Privacy Policy
Information Obligation Pursuant to Art. 13 EU-GDPR
01. Data Protection at a Glance
General information
The following information provides an overview of what happens to your personal data when you visit this website. Personal data means all data by which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy statement below this text.
Recording of data on this website
Who is responsible for recording data on this website?
The processing of data on this website is performed by the website provider. Their contact details can be found in the legal notice on this website.
How do we record your data?
One way in which your data are collected is when you share them with us. This can involve data that you enter into a contact form.
Other data are recorded by our IT systems, either automatically or after you have given your consent when visiting our website. This primarily involves technical data (e.g. internet browser, operating system or time that the page was accessed). These data are recorded automatically as soon as you enter this website.
What do we use your data for?
Some of your data are collected to ensure that the website runs without problems. Other data can be used to analyze your user behavior.
What are your rights regarding your data?
You have the right at any time and free of charge to request information about the source, recipients, and purpose of your saved personal data. You also have the right to demand that these data be corrected or erased. If you have given your consent for the data processing, you can revoke this consent at any time effective for the future. You also have the right to demand that the processing of your data be restricted under certain circumstances. In addition, you may lodge a complaint with the competent supervisory authority.
If you have any further questions about this and about data protection generally, please do not hesitate to contact us at the address shown in the legal notice.
Analytical tools and third-party provider tools
When you visit this website, your online behavior can be statistically analyzed. This is done primarily using analytical programs.
You can find detailed information about these analytical programs in the following privacy statement.
02. Hosting and Content Delivery Networks (CDN)
External hosting
This website is hosted by an external service provider (hoster). The personal data recorded via this website are stored on the hoster’s servers. This can primarily involve IP addresses, contact requests, meta and communication data, contract details, contact data, names, website access information, and other data generated via a website.
The hoster is used for the purpose of contract performance in relation to our existing and potential customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR).
Our hoster will only process your data to the extent that this is necessary to perform their service obligations and will comply with our instructions regarding these data.
We use the following hoster:
iTronic Harald Leithner
Emil-Raab-Straße 8
2500 Baden
Austria
03. General Information and Mandatory Information
Data protection
The providers of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy statement.
When you use this website, a range of personal data are collected. Personal data means data by which you can be personally identified. This privacy statement explains which data we collect and what we use them for. It also sets out how and for what purpose this is done.
Please note that data transmission via the internet (e.g. communication by email) can be subject to security gaps. Complete protection of data against access by third parties is not possible.
Details of the controller
The controller for the purpose of the data processing for this website is:
artofhimalaya gmbh
Grosse Pfarrgasse 3/3
1020 Vienna
Austria
Tel. +43 1 212 7000
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
The controller is the natural or legal person who, either alone or together with others, decides on the purpose and means of processing personal data (e.g. names, email addresses etc.).
How to reach our data protection team
You can reach our data protection team at the following email address:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Retention period
Unless this privacy statement specifies a more specific retention period, your personal data will be saved by us until the purpose of the data processing ceases to apply. If you submit a justified request for erasure or revoke your consent to data processing, your data will be erased, unless we have different, legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons cease to apply.
Revocation of your consent to data processing
Many data processing procedures are only possible with your explicit consent. You may revoke your granted consent at any time. This revocation does not affect the legality of data processing which occurred until the moment of revocation.
Right to object against data collection in special cases and against direct advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6( 1)( E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY STATEMENT. IF YOU RAISE AN OBJECTION, WE WILL STOP PROCESSING YOUR AFFECTED PERSONAL DATA, EXCEPT WHERE WE CAN PROVIDE EVIDENCE OF OTHER REASONS FOR THE PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGHT YOUR INTERESTS, RIGHTS, AND LIBERTIES OR IF THE PROCESSING IS USED TO ASSERT, EXERCISE OR DEFEND AGAINST LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED TO IMPLEMENT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF THE PERSONAL DATA RELATING TO YOU FOR THE PURPOSE OF DIRECT ADVERTISING AT ANY TIME; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT THIS IS CONNECTED TO DIRECT ADVERTISING. IF YOU RAISE AN OBJECTION, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In case of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, especially in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint continues to apply irrespective of other legal remedies under administrative law or other judicial remedies.
