Mandatory information within the framework of the European General Data Protection Regulation (GDPR)
Last updated: August 2022
“shopreme” (Shopreme GmbH, Brückenkopfgasse 1, 8020 Graz, Austria; the responsible entity pursuant to the GDPR) takes the protection of your personal data very seriously. For this reason, shopreme always processes personal data in accordance with the requirements of current legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data in the context of the free movement of data (“GDPR”).
“Personal data” refers to any information relating to an identified or identifiable natural person, such as name, address, email address, and IP address.
II. General Processing
Within the framework of data protection regulations, shopreme is entitled to outsource the processing of your personal data in whole or in part to external service providers who act on our behalf as processors pursuant to Article 4 (8) of the GDPR. The legal basis for using this processor is legitimate interest pursuant to Article 6 (1) point (f) of the GDPR. External service providers assist us in various areas, including the technical operations and support of the Website, data management, provision and delivery of services, marketing, and analysis. shopreme remains responsible for the protection of the transferred data; the subcontracted service providers process your data exclusively in accordance with the instructions given by shopreme and the processor contracts that have been concluded. We ensure the safety of your data with the implementation of strict contractual agreements, technical and organizational measures, and supplementary controls.
Apart from the anonymized or pseudonymized IP address, information on location, date and time of visit, time zone difference to Greenwich Mean Time (GMT), query content (specific pages), access status/HTTP status code, data volume transmitted, the referral website, its operating system and interface, the language and version of your browser software, the number, duration and time of your visits, search engine used and keywords, browser type, screen size, and operating system may be stored.
III. Storage Period
In general, shopreme only stores your data for as long as is required to fulfill the purpose for which your data was collected. We also try to store and process data anonymously if possible.
At the web server level, this happens by default by storing a pseudonymized IP address <123.123.123.XXX> in the log file instead of the Visitor’s actual IP address, for example, <184.108.40.206>. The XXX is a random value between 1 and 254, so it is no longer possible to establish the true identity of the Visitor. Log files are stored for a period of five years. Beyond this length of time, log files are only stored for the purpose of investigating irregularities or security incidents in our systems.
In all cases, shopreme will store your data for the duration of the company’s contractual relationship with you and throughout the period of provision of services. If shopreme processes the personal data of a customer’s employees, it does so under the legal basis of legitimate interest pursuant to Article 6 (1) lit. f of the GDPR. The legitimate interest, in this case, is to enable shopreme and the customer to perform their business activity. Beyond this length of time, your personal data will be stored in compliance with statutory data retention periods (e.g. the 7-year data retention period required under the provisions of current Austrian business and tax laws). If required, data may be stored until potential legal claims against shopreme become time-barred; for certain claims, the statutory limitation period can be as long as 30 years. The legal basis is Article 6 (1) point (c) of the GDPR. As soon as there are no longer any justified reasons for the continued storage of personal data, the data is either deleted or anonymized.
IV. Specific Processing
1. About Cookies
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
Temporary cookies are automatically deleted when you close your browser. Session cookies are the main type of temporary cookies. These store a ‘session ID’ on your device, which can assign various queries from your browser to the shared session. This allows your computer to be recognized if you visit this Website again. These session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a certain period of time, which varies depending on the cookie. However, you can delete cookies at any time by going to your browser settings. Persistent cookies can help improve user experience and can be used to analyze websites (see “Google Analytics”).
- Continuously improve the functionality of our website (necessary cookies)
- Continuously improve the content and structure of our website (statistics or analytics cookies)
- Tailor advertisements displayed on certain platforms to the user’s specific interests and needs (marketing cookies).
3. Data Transfer to the USA
Some of our partners have subsidiaries in the USA. We may transfer your personal data to these partners in the USA either manually or via an interface.
Please note that with the ruling of July 16, 2020 (Court of Justice of the European Union C-311/18, Schrems II Ruling), the adequacy decision that permitted the transfer of personal data to the USA was repealed.
This means that the USA, as a third country, does not provide an adequate level of data protection.
The specific risk to you as a user is that if your personal data is transferred to the USA, it may be accessed by the US authorities for control and monitoring purposes, and you have very few effective and enforceable rights to object to this access. The data we transfer to the USA consists primarily of IP addresses (internet protocol addresses), which, in general, are anonymized/pseudonymized.
4. Specific Services
Google Tag Manager
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA
Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011
This Website uses a plug-in to integrate videos and other similar elements from Vimeo, a US-based video platform, into this Website. When a user visits a website equipped with a Vimeo plug-in, a connection to the Vimeo servers is established. This informs the Vimeo server which of the website pages have been visited. If the user is logged into their Vimeo account, this enables Vimeo to correlate the user’s surfing behavior directly to their personal user profile.
5. Review, Change, or Withdraw Your Consent
V. Your Rights as Data Subjects and Who to Contact
shopreme advises that the user, as a data subject pursuant to the GDPR, have certain rights with regard to the processing of their personal data, in particular the right to:
- Check whether shopreme has stored your personal data and which data this is, and to receive a copy of this data (right to obtain information)
- Demand the rectification, completion or erasure of any personal data that is incorrect or incomplete, or not processed in accordance with the law (right to rectification and erasure)
- Request shopreme to restrict the processing of your personal data (right to restriction of processing)
- Object to the processing of your personal data in certain circumstances or to withdraw previously granted consent for processing (right to object or withdraw consent)
- Receive the personal data you have provided to shopreme in a structured, commonly used and machine-readable format, and to transmit this data to another controller (right to data portability).
shopreme does not process your personal data for the purpose of making decisions based solely on automated processing, including profiling, which produce legal effects concerning you (Article 22 of the GDPR).
To exercise these rights, or if you have any inquiries regarding the processing of your personal data, please write to shopreme at the following address:
Subject: Data Protection Inquiry
Alternatively, you can send your data protection inquiry by email to email@example.com.
Under data protection law, the user also has a right to appeal to the data protection authority of the Republic of Austria at https://www.dsb.gv.at/.