, we share with the provider only the recipient's name and delivery address, as required to fulfill the contract, in accordance with Article 6(1)(b) GDPR.

The data is transferred solely for the purpose of delivering the goods and only to the extent required for that purpose.

9) Web Analytics Services

This website uses Shopify Analytics, a web analytics service of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information from the device used such as the IP address and browser information, in order to evaluate them for statistical analyses of user behavior on our website and to create pseudonymized usage profiles. This enables, among other things, the evaluation of movement patterns (so-called heatmaps), which show the duration of page visits as well as interactions with page content (e.g. text input, scrolling, clicks, and mouse-overs).

Pseudonymization generally excludes direct personal reference. A merging with clear data collected in other ways relating to your person does not take place.

All processing described above, in particular the reading or storing of information on the device used, will only be carried out if you have given us your express consent pursuant to Article 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits disclosure to third parties.

In the case of data transfer to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

10) Tools and Miscellaneous

10.1 Sufio

This website uses Sufio, a service provided by Sufio s.r.o., Bottova 1, 811 09 Bratislava, Slovakia, to generate and manage invoices for orders placed in our online store. For this purpose, Sufio processes certain information related to your order, such as your name, billing address, delivery address and the details of the products purchased. This data is transmitted to Sufio solely for the purpose of issuing legally compliant invoices and maintaining our accounting records.

The processing of personal data is necessary for the performance of the contract in accordance with Article 6(1)(b) GDPR. In addition, we retain and process invoicing data to meet our statutory accounting and tax obligations pursuant to Article 6(1)(c) GDPR. For more information on how Sufio handles personal data, please refer to Sufio's Privacy Policy.

10.2 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consents for cookies and cookie-based applications requiring consent. The “cookie consent tool” is displayed to users when they access the site in the form of an interactive user interface, on which consents for certain cookies and/or cookie-based applications can be given by checking a box. In this context, all cookies/services requiring consent are only loaded if the respective user gives the corresponding consent by checking the box. This ensures that such cookies are only set on the respective user’s device in the event of consent being given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data are generally not processed in this context.

If, in individual cases, personal data (such as the IP address) are nevertheless processed for the purpose of storing, assigning, or logging cookie settings, such processing takes place pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our online presence.

Another legal basis for processing is Article 6(1)(c) GDPR. As controllers, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the cookie consent tool can be found directly in the corresponding user interface on our website.

10.3 Email Communication via Shopify

We use the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, for sending email communications.

Data may also be transferred to Shopify Inc., 150 Elgin Street, Ottawa, ON K2P 1L4, Canada. When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

We have concluded a data processing agreement with Shopify to ensure that the data of our website visitors and customers is protected and is not shared with third parties.

For the purpose of sending our newsletter, we process your email address and any other data you provide during subscription, based on your consent as required under Article 6(1)(a) GDPR. You can withdraw your consent to receive the newsletter at any time by clicking the "unsubscribe" link included in every newsletter or by contacting us by writing an email to support@prestellum.com.

In addition, Shopify automatically sends essential transactional emails, such as order confirmations, shipping updates, or other messages required for the performance of the contract, and in some cases also emails that we are legally required to send. These communications are based on Article 6(1)(b) GDPR and, where applicable, Article 6 (1)(c) GDPR and do not require separate consent.

11) Rights of the Data Subject

11.1 General

The applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective conditions of exercise:

Right of access pursuant to Article 15 GDPR;
Right to rectification pursuant to Article 16 GDPR;
Right to erasure pursuant to Article 17 GDPR;
Right to restriction of processing pursuant to Article 18 GDPR;
Right to be informed pursuant to Article 19 GDPR;
Right to data portability pursuant to Article 20 GDPR;
Right to withdraw consent given pursuant to Article 7(3) GDPR;
Right to lodge a complaint pursuant to Article 77 GDPR.

11.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

12) Duration of the Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the applicable statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of an express consent pursuant to Article 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

If statutory retention periods exist for data which are processed within the framework of legal or quasi-legal obligations on the basis of Article 6(1)(b) GDPR, these data will be routinely deleted after expiry of the retention periods, provided they are no longer required for the performance of a contract or the initiation of a contract and/or there is no legitimate interest on our part in further storage.

When processing personal data on the basis of Article 6(1)(f) GDPR, these data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Article 6(1)(f) GDPR, these data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise stated in the other information of this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.