Right to data portability
You have the right to have data that are processed fully automatically based on your consent or in performance of a contract sent either to yourself or to a third party in a commonly used, machine-readable format. Where you demand the direct transfer of the data to another controller, this will only be done where technically feasible.
Information, erasure, and correction
Under the applicable legal provisions, you have the right to obtain information about your stored personal data, their source and recipients, and the purpose of the processing at any time free of charge as well as, if applicable, the right to the correction or erasure of these data. If you have any further questions about this or about your personal data, please do not hesitate to contact us at the address shown in the legal notice.
Right to restrict processing
You have the right to demand that the processing of your data be restricted. In this regard you can contact us at any time at the address shown in the legal notice. The right to restrict processing applies in the following cases:
• If you dispute that your personal data stored by us is correct, we normally need some time to review this. You have the right to demand that the processing of your data be restricted while this review is being conducted.
• If your personal data were/are being processed unlawfully, you can demand a restriction to the processing of your data, instead of an erasure.
• If we no longer need your personal data, but you need to them to exercise, defend against or assert legal claims, you have the right to demand a restriction of the processing of your personal data instead of an erasure.
• If you have raised on objection pursuant to Art. 21(1) GDPR, your and our interests must be weighed up. While it remains unclear whose interests take precedence, you have the right to demand that the processing of your data be restricted.
If you have restricted the processing of your personal data, these data, apart from being stored, may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of a different natural or legal person or for reasons of an important public interest of the European Union or a member state.
SSL or TLS encryption on the website
This website uses SSL or TLS encryption for security reasons and to protect confidential contents, such as orders or inquiries sent to us as the website provider. You can identify an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and a padlock symbol is displayed in your browser bar.
Whenever SSL or TLS encryption is active, the data that you send to us cannot be read by third parties.
Encrypted payment transactions on the website
If, after a contract resulting in a fee has been concluded, you have an obligation to send us your payment details (e.g. account number for debit mandates), these data will be needed to process the payment.
Payments via the usual payment methods (Visa/MasterCard, debits) are implemented exclusively via an encrypted SSL or TLS connection. You can identify an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and a padlock symbol is displayed in your browser bar.
Whenever encrypted communication is used, the payment details that you send to us cannot be read by third parties.
Objection to advertising emails
We explicitly object to the use of contact data published within the scope of the legal notice obligation to send unsolicited advertising and information material. The operators of the websites expressly reserve the right to take legal action in case of the unsolicited sending of advertising information, such as through spam emails.
04. Recording of Data on this Website
Cookies
Our website uses so-called cookies. Cookies are small text files and do not damage your device in any way. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically after your visit. Permanent cookies are stored on your device until you delete them yourself or until your web browser deletes them automatically.
Some cookies from third-party companies may also be saved on your device when you visit our website (third-party cookies). These enable us or you to use specific services of the third-party company (e.g. cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary because some website functions do not work without them (e.g. cart function or video playback). Other cookies are used to analyze user behavior or display advertising.
Cookies which are needed to implement the electronic communication process (essential cookies), to provide specific functions requested by you (functional cookies, e.g. for the cart function) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website provider has a legitimate interest in saving cookies to provide technically flawless, optimized services. Where consent is requested to save cookies, the respective cookies are saved exclusively based on this consent (Art. 6(1)(a) GDPR); this consent may be revoked at any time.
You can set your browser such that you are notified whenever a cookie is added or that you only permit cookies in individual cases, that you exclude cookies in specific cases or generally, as well as that cookies are automatically deleted when you close the browser. The functionality of this website may be limited if cookies are disabled.
Where cookies from third-party companies or cookies for analytical purposes are used, you will be informed of this separately in the context of this privacy statement and your consent will be requested, if applicable.
Server log files
The provider of the page automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• type and version of browser
• operating system used
• referrer URL
• host name of accessing computer
• time of the server request
• IP address
These data are not combined with other data sources.
These data are recorded based on Art. 6(1)(f) GDPR. The website provider has a legitimate interest in the technically flawless presentation and optimization of their website – for this, the server log files must be recorded.
