Privacy policy

We, Alpine Naturprodukte GmbH, attach great importance to the protection of your privacy and act in compliance with the statutory provisions on data protection. The following policy explains the type and scope of personal data processed by us in connection with our online presence and associated websites (jointly referred in the following as ‘website’ or ‘online presence’) and the purposes for which we do so. This privacy policy applies regardless of the domains, systems and platforms used (e.g. desktop or mobile) on which the online presence is made available and the devices with which it is accessed. With regard to the vocabulary we use such as ‘personal data’ or their ‘processing’, we draw your attention to the definitions provided in Art. 4 General Data Protection Regulation (GDPR).

The controller in the meaning of data protection law is

Alpine Naturprodukte GmbH

Anichstraße 19/13 6020 Innsbruck, AT,

phone:+43 5412 64128, fax:+43 5412 64128 99, email: datenschutz (at) kaufhausderberge.at

Data collected by us

A variety of data from different sources will be collected, depending on whether you contact us online, by telephone or in any other way and which of our online services you access. Much of the data we process is provided by your use our services, for example when you register on our website and enter your name, email address or postal address. But we also receive technical data relating to your device and access, which is automatically collected by us when you interact with our services. This may include, for example, information about the device you are using or the geographical region from which you are accessing our services.

When we refer to your personal data, we mean any information that can be used to identify you directly or indirectly, such as your name, home address, email address or bank account details, but also your customer number or order number. The collection, processing and use of personal data in the context of operating our website is carried out in accordance with the data protection standards of the European Union and in particular in accordance with the provisions of the General Data Protection Regulation, the Austrian Data Protection Act and the Austrian Telecommunications Act. Specifically, data with which you can be identified personally or that enables us to contact you directly is requested when you register in our online shop, make a purchase, sign up to receive our newsletter or contact us directly via the email link or by telephone. Each time these things happen, we will draw your attention to the provisions of this privacy policy that govern the processing of your personal information. Personal data is processed exclusively to fulfil the requested service and to protect our own legitimate business interests. An exception applies in cases where prior consent cannot be obtained for objective reasons and data processing is deemed lawful.

The following applies as a rule: If we ask you to provide certain personal information, your compliance is always voluntary and you can of course refuse. You decide which information you disclose to us. Please bear in mind that if you do refuse, we may not be able to provide you with the services you request (or not provide them in full). An example of this is your delivery address, without which we would be unable to send you a parcel. Where only some of the information is necessary to provide a particular service, we will indicate which of the details are compulsory.

We would like to point out explicitly that we do not collect personal data from persons aged 17 and below. If parents or other legal guardians discover that the children they supervise have sent us their data, we request that they contact us by email at datenschutz (at) kaufhausderberge.at if they wish the data to be erased. We will then ensure this data is erased without undue delay.

Miscellaneous

It is usually possible to use our website without entering personal data. If personal data (e.g. name, address or email address) is collected on our pages, this will always be on a voluntary basis, wherever possible. This data will not be forwarded to any third parties without your explicit consent. We would like to point out that data transfer via the internet (e.g. when communicating via email) may be impaired by security vulnerabilities. Flawless protection of your data against access by third parties is not possible.

Auto-collected data

The generation and collection of technical data is unavoidable in the use of online services, as it is necessary in order to provide the functions and content and to ensure their optimised display on the device. This device and access data, which includes, for example, information concerning the device type, version of the operating system, configuration settings (e.g. language settings, system permissions) and information on the internet connection, is generated and stored in ‘log files’ each time an online and mobile service is accessed. Furthermore, identification data (IDs), such as session IDs, cookie IDs or unique device identification numbers (e.g. Google advertising ID), account IDs from third-party providers (if you use social plug-ins or social logins or payment via PayPal) and other common internet technologies are also stored in order to enable recognition of your web browser and device. A variety of technologies, including cookies and web beacons, are used for this automatic data collection.