Inquiry by email or telephone
If you contact us by email or telephone, your inquiry including all resulting personal data (name, inquiry) will be saved and processed by us for the purpose of handling your request. We will not pass on these data without your consent.
These data are processed based on Art. 6(1)(b) GDPR, to the extent that your inquiry relates to the performance of a contract or the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.
The data you send to us through contact inquiries will remain with us until you ask us to erase them, revoke your consent for their storage or the purpose of the data storage ceases to apply (e.g. after your inquiry has been processed in full). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.
Registration via the website
You can register on this website in order to use additional functions on the site. We use the data entered for this only for the purpose of the respective offer or service for which you have registered. The mandatory information requested during registration must be entered in full. Otherwise, we will refuse the registration.
In the event of important changes, e.g. regarding the scope of the offer or technically necessary changes, we will use the email address entered during registration to notify you.
The data entered during registration are processed for the purpose of implementing the user relationship established based on the registration and, if applicable, to prepare for additional contracts (Art. 6(1)(b) GDPR).
We save the data recorded during the registration for as long as you remain registered on this website. Afterwards, they are deleted. The statutory retention periods remain unaffected.
05. Plugin and Tools
Google web fonts (local hosting)
In order to ensure that fonts are displayed consistently, this website uses so-called web fonts provided by Google. The Google fonts are installed locally. No connection with the Google servers is established.
For more information about Google web fonts, see https://developers.google.com/fonts/faq or the privacy statement of Google: https://policies.google.com/privacy?hl=en.
06. E-Commerce and payment providers
Processing of customer and contract data
We only collect, process, and use personal data to the extent that we need them to establish, design the content of or amend the legal relationship (continuity data). This is done based on Art. 6(1)(b) GDPR which permits the processing of your data for the performance of a contract or the implementation of pre-contractual measures. We only collect, process, and use personal data regarding the use of this website (usage data) to the extent necessary in order to enable the user to use the service or for invoicing purposes.
The collected customer data are erased after the order is completed or the business relationship is terminated. The statutory retention periods remain unaffected.
Data transmission when a contract is concluded for online stores, retailers, and goods dispatch
We only transmit personal data to third parties if this is necessary in the context of the contract processing, e.g. to the company entrusted with delivering the goods or the credit institution commissioned with processing the payment. The data are not transmitted otherwise or only if you have explicitly consented to such a transmission. Your data are not transferred to third parties, e.g. for the purposes of advertising, without your explicit consent.
This data processing is based on Art. 6(1)(b) GDPR which permits the processing of data for the performance of a contract or the implementation of pre-contractual measures.
Payment services
We integrate the payment services of third-party companies into our website. If you make a purchase from us, the payment service provider processes your payment details (e.g. name, payment total, account number, credit card number) for the purpose of processing the payment. These transactions are subject to the respective contract and data protection provisions of the respective providers. The payment providers are deployed on the basis of Art. 6(1)(b) GDPR (contract processing) and in the interest of a frictionless, easy and secure payment process (Art. 6(1)(f) GDPR). Where your consent is requested for specific actions, Art. 6(1)(a) GDPR is the legal basis for the data processing; consent may be revoked at any time effective for the future.
We use the following payment services / payment providers in the context of this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
The transmission of data to the USA is based on the standard contract clauses of the EU Commission. For details, see:
https://www.paypal.com/at/webapps/mpp/ua/pocpsa-full
The privacy statement of PayPal you can find here:
https://www.paypal.com/at/webapps/mpp/ua/privacy-full
Stripe
The provider is Stripe Payments Europe, Ltd.,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as “Stripe”).
The transmission of data to the USA is based on the standard contract clauses of the EU Commission. For details, see:
https://stripe.com/de/guides/general-data-protection-regulation.
The privacy statement of Stripe you can find here:
https://stripe.com/de/privacy.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”). Klarna offers various payment options (e.g. purchase by installments). If you decide in favor of payment via Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies in order to optimize the use of the Klarna checkout solution. For details on the use of Klarna cookies, please see the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
The privacy statement of Klarna you can find here: https://www.klarna.com/at/datenschutz/.