Creation of log files

Each time our website is accessed, our system or the systems operated by our web space provider automatically collect data and information from the accessing computer system, which are known as log files. The following data is collected, among others: Information about the browser type and version, the user's operating system, internet service provider, IP address, the date and time of access, the amount of data transferred, notification of successful access, websites from which the user’s system accesses our website (referrer URL) and websites that are accessed by the user’s system via our website.

The IP addresses or other data contained in the log files can potentially be assigned to a user. This can be the case, for instance, if the link to the website from which a user accesses the website or the link to the website to which a user moves contains personal data. This data is also stored in the log files in our system. This data is not stored together with other personal data concerning the user.

Data is stored in log files to ensure that the website functions properly. We use the data furthermore to optimise the website and to safeguard the security of our information technology systems. This does not involve data analysis for marketing purposes. However, we reserve the right to check the log files retrospectively where there is suspicion that our website has been used unlawfully.

The data is erased as soon as it is no longer necessary to fulfil the purpose for which it was collected. An example of this is the collection of data for provision of the website, which is erased as soon as the individual session has ended. Data stored in log files is erased after no longer than seven days. However, it may be stored for a longer period. But in this case, the users’ IP addresses are deleted or truncated to prevent any assignment of the accessing client.

Use of cookies

Cookies are small text files that are stored in the internet browser or placed by the browser on the user’s computer system. Each cookie contains a characteristic string of characters that acts as a unique identifier when the user returns to the website.

Cookies fulfil a number of functions, such as enabling efficient navigation between websites, storing your preferences and ensuring greater ease of use in general. Cookies can tell us, for example, whether you have visited our website before or are accessing our website for the first time, which language setting you prefer or which services you have used. We therefore use cookies to personalise the content and advertisements of our online services and to improve their ease of use, but also to analyse access to our website and hence improve diagnostics, functionality and security or, for example, to measure the efficiency of marketing campaigns.

We also use marketing cookies in addition to these functional and analytic cookies. These cookies are used by us or our marketing partners to make our advertising messages more relevant to you. They perform functions such as preventing the same advert from reappearing, ensuring that adverts are displayed correctly and, in some cases, selecting adverts based on your interests.

The legal basis for the processing of personal data with the use of cookies is Art 6 para. 1 point f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise our web presence and our advertising.

However, it is still possible to use our online presence even without cookies. You will be informed about the use of cookies each time you access this page and can use opt-out links to decide which cookies you wish to accept and which you wish to disable. In addition, you can also prevent cookies from being saved in your browser, restrict them to certain websites or set your browser to send an alert before a cookie is saved. The privacy settings in your browser allow you to delete cookies from your computer’s hard drive at any time and to prevent the setting of new cookies. Please note that our website may no longer be shown properly if you disable cookies and that some functions may no longer be technically possible.

Visit the websites of your browser provider to learn more about cookie configurations on your browser: Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Internet Explorer: http://windows.microsoft.com/de-de/windows-vista/block-or-allow-cookies Chrome: https://support.google.com/chrome/answer/95647?hl=de Safari: http://support.apple.com/kb/PH5042 Opera: http://help.opera.com/Linux/9.00/de/cookies.html You will find a guide to disabling and deleting third-party cookies on the website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.eu

Furthermore, you can also reject cookies placed for with advertising purposes by many of our external advertising partners either at http://www.aboutads.info/choices/ or http://www.networkadvertising.org/choices/.

Please bear in mind that your opt-out cookie preferences are stored as a cookie in the browser of a specific device, so you will have to reselect your opt-out preferences if you delete all cookies, use a different browser or buy a new computer. The opt-out must be selected for each browser and each device, as cookies that are disabled on one device or browser are not disabled on another device or browser.

Visit our cookie policy for an overview of all cookies used in our online presence.

Use of Google Analytics

We use – with your consent – Google Analytics, a web analysis service of Google Inc (‘Google’), to create pseudonymised user profiles and tailor our website to your needs. Google Analytics uses cookies that are stored on your device and that we can import. This enables us to recognise returning visitors and to count their numbers, among other things. Data processing is carried out on the basis of Article 6 para. 1 point a) GDPR and in the interest of learning how often our websites are accessed by different users. The information created by the cookie concerning your use of this website is usually transmitted to a Google server in the United States and stored there. IP anonymisation is enabled on this website, so Google will first truncate your IP address within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there (Google participates in the Privacy Shield and hence ensures an adequate standard of data security pursuant Art. 45 para. 1 GDPR). We have also concluded a data processing agreement with Google (USA) in accordance with Article 28 GDPR. Acting on behalf of the operator of this website, Google will use this information – subject to strict earmarking – to analyse your use of the website, to compile reports about the website activity and to provide further services related to the use of the website and the internet. Google will also forward this information to third parties if necessary, provided that this is required by law or as far as third parties process this data on behalf of Google. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. For more information on how Google uses data when website and apps from its partners are used, visit www.google.de/policies/privacy/partners.

You may withdraw your consent at any time. To do so, please select one of the following options: You can disable the storage of cookies by setting your browser software accordingly; we must, however, point out that in this case it is possible that you will not be able to fully use all the functions of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). In addition, you can prevent collection by Google Analytics by clicking on the following link: This places an opt-out cookie on your device that permanently prevents the collection of your data when you visit this website:

Click here to object to the processing of your data by Google Analytics.

Browser add-on to disable Google Analytics

The browser add-on to disable Google Analytics gives the visitor to a website greater control over which data Google Analytics collects on websites they access. The add-on instructs the Google Analytics JavaScript code to refrain from sending information about the website visit to Google Analytics. If you wish to use the add-on, you can download and install the version for your current browser. The browser add-on to disable Google Analytics is available for Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari and Opera. to the Google Analytics browser add-on

As an alternative to the browser add-on or when using a browser on a mobile device, please click on the following link to prevent Google Analytics from collecting data on this website with effect for the future (the opt-out only works for the browser you are currently using and only for this domain). This places an opt-out cookie on your device. You must click on the link again if you delete cookies in this browser.

Opt-out link to prevent Google Analytics from collecting data.

For more information about the terms of use and data privacy in regard to Google Analytics, visit https://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

We also use Google Analytics to evaluate date from AdWords and the Double-Click cookie for statistical purposes. You can disable the function in Ads Settings (http://www.google.com/settings/ads/onweb/?hl=de) if you object to this use.

In addition, you can prevent collection by Google Analytics by clicking on the following link: This places an opt-out cookie on your device that permanently prevents the collection of your data when you visit this website:

Click here to object to the processing of your data by Google Analytics.

Use of web beacons and pixel tags

We may also use other tracking technologies, such as pixel tags or web beacons, to customise the presentation of content on our website and hence enable an improved service, but also to optimise our products and services and, if necessary, to obtain analysis data for ourselves and our third-party partners. These are small graphic files that may be integrated on our website and electronic services, which enable us to analyse the online behaviour of visitors to our website or when sending emails. Unlike cookies, however, a beacon is not browser-based and so cannot be used to identify you or to store data on your computer. The information obtained from the web beacons is therefore anonymous and is neither associated with personal data nor is it shared with third parties for independent use.

The legal basis for the use of web beacons is Art 6 para. 1 point f) GDPR.

Use of Google AdWords/Remarketing Services/Google AdSense

We use the marketing and remarketing services of Google Inc, domiciled at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, referred to in the following as ‘Google marketing services’. These Google marketing services enable us to show adverts for and on our website in a more targeted manner and in doing so to present users only with adverts that may potentially reflect their interests. For these purposes, Google directly executes a code and integrates (re)marketing tags (invisible graphics or code, also known as ‘web beacons’) into the website each time a visitor accesses our website and other websites on which Google marketing services are active. They are used to place an individual cookie, so a small file, on the user's device (comparable technologies can also be used instead of cookies). These cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referrer websites, session duration and other information about the use of the online presence. The user’s IP address is also recorded. This IP address is truncated within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the United States and truncated there. The IP address is not merged with the user’s data stored in other Google services. Google may associate the above information with information from other sources.

How does remarketing work?

When you visit our websites, it is possible that Google may call on unique identifiers relating to your browser or device (e.g. create a ‘browser fingerprint’), analyse your IP address or store a unique identifier in the form of a small text file on your device (e.g. a ‘third-party cookie’). It is also possible that Google may associate your visit to our website with one or more of these unique identifiers and store this information to show you our advertising on other sites on the internet.

The unique identifiers mentioned above are designed as pseudonyms and can be used by Google to recognise your device on other internet sites. For example, if you visit a page that participates in the Google Display Network (so shows advertising on behalf of Google), Google can draw on the identifiers mentioned above to recognise your device and browser.

We can also add ‘remarketing tags’ to our web pages. This means that we include keywords on our web pages that contain information about the content of the displayed pages (product or service categories, for example). The keywords that we use in this context neither relate to a person, nor do they contain sensitive information. Google receives and stores their keywords with the unique identifiers mentioned above. So if you visit a page to which we have added a keyword describing a certain product category, Google will store this keyword and assign it to your unique identifiers.

We are then able to instruct Google to place adverts on other websites that show a similar content to the pages on our website the visitor accessed. So if you visit another website that participates in the Google Display Network, Google can use the unique identifiers and the keywords stored for these identifiers to recognise whether our advertisements should be shown to you and, if so, which ones. For more information about how Google remarketing technologies work, visit https://www.google.com/policies/technologies/ads/.

What does cross-device remarketing mean?

Google is able to connect the unique identifiers of different browsers and devices when you use your own credentials to sign in to Google services or use one or more of your own Google accounts. So if Google has created a unique identifier for the laptop, desktop PC, smartphone or tablet you are using, these identifiers can be connected as soon as you enter or have entered your credentials to sign in to a Google service. Google is therefore able to show our advertising campaigns across different devices as well. However, Google will only do so if you have already consented to this form of data processing.

You have the option of adjusting your advertising settings.

Should you wish to object to interest-based advertising by Google marketing services, you can visit the setting and opt-out options provided by Google at https://adssettings.google.com/authenticated?hl=de. Users can alternatively disable the use of Cookies by third-party providers by visiting the opt out page of the Network Advertising Initiative. For more information and links in this regard, visit https://support.google.com/adwords/answer/2549063. Please note that these settings may not work on all devices or browsers.

You have the additional option of objecting to the use of interest-based advertising by Google. To do so, you must visit www.google.de/settings/ on each of the browsers you use and select your preferred settings in each case.

For more information about how Google uses data for marketing purposes, visit the overview page at https://policies.google.com/technologies/ads?hl=de; Google's privacy policy is available at https://policies.google.com/privacy?hl=de.

Integration of other services and third-party content

We use content or services from third-party providers due to our legitimate interests (above all our interests in the analysis, optimisation and economic operation of our online presence within the meaning of Art. 6 para. 1 point f) GDPR and the provision of user-friendly functions). This will only work if these third-party providers are able to recognise your IP address, as this content cannot be sent to your browser without your IP address. The IP address is therefore necessary in order to show the content. We make efforts to draw only on content from providers who use the IP address exclusively to deliver the content.

Profile data

Profile data is personal and demographic information about you that you provide to us when you voluntarily register for a customer account. Your profile data comprises your first name and surname, contact details and demographic information such as your gender, age and place of residence. In most cases you are required to provide your name and email address and to select a password.

Contact details

Wenn Sie mit uns Kontakt aufnehmen, erfassen wir dabei Ihre Kontaktdaten. Ihre Kontaktdaten können je nachdem, wie Sie mit uns in Kontakt treten (bspw. telefonisch oder per E-Mail) Ihren Namen, Postanschriften, Telefonnummern, Faxnummern, E-Mail-Adressen und ähnliche Kontaktdetails umfassen.

Rechtsgrundlage für die Verarbeitung der Daten ist bei Vorliegen Ihrer Einwilligung Art. 6 Abs. 1 lit. a DSGVO. Rechtsgrundlage für die Verarbeitung der Daten, die im Zuge einer Übersendung einer E-Mail übermittelt werden, ist Art. 6 Abs. 1 lit. f DSGVO. Zielt der E-Mail-Kontakt auf den Abschluss eines Vertrages ab, so ist zusätzliche Rechtsgrundlage für die Verarbeitung Art. 6 Abs. 1 lit. b DSGVO.

Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Für die personenbezogenen Daten die per E-Mail übersandt wurden, ist dies dann der Fall, wenn die jeweilige Konversation mit dem Nutzer beendet ist. Beendet ist die Konversation dann, wenn sich aus den Umständen entnehmen lässt, dass der betroffene Sachverhalt abschließend geklärt ist. Sie haben jederzeit die Möglichkeit, die Verarbeitung Ihrer Kontaktdaten zu widerrufen, zum Beispiel per Mail an datenschutz (at) kaufhausderberge.at. Falls Sie per E-Mail Kontakt mit uns aufnehmen, können Sie der Speicherung Ihrer personenbezogenen Daten jederzeit durch einen Hinweis in Ihrem E-Mail widersprechen. In diesem Fall werden alle personenbezogenen Daten, die im Zuge der Kontaktaufnahme gespeichert wurden gelöscht und die Konversation kann nicht fortgeführt werden.

Purchase data

We record your purchase data when you order from us in our online shop or by telephone or post. Depending on the sales type and processing status, purchase data may include information such as the order number,

details concerning the ordered products and payment method, delivery and billing addresses, notifications and communication regarding purchases, delivery and payment status, returns status and details relating to third-party service providers. If you have registered in our online shop, you can visit your account at any time to view your material purchase data for all online purchases.

Payment data

We offer you the most common e-commerce payment methods – in particular Sofortüberweisung, credit card and PayPal. In order to process the payment, we collect the payment data provided by you (e.g. billing address, IBAN and BIC, credit card details, but also details used by third-party payment service providers for identification such as your PayPal ID). We only transfer data to our payment service providers that is necessary to process payments.

Purpose of data collection

As a rule, we only process your personal data for the purposes explained to you in this privacy policy or communicated to you when the data was collected. These are primarily the processing of purchases and the provision, personalisation and continued development as well as the security of our services. We also use your data in accordance with data protection regulations for the optimisation of business processes, the needs-based design of our services and, where necessary, for personalised advertising.

Creation and management of your account

We use your data to set up your account and to manage our relationship with you. We also use your data to communicate with you regarding your account and our services. The legal basis for the creation and management of customer account is Article 6 para. 1 point b) GDPR.

Fulfilment of purchases and customer services

We process the personal data you disclose to us strictly for the designated purpose and to the extent that is necessary for the performance of purchase contracts and customer service, including shipping and payment processing as well as the processing of returns, complaints and warranty claims.

We may also use your contact details in certain cases for non-promotional communication with you, e.g. for technical, security and contractual matters.

Furthermore, we process your data to provide you with news, messages, newsletters and other forms of direct communication, insofar as this is an integral part of our contractual services or the services you have requested.

Where the purpose relates to the performance of a contract concluded with you or the provision of a service requested by you, the legal basis is Article 6 para. 1 point b) GDPR. The legal basis is otherwise Article 6 para. 1 point f) GDPR, whereby the aforementioned purposes constitute our legitimate interests

On-site optimisation and personalisation

We may use device and access data to deliver convenient and useful services that best reflect your needs and interests. This is the case, for example, if we save your shopping cart or show you the products you last viewed. If you are signed in to your customer account during your visit to our online shop, we may also use profile data and purchase data to personalise your shopping experience (e.g. product recommendations).

The legal basis for the processing of personal data as part of personalised services is Article 6 para. 1 point b) GDPR. The legal basis for the processing of your data as part of on-site optimisation is Article 6 para. 1 point f) GDPR, whereby the aforementioned purposes constitute our legitimate interests.

Marketing

We use anonymised, pseudonymised and – in certain cases and only with your consent – personal data for analysis and advertising, for example for the purposes of user segmentation, obtaining insights into demographic attributes, interests, purchasing and usage habits, showing advertising to portfolio customers, the performance of direct marketing (e.g. in the form of newsletters) or planning, implementing and monitoring the success of advertising that reflects the interests of the target audiences.

The legal basis for data processing for the purposes outlined above – subject to your consent – is Article 6 para. 1 point a) GDPR. Furthermore, data processing for marketing purposes is carried out on the basis of Article 6 para. 1 point (f) GDPR, whereby the aforementioned purposes and, in general, the pursuit of our business activities for the benefit and wellbeing of our employees and shareholders constitute our legitimate interests.

Protection and security

We use data collected on our website and apps as part of our efforts to ensure the protection and security of our website and associated services and to improve the management of our IT systems. The legal basis for these and related purposes is Article 6 para. 1 point f) GDPR.

Required disclosures and exercise of rights

We may use your information to make necessary disclosures in response to requests for information that we are required by law to provide to law enforcement or regulatory authorities, watchdogs or supervisory authorities or in the defence of legal claims, and to enforce our terms and conditions and/or this policy. The lawfulness of data processing for these purposes is based on Article 6 para. 1 point c) GDPR.

Other purposes of processing based on your consent

Where you have given us your consent to the processing of personal data in accordance with Article 6 para. 1 point a), your consent is the main basis for our data processing. In this case processing is carried out exclusively for the respective purpose for which you have given us your consent. This may be, for example, ordering a newsletter.

Newsletter registration

Our website gives you the opportunity to subscribe to a free newsletter. The data from the input screen – and specifically your email address – is transmitted to us when you register for the newsletter. We check the email address you entered to ensure that you are its genuine owner or that the owner is authorised to receive the newsletter (double opt-in procedure). In addition, the IP address assigned to the accessing computer and the date and time of registration are also logged. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the email address provided. Any other personal data requested is only provided on a voluntary basis. These additional details concerning who you are will be used exclusively to personalise the newsletter.

We cooperate with professional contract processors, in particular with mail service providers in Austria and Germany, to prepare and distribute our email campaigns. This may also involve the use of a ‘click-through URL’, which links to content on our website. Clicking on this kind of URL address will redirect you to our web server before you reach the actual target web page. We analyse this data to identify your interest in certain topics and to measure the efficiency of our communication with customers. We do not analyse the IP addresses. Simply refrain from clicking on any textual or graphic links in emails if you do not want this data to be collected.

Furthermore, ‘pixel tags’ (also known as web beacons) may also be used as tracking pixels in our newsletters. A tracking pixel is a miniature graphic file that enables the collection and analysis of information in log files. These embedded pixel tags enable us to recognise, for example, whether and when an email was opened by a data subject and which links in the email they selected. This personal data is stored and evaluated by us and/or our contract processors in order to optimise newsletter distribution and to further customise the content of future newsletters to the interests of the data subject, but is not transferred to third parties.

You may withdraw any consent you have granted at any time with effect for the future, e.g. by post to the aforementioned controller or by email to datenschutz (at) kaufhausderberge.at. If you have opened a customer account, you can use it to conveniently change or withdraw your consent to receive newsletters and any other notifications. Finally, an unsubscribe link is included in each of our newsletters. Your personal data will be deleted if you have signed up for our newsletter and then unsubscribe.

The use of a mailing service provider, the performance of statistical surveys and analyses and the logging of registration processes are based on our legitimate interests in accordance with Article 6 para. 1 point f) GDPR. Our interest relates to the establishment of a user-friendly and secure newsletter system that accommodates both our business interests and the expectations of users.

Duration of data storage

Your data will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored for longer where permitted by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or erased in these cases if a mandatory storage period under law expires, unless continued storage of the data is necessary for the conclusion or performance of a contract. For instance, your order and payment details and any other data are generally subject to various statutory retention obligations enshrined in tax and company law or elsewhere. For instance, we are obliged by law to keep this data for up to seven years for tax and company audits. Only then are we permitted to erase this data permanently.

In addition, your data will also be stored where the following conditions apply: on the basis of our legitimate interest, until we receive a justified objection from you, or

on the basis of your explicit consent, until you withdraw this consent.

Security of your data

We implement appropriate technical and organisational measures, including administrative, electronic and physical procedures, to protect your personal data from loss, theft and misuse and from unauthorised access, disclosure, alteration and destruction.

This website uses the industry standard SSL (Secure Sockets Layer) for encryption. This guarantees the confidentiality of your personal details and credit card data for transactions on the internet. You can recognise SSL by a closed padlock icon in the status bar of your browser and an address line that begins with https://.

However, we would like to point out that certain security vulnerabilities will always apply to the transmission of data via the internet, so that complete protection against access by third parties cannot be guaranteed. The website may also contain links to third-party websites. We are not responsible for how these companies handle your privacy. We therefore advise that you contact these companies to obtain information about their privacy policies.

Your rights at a glance

You, as the data subject, have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR, provided the legal requirements are met in each case.

You can exercise these rights by sending an email to datenschutz (at) kaufhausderberge.at or by writing to the following address

Alpine Naturprodukte GmbH

Anichstraße 19/13

6020 Innsbruck

Austria

For the purposes of confidentiality and the protection of personal data, we must identify you so that we can process your request. You will therefore be asked to enclose with your request a copy of an official identification document, such as a driving licence or passport. We will respond to each request as quickly as possible and in accordance with the relevant laws.

Right of access (Article 15 GDPR) and right to rectification (Article 16 GDPR):

You have the right at any time to obtain information about the data processed by us. Where the data is incorrect or no longer correct or incomplete, you have the right to obtain correction or rectification. Please let us know which option you prefer without delay so that we can comply with your wishes. If we have transferred your data to a third party, we will also notify them of your request where there is a legal obligation to do so.

Right to erasure of your data (Article 17 GDPR):

You have the right to obtain erasure of your data without undue delay where the purpose for which we collected your personal data no longer applies or you withdraw your consent on the basis of which we processed this data and there is no other legal basis. This also applies if you object to processing and there are no overriding legitimate grounds for processing, your data has been processed unlawfully or there is a legal requirement to erase your data.

Right to restriction of processing (Article 18 GDPR):
You have the right to obtain restriction of processing of your data where one of the following conditions applies:

• If the accuracy of your personal data is contested and we have already been given the opportunity to verify its accuracy

• If processing is lawful, but you request a restriction of use instead of erasure

• If we no longer need your data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims

• If you have lodged an objection but it is not yet clear whether your personal interests override other interests

Right to data portability (Article 20 GDPR):

You have the right to receive personal data that you have provided to us in a machine-readable, transferable format.

Right to object (Article 21 GDPR):

Where data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right at any time to object to the processing (also in part) for reasons arising from your particular circumstances. To do so, simply send us an email to datenschutz (at) kaufhausderberge.at or write to the controller named above. We will then no longer process the personal data unless we can demonstrate there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or processing is necessary for the establishment, exercise or defence of legal claims. We therefore request that you explain to us the reasons why we should no longer process your data when you lodge an objection. When you send us a reasoned objection, we will examine the situation and either discontinue or adapt the processing or inform you of the compelling legitimate grounds that authorise us to continue processing.

You may object at any time to the processing of your data for marketing purposes, including direct marketing, without stating reasons.

Automated decision-making, including profiling

Where personal data concerning you is processed, you have the right under Article 22 GDPR not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly affects you significantly. This does not apply to decisions that are necessary for the conclusion or performance of a contract, that are permitted by Union or Member State legislation to which we are subject (provided that such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject) or that are made with your explicit consent.

Should you wish to exercise your rights in relation to automated decision-making (including at least the right to obtain the intervention of one of our employees, to express your point of view and to contest the decision), you can contact one of our employees at any time by email or telephone using the contact details above.

Data obtained from visits to this website is not used for automated decision-making within the meaning of Art. 22 GDPR.

Right to lodge a complaint with a supervisory authority:

You have the right furthermore to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 24 Federal Data Protection Act (DSG)). The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

In Austria, this is the Datenschutzbehörde [data protection authority]. For more information, forms and contact details, visit www.dsb.gv